* Wrong cache invalidation in cfi_cmdset0001.c (2.6.21 kernel)
@ 2007-11-26 17:23 Massimo CIRILLO
2007-11-26 17:45 ` Jörn Engel
0 siblings, 1 reply; 3+ messages in thread
From: Massimo CIRILLO @ 2007-11-26 17:23 UTC (permalink / raw)
To: linux-mtd
We found an issue in cfi_cmdset0001.c file of 2.6.21 kernel.
It is related to cache region invalidation in the buffered
write procedure.
The original code performs cache invalidation from "adr" to "adr + len" in
do_write_buffer() while we modify region from "cmd_adr" to "len2"
where len2 is equal to initial value of len.
The following is the patch to apply for 2.6.21 kernel.
--- a/drivers/mtd/chips/cfi_cmdset_0001.c 2007-11-26 18:06:37.000000000 +0100
+++ b/drivers/mtd/chips/cfi_cmdset_0001.c 2007-11-26 18:06:44.000000000 +0100
@@ -1472,6 +1472,7 @@ static int __xipram do_write_buffer(stru
int ret, wbufsize, word_gap, words;
const struct kvec *vec;
unsigned long vec_seek;
+ int len2=len;
wbufsize = cfi_interleave(cfi) << cfi->cfiq->MaxBufWriteSize;
adr += chip->start;
@@ -1578,7 +1579,7 @@ static int __xipram do_write_buffer(stru
chip->state = FL_WRITING;
ret = INVAL_CACHE_AND_WAIT(map, chip, cmd_adr,
- adr, len,
+ cmd_adr, len2,
chip->buffer_write_time);
if (ret) {
map_write(map, CMD(0x70), cmd_adr);
In any case we believe this patch should be valid also for the 2.6.22 and 2.6.23 kernel.
Looking forward feedbacks.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Wrong cache invalidation in cfi_cmdset0001.c (2.6.21 kernel)
2007-11-26 17:23 Wrong cache invalidation in cfi_cmdset0001.c (2.6.21 kernel) Massimo CIRILLO
@ 2007-11-26 17:45 ` Jörn Engel
2007-11-26 18:36 ` Jared Hulbert
0 siblings, 1 reply; 3+ messages in thread
From: Jörn Engel @ 2007-11-26 17:45 UTC (permalink / raw)
To: Massimo CIRILLO; +Cc: linux-mtd
On Mon, 26 November 2007 18:23:09 +0100, Massimo CIRILLO wrote:
>
> We found an issue in cfi_cmdset0001.c file of 2.6.21 kernel.
> It is related to cache region invalidation in the buffered
> write procedure.
>
> The original code performs cache invalidation from "adr" to "adr + len" in
> do_write_buffer() while we modify region from "cmd_adr" to "len2"
> where len2 is equal to initial value of len.
Could use a better name, initial_len or something like that. And David
would surely appreciate a Signed-off-by: line. Otherwise appears to
make sense.
> The following is the patch to apply for 2.6.21 kernel.
>
> --- a/drivers/mtd/chips/cfi_cmdset_0001.c 2007-11-26 18:06:37.000000000 +0100
> +++ b/drivers/mtd/chips/cfi_cmdset_0001.c 2007-11-26 18:06:44.000000000 +0100
> @@ -1472,6 +1472,7 @@ static int __xipram do_write_buffer(stru
> int ret, wbufsize, word_gap, words;
> const struct kvec *vec;
> unsigned long vec_seek;
> + int len2=len;
>
> wbufsize = cfi_interleave(cfi) << cfi->cfiq->MaxBufWriteSize;
> adr += chip->start;
> @@ -1578,7 +1579,7 @@ static int __xipram do_write_buffer(stru
> chip->state = FL_WRITING;
>
> ret = INVAL_CACHE_AND_WAIT(map, chip, cmd_adr,
> - adr, len,
> + cmd_adr, len2,
> chip->buffer_write_time);
> if (ret) {
> map_write(map, CMD(0x70), cmd_adr);
>
Jörn
--
But this is not to say that the main benefit of Linux and other GPL
software is lower-cost. Control is the main benefit--cost is secondary.
-- Bruce Perens
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Wrong cache invalidation in cfi_cmdset0001.c (2.6.21 kernel)
2007-11-26 17:45 ` Jörn Engel
@ 2007-11-26 18:36 ` Jared Hulbert
0 siblings, 0 replies; 3+ messages in thread
From: Jared Hulbert @ 2007-11-26 18:36 UTC (permalink / raw)
To: Jörn Engel; +Cc: Massimo CIRILLO, linux-mtd, akorolev
> > We found an issue in cfi_cmdset0001.c file of 2.6.21 kernel.
> > It is related to cache region invalidation in the buffered
> > write procedure.
What was the test setup that uncovered this? I surprised this wasn't
found earlier.
> > The original code performs cache invalidation from "adr" to "adr + len" in
> > do_write_buffer() while we modify region from "cmd_adr" to "len2"
> > where len2 is equal to initial value of len.
>
> Could use a better name, initial_len or something like that. And David
> would surely appreciate a Signed-off-by: line. Otherwise appears to
> make sense.
>
> > The following is the patch to apply for 2.6.21 kernel.
> >
> > --- a/drivers/mtd/chips/cfi_cmdset_0001.c 2007-11-26 18:06:37.000000000 +0100
> > +++ b/drivers/mtd/chips/cfi_cmdset_0001.c 2007-11-26 18:06:44.000000000 +0100
> > @@ -1472,6 +1472,7 @@ static int __xipram do_write_buffer(stru
> > int ret, wbufsize, word_gap, words;
> > const struct kvec *vec;
> > unsigned long vec_seek;
> > + int len2=len;
> >
> > wbufsize = cfi_interleave(cfi) << cfi->cfiq->MaxBufWriteSize;
> > adr += chip->start;
> > @@ -1578,7 +1579,7 @@ static int __xipram do_write_buffer(stru
> > chip->state = FL_WRITING;
> >
> > ret = INVAL_CACHE_AND_WAIT(map, chip, cmd_adr,
> > - adr, len,
> > + cmd_adr, len2,
> > chip->buffer_write_time);
> > if (ret) {
> > map_write(map, CMD(0x70), cmd_adr);
> >
If cmd_adr <= adr then shouldn't initial_len >=len? Something like:
initial_len = (len + wbufsize) & ~(wbufsize-1);
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-11-26 18:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-11-26 17:23 Wrong cache invalidation in cfi_cmdset0001.c (2.6.21 kernel) Massimo CIRILLO
2007-11-26 17:45 ` Jörn Engel
2007-11-26 18:36 ` Jared Hulbert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox