mhi_dev_write_channel is called by diag channel. While processing it,
reset interrupt is received from host. During the reset sequence the
work queue mhi_sm_wq is getting destroyed in mhi_dev_sm_exit API. When
the mhi_dev_write_channel is resumed, queuing of work is done as part of
mhi_dev_notify_sm_event. Here, as the work queue is destroyed, crash
occurred with a kernel null pointer deference error. This is a race
condition between reset sequence and mhi_dev_notify_sm_event.
To avoid this race condition added a mutex lock mhi_lock in
mhi_dev_write_channel before calling mhi_dev_notify_sm_event.
Change-Id: Idaf1c33c462b6d659f3e5ddb333afe9c6a967fac
Signed-off-by: Sai Chaitanya Kaveti <quic_skaveti@quicinc.com>
Correct DMA checks during reset command processing, ensure both IPA
and eDMA are taken care. Also use MHI_USE_DMA macro in all conditions
which are applicable to both IPA and eDMA.
Change-Id: Iac7afaea52881d9ed70637081dc37c3f8292a753
Signed-off-by: Veerabhadrarao Badiganti <quic_vbadigan@quicinc.com>
Fail the start command if we fails to allocate buffer for event
requests.
Change-Id: I05e9acb093f53f1675a4f711182730ab420e0e5a
Signed-off-by: Veerabhadrarao Badiganti <quic_vbadigan@quicinc.com>
If the net dev init process is scheduled out in between registering
a callback for in-channel and out-channel and start command for these
channels gets processed at this time (after registering the callback
for out channel but before registeringthe callback for in-channel)
then with existing logic, we never register with the network interface.
Checking the out channel status directly rather than using local bool
variable out_channel_started before calling
mhi_dev_net_open_chan_create_netif API. If out channel status is
connected the mhi_dev_net_open_chan_create_netif API is called.
Change-Id: I69af6c49ee565ffd04c4d0ac22b686ff986b7bc7
Signed-off-by: Sai Chaitanya Kaveti <quic_skaveti@quicinc.com>
Signed-off-by: Lakshmi Prasanna Meka <quic_lmeka@quicinc.com>
Send pme from panic/reboot handler if the device is in D3hot to
bring device state back to D0. This helps PBL to take retrain
the link gracefully as PBL didn't have ability to bring the device
our of D3hot state. Also send MHI to syserr, so that MHI host
wont timeout on M0ack.
Change-Id: I3de45cab30caa332bd00abe8b1ed1487d7889d5f
Signed-off-by: Veerabhadrarao Badiganti <quic_vbadigan@quicinc.com>
We are setting event buffer size with the requested size and then
allocating the buffer for event requests (ereqs). But if the memory
allocation for ereq buffer fails, the event-buffer-size variable
is not getting set to zero.
Due to this, if a client calls open channel multiple times,
our logic proceeded without really allocating the buffer for ereqs.
And while processing completion events, we are observing null pointer
dereference issues.
Change-Id: I10bee8428d178ef5a7f0fe5fcd93fcce8dcbe27d
Signed-off-by: Veerabhadrarao Badiganti <quic_vbadigan@quicinc.com>
Adding mhi and pcie state change logs to console to make testing and
debugging easier.
Change-Id: I1fe176fc532a99de9de862ad556df831b6db6bf6
Signed-off-by: Sai Chaitanya Kaveti <quic_skaveti@quicinc.com>
Device allocates ring memory during mmio initialization, this
causes 128 event ring elements to be created as MHICFG
register may not be updated by the host. This causes memory
to get exhausted leading to an MMIO init failure.
The Change is to allocate ring memory during M0, during which
MHICFG register is bound to be updated by the host.
Change-Id: I04a0e0ed79a46f16f96e2be4c5c68cba9ee2c99d
Signed-off-by: Subramanian Ananthanarayanan <skananth@codeaurora.org>
Signed-off-by: Gauri Joshi <gaurjosh@codeaurora.org>
Signed-off-by: Lakshmi Prasanna Meka <quic_lmeka@quicinc.com>
In order to tackle the spurious interrupts coming from the host
on an invalid channel, the channel doorbell interrupts are
disabled during initialization phase. These are enabled after
receiving the start command for a particular channel.
Change-Id: I12bb315bcd249383ed442ad969e84c9eef25a324
Signed-off-by: Abhinab Abhinab <aabhinab@codeaurora.org>
Signed-off-by: Gauri Joshi <gaurjosh@codeaurora.org>
Signed-off-by: Lakshmi Prasanna Meka <quic_lmeka@quicinc.com>
Enabling global irq after link enumeration causes link
failure with IPQ host. Global irq is enabled before
enumeration for ipq host alone.
Change-Id: I20fa69c05bd3bc97fddea35e9e30833bca04c54b
Signed-off-by: Karthick Shanmugham <kartshan@codeaurora.org>
Signed-off-by: Lakshmi Prasanna Meka <quic_lmeka@quicinc.com>
Channel interrupts are seen on device even before,
channel ring is initialized. Queuing pending work
without checking ring status can lead to processing
of spurious interrupts. Adding proper checks in place
before queuing channel doorbell.
Change-Id: I3ccd7302b535d2b8ef63eada9d7a1fe553dccdaa
Signed-off-by: Nitesh Gupta <nitegupt@codeaurora.org>
Signed-off-by: Gauri Joshi <gaurjosh@codeaurora.org>
Signed-off-by: Lakshmi Prasanna Meka <quic_lmeka@quicinc.com>
The global irqs are being enabled before EP driver has completed
successful link enumeration. This causes a race condition where
the BME IRQ is processed before link up causing the link up to
exit before updating the link status. Any further processing results
in LINK_DISABLED error. Avoid this scenario by enabling the global
interrupts after enumeration has finished.
Change-Id: I983a35f461da5d8966cadc9918b5529d16182b47
Signed-off-by: Gauri Joshi <gaurjosh@codeaurora.org>
Use unshifted value to set the clock req override value
and enable fields as the register write function already
shifts the values to the correct position.
Change-Id: I0b5dea0f6f8462363471910ffe93f8f8975e7929
Signed-off-by: Siva Kumar Akkireddi <sivaa@codeaurora.org>
Signed-off-by: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
During D3hot, we are explicitly blocking L1 state by setting
REQ_EXIT_L1 bit of PM_CTRL register. If we transitioning back to D0
from D3 (without D3cold), REQ_EXIT_L1 bit won't get cleared. And
L1 would get blocked till next D3cold. Clear this explicitly during
D0 to avoid this scenario.
Change-Id: Ib168dee255f29832600ebca14eea1ac2ea393985
Signed-off-by: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
L23_READY bit in the PARF_PM_CTRL register is set coming
out of PBL. Clear it once PCIe enumerates. This will avoid
the corner case where L23_READY is sent to the host causing
the link to be disable before the EP PCIe driver has had a
chance to disable the endpoint cleanly.
Change-Id: I2159cf88c4ec5f2b38b7134e42c6a069a9738d6c
Signed-off-by: Gauri Joshi <gaurjosh@codeaurora.org>
Correct the offsets of L1SUB_CAPABILITY_REG and L1SUB_CONTROL1_REG.
Change-Id: I6130a7eab50d85e34d87c28bde3a48c058ee9eee
Signed-off-by: Can Guo <cang@codeaurora.org>
Allow device enter L1, i.e. clear PCIE_0_PCIE_PARF_PM_CTRL[REQ_NOT_ENTR_L1]
once we find out BME is set.
Change-Id: I8aca816446a286d02ef51724d157cb7c75057250
Signed-off-by: Can Guo <cang@codeaurora.org>
With the current logic, MHI driver will hold channel
lock while processing the ring element and triggers
callback for the clients. Some clients are issuing
read requests for the channel in the callback context.
MHI driver will try to acquire the same channel lock
in read api leading to a deadlock situation.
Modify the logic to avoid holding channel lock
while processing the ring elements.
Change-Id: I62ac28d5eb06e3c9b12437f02288cfe1cdb2bea2
Signed-off-by: Nitesh Gupta <nitegupt@codeaurora.org>
Signed-off-by: Gauri Joshi <gaurjosh@codeaurora.org>
Added a check for accessing in_use_list only in async case.
Change-Id: I842f9b9feb688d75152f7b2639c17c25c3376236
Signed-off-by: Subramanian Ananthanarayanan <skananth@codeaurora.org>
Signed-off-by: Gauri Joshi <gaurjosh@codeaurora.org>
The change is to use req_lock spinlock during client release
and to use the same spinlock while checking for is_stale
during read/write completion callbacks.
Change-Id: I7ebafecb7503fa8521fa8f849cabf4b82bbc2f53
Signed-off-by: Subramanian Ananthanarayanan <skananth@codeaurora.org>
Signed-off-by: Gauri Joshi <gaurjosh@codeaurora.org>
Multiple clients might perform open and close file operations
simultaneously on the same file node created by UCI. To avoid
race conditions which might result in invalid accesses or crashes,
the open and close operations are serialized.
Change-Id: Ic6a290a2c6af25bcd60983a7b531bf1287201821
Signed-off-by: Subramanian Ananthanarayanan <skananth@codeaurora.org>
Signed-off-by: Gauri Joshi <gaurjosh@codeaurora.org>
If a channel gets stopped, while there are some outstanding requests/
transfers with IPA, then we simply ignore the completion from IPA.
But we must have already added the transfer-completion-event to the
flush list before submitting the transfer to IPA.
There is a possibility that we flush these stale events along with new
flush events (for new requests) when the channel gets re-started.
This un-intentional completion event can lead to out-of-sequence
events at the host.
So while stopping a channel, ensure all elements in the flush list
of that channel are discarded and the flush list is empty.
Change-Id: I04445b1f9f4d2d4fce0b8a96277517de14481ead
Signed-off-by: Veerabhadrarao Badiganti <vbadigan@codeaurora.org>
Currently there is a race condition where during the flushing of ereqs
the channel is closed from the client on the EP side, which is causing
the flush function to access null memory. To avoid that call the flush
from dev close which ensures all the pending ereqs are closed before
closing the channel and freeing the memory.
Change-Id: Id81d8cb8b326340d28f6cfe9d48dcd685a8038f9
Signed-off-by: Gauri Joshi <gaurjosh@codeaurora.org>
The change is to check for error code from cmd processing in case
of db pending cases, to avoid rd_offset increment.
Change-Id: If213297fe02ec1087bfab572f5af97b1e7bb5791
Signed-off-by: Subramanian Ananthanarayanan <skananth@codeaurora.org>
Signed-off-by: Gauri Joshi <gaurjosh@codeaurora.org>
