git.openwrt.org Git - openwrt/staging/blocktrron.git/blob

   1 From e9e852af347ae3ccee4e7abb01f9ef91387980f9 Mon Sep 17 00:00:00 2001
   2 From: Jonathan Bell <jonathan@raspberrypi.com>
   3 Date: Wed, 6 Nov 2024 11:07:55 +0000
   4 Subject: [PATCH] drivers: usb: xhci: prevent a theoretical race on
   5  non-coherent platforms
   6
   7 For platforms that have xHCI controllers attached over PCIe, and
   8 non-coherent routes to main memory, a theoretical race exists between
   9 posting new TRBs to a ring, and writing to the doorbell register.
  10
  11 In a contended system, write traffic from the CPU may be stalled before
  12 the memory controller, whereas the CPU to Endpoint route is separate
  13 and not likely to be contended. Similarly, the DMA route from the
  14 endpoint to main memory may be separate and uncontended.
  15
  16 Therefore the xHCI can receive a doorbell write and find a stale view
  17 of a transfer ring. In cases where only a single TRB is ping-ponged at
  18 a time, this can cause the endpoint to not get polled at all.
  19
  20 Adding a readl() before the write forces a round-trip transaction
  21 across PCIe, definitively serialising the CPU along the PCI
  22 producer-consumer ordering rules.
  23
  24 Signed-off-by: Jonathan Bell <jonathan@raspberrypi.com>
  25 ---
  26  drivers/usb/host/xhci-ring.c | 13 +++++++++++++
  27  1 file changed, 13 insertions(+)
  28
  29 --- a/drivers/usb/host/xhci-ring.c
  30 +++ b/drivers/usb/host/xhci-ring.c
  31 @@ -505,6 +505,19 @@ void xhci_ring_ep_doorbell(struct xhci_h
  32
  33         trace_xhci_ring_ep_doorbell(slot_id, DB_VALUE(ep_index, stream_id));
  34
  35 +       /*
  36 +        * For non-coherent systems with PCIe DMA (such as Pi 4, Pi 5) there
  37 +        * is a theoretical race between the TRB write and barrier, which
  38 +        * is reported complete as soon as the write leaves the CPU domain,
  39 +        * the doorbell write, which may be reported as complete by the RC
  40 +        * at some arbitrary point, and the visibility of new TRBs in system
  41 +        * RAM by the endpoint DMA engine.
  42 +        *
  43 +        * This read before the write positively serialises the CPU state
  44 +        * by incurring a round-trip across the link.
  45 +        */
  46 +       readl(db_addr);
  47 +
  48         writel(DB_VALUE(ep_index, stream_id), db_addr);
  49         /* flush the write */
  50         readl(db_addr);