1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (C) 2008 Advanced Micro Devices, Inc.
4 *
5 * Author: Joerg Roedel <joerg.roedel@amd.com>
6 */
7
8 #define pr_fmt(fmt) "DMA-API: " fmt
9
10 #include <linux/sched/task_stack.h>
11 #include <linux/scatterlist.h>
12 #include <linux/dma-map-ops.h>
13 #include <linux/sched/task.h>
14 #include <linux/stacktrace.h>
15 #include <linux/spinlock.h>
16 #include <linux/vmalloc.h>
17 #include <linux/debugfs.h>
18 #include <linux/uaccess.h>
19 #include <linux/export.h>
20 #include <linux/device.h>
21 #include <linux/types.h>
22 #include <linux/sched.h>
23 #include <linux/ctype.h>
24 #include <linux/list.h>
25 #include <linux/slab.h>
26 #include <asm/sections.h>
27 #include "debug.h"
28
29 #define HASH_SIZE 16384ULL
30 #define HASH_FN_SHIFT 13
31 #define HASH_FN_MASK (HASH_SIZE - 1)
32
33 #define PREALLOC_DMA_DEBUG_ENTRIES (1 << 16)
34 /* If the pool runs out, add this many new entries at once */
35 #define DMA_DEBUG_DYNAMIC_ENTRIES (PAGE_SIZE / sizeof(struct dma_debug_entry))
36
37 enum {
38 dma_debug_single,
39 dma_debug_sg,
40 dma_debug_coherent,
41 dma_debug_resource,
42 };
43
44 enum map_err_types {
45 MAP_ERR_CHECK_NOT_APPLICABLE,
46 MAP_ERR_NOT_CHECKED,
47 MAP_ERR_CHECKED,
48 };
49
50 #define DMA_DEBUG_STACKTRACE_ENTRIES 5
51
52 /**
53 * struct dma_debug_entry - track a dma_map* or dma_alloc_coherent mapping
54 * @list: node on pre-allocated free_entries list
55 * @dev: 'dev' argument to dma_map_{page|single|sg} or dma_alloc_coherent
56 * @dev_addr: dma address
57 * @size: length of the mapping
58 * @type: single, page, sg, coherent
59 * @direction: enum dma_data_direction
60 * @sg_call_ents: 'nents' from dma_map_sg
61 * @sg_mapped_ents: 'mapped_ents' from dma_map_sg
62 * @pfn: page frame of the start address
63 * @offset: offset of mapping relative to pfn
64 * @map_err_type: track whether dma_mapping_error() was checked
65 * @stack_len: number of backtrace entries in @stack_entries
66 * @stack_entries: stack of backtrace history
67 */
68 struct dma_debug_entry {
69 struct list_head list;
70 struct device *dev;
71 u64 dev_addr;
72 u64 size;
73 int type;
74 int direction;
75 int sg_call_ents;
76 int sg_mapped_ents;
77 unsigned long pfn;
78 size_t offset;
79 enum map_err_types map_err_type;
80 #ifdef CONFIG_STACKTRACE
81 unsigned int stack_len;
82 unsigned long stack_entries[DMA_DEBUG_STACKTRACE_ENTRIES];
83 #endif
84 } ____cacheline_aligned_in_smp;
85
86 typedef bool (*match_fn)(struct dma_debug_entry *, struct dma_debug_entry *);
87
88 struct hash_bucket {
89 struct list_head list;
90 spinlock_t lock;
91 };
92
93 /* Hash list to save the allocated dma addresses */
94 static struct hash_bucket dma_entry_hash[HASH_SIZE];
95 /* List of pre-allocated dma_debug_entry's */
96 static LIST_HEAD(free_entries);
97 /* Lock for the list above */
98 static DEFINE_SPINLOCK(free_entries_lock);
99
100 /* Global disable flag - will be set in case of an error */
101 static bool global_disable __read_mostly;
102
103 /* Early initialization disable flag, set at the end of dma_debug_init */
104 static bool dma_debug_initialized __read_mostly;
105
dma_debug_disabled(void)106 static inline bool dma_debug_disabled(void)
107 {
108 return global_disable || !dma_debug_initialized;
109 }
110
111 /* Global error count */
112 static u32 error_count;
113
114 /* Global error show enable*/
115 static u32 show_all_errors __read_mostly;
116 /* Number of errors to show */
117 static u32 show_num_errors = 1;
118
119 static u32 num_free_entries;
120 static u32 min_free_entries;
121 static u32 nr_total_entries;
122
123 /* number of preallocated entries requested by kernel cmdline */
124 static u32 nr_prealloc_entries = PREALLOC_DMA_DEBUG_ENTRIES;
125
126 /* per-driver filter related state */
127
128 #define NAME_MAX_LEN 64
129
130 static char current_driver_name[NAME_MAX_LEN] __read_mostly;
131 static struct device_driver *current_driver __read_mostly;
132
133 static DEFINE_RWLOCK(driver_name_lock);
134
135 static const char *const maperr2str[] = {
136 [MAP_ERR_CHECK_NOT_APPLICABLE] = "dma map error check not applicable",
137 [MAP_ERR_NOT_CHECKED] = "dma map error not checked",
138 [MAP_ERR_CHECKED] = "dma map error checked",
139 };
140
141 static const char *type2name[] = {
142 [dma_debug_single] = "single",
143 [dma_debug_sg] = "scatter-gather",
144 [dma_debug_coherent] = "coherent",
145 [dma_debug_resource] = "resource",
146 };
147
148 static const char *dir2name[] = {
149 [DMA_BIDIRECTIONAL] = "DMA_BIDIRECTIONAL",
150 [DMA_TO_DEVICE] = "DMA_TO_DEVICE",
151 [DMA_FROM_DEVICE] = "DMA_FROM_DEVICE",
152 [DMA_NONE] = "DMA_NONE",
153 };
154
155 /*
156 * The access to some variables in this macro is racy. We can't use atomic_t
157 * here because all these variables are exported to debugfs. Some of them even
158 * writeable. This is also the reason why a lock won't help much. But anyway,
159 * the races are no big deal. Here is why:
160 *
161 * error_count: the addition is racy, but the worst thing that can happen is
162 * that we don't count some errors
163 * show_num_errors: the subtraction is racy. Also no big deal because in
164 * worst case this will result in one warning more in the
165 * system log than the user configured. This variable is
166 * writeable via debugfs.
167 */
dump_entry_trace(struct dma_debug_entry * entry)168 static inline void dump_entry_trace(struct dma_debug_entry *entry)
169 {
170 #ifdef CONFIG_STACKTRACE
171 if (entry) {
172 pr_warn("Mapped at:\n");
173 stack_trace_print(entry->stack_entries, entry->stack_len, 0);
174 }
175 #endif
176 }
177
driver_filter(struct device * dev)178 static bool driver_filter(struct device *dev)
179 {
180 struct device_driver *drv;
181 unsigned long flags;
182 bool ret;
183
184 /* driver filter off */
185 if (likely(!current_driver_name[0]))
186 return true;
187
188 /* driver filter on and initialized */
189 if (current_driver && dev && dev->driver == current_driver)
190 return true;
191
192 /* driver filter on, but we can't filter on a NULL device... */
193 if (!dev)
194 return false;
195
196 if (current_driver || !current_driver_name[0])
197 return false;
198
199 /* driver filter on but not yet initialized */
200 drv = dev->driver;
201 if (!drv)
202 return false;
203
204 /* lock to protect against change of current_driver_name */
205 read_lock_irqsave(&driver_name_lock, flags);
206
207 ret = false;
208 if (drv->name &&
209 strncmp(current_driver_name, drv->name, NAME_MAX_LEN - 1) == 0) {
210 current_driver = drv;
211 ret = true;
212 }
213
214 read_unlock_irqrestore(&driver_name_lock, flags);
215
216 return ret;
217 }
218
219 #define err_printk(dev, entry, format, arg...) do { \
220 error_count += 1; \
221 if (driver_filter(dev) && \
222 (show_all_errors || show_num_errors > 0)) { \
223 WARN(1, pr_fmt("%s %s: ") format, \
224 dev ? dev_driver_string(dev) : "NULL", \
225 dev ? dev_name(dev) : "NULL", ## arg); \
226 dump_entry_trace(entry); \
227 } \
228 if (!show_all_errors && show_num_errors > 0) \
229 show_num_errors -= 1; \
230 } while (0);
231
232 /*
233 * Hash related functions
234 *
235 * Every DMA-API request is saved into a struct dma_debug_entry. To
236 * have quick access to these structs they are stored into a hash.
237 */
hash_fn(struct dma_debug_entry * entry)238 static int hash_fn(struct dma_debug_entry *entry)
239 {
240 /*
241 * Hash function is based on the dma address.
242 * We use bits 20-27 here as the index into the hash
243 */
244 return (entry->dev_addr >> HASH_FN_SHIFT) & HASH_FN_MASK;
245 }
246
247 /*
248 * Request exclusive access to a hash bucket for a given dma_debug_entry.
249 */
get_hash_bucket(struct dma_debug_entry * entry,unsigned long * flags)250 static struct hash_bucket *get_hash_bucket(struct dma_debug_entry *entry,
251 unsigned long *flags)
252 __acquires(&dma_entry_hash[idx].lock)
253 {
254 int idx = hash_fn(entry);
255 unsigned long __flags;
256
257 spin_lock_irqsave(&dma_entry_hash[idx].lock, __flags);
258 *flags = __flags;
259 return &dma_entry_hash[idx];
260 }
261
262 /*
263 * Give up exclusive access to the hash bucket
264 */
put_hash_bucket(struct hash_bucket * bucket,unsigned long flags)265 static void put_hash_bucket(struct hash_bucket *bucket,
266 unsigned long flags)
267 __releases(&bucket->lock)
268 {
269 spin_unlock_irqrestore(&bucket->lock, flags);
270 }
271
exact_match(struct dma_debug_entry * a,struct dma_debug_entry * b)272 static bool exact_match(struct dma_debug_entry *a, struct dma_debug_entry *b)
273 {
274 return ((a->dev_addr == b->dev_addr) &&
275 (a->dev == b->dev)) ? true : false;
276 }
277
containing_match(struct dma_debug_entry * a,struct dma_debug_entry * b)278 static bool containing_match(struct dma_debug_entry *a,
279 struct dma_debug_entry *b)
280 {
281 if (a->dev != b->dev)
282 return false;
283
284 if ((b->dev_addr <= a->dev_addr) &&
285 ((b->dev_addr + b->size) >= (a->dev_addr + a->size)))
286 return true;
287
288 return false;
289 }
290
291 /*
292 * Search a given entry in the hash bucket list
293 */
__hash_bucket_find(struct hash_bucket * bucket,struct dma_debug_entry * ref,match_fn match)294 static struct dma_debug_entry *__hash_bucket_find(struct hash_bucket *bucket,
295 struct dma_debug_entry *ref,
296 match_fn match)
297 {
298 struct dma_debug_entry *entry, *ret = NULL;
299 int matches = 0, match_lvl, last_lvl = -1;
300
301 list_for_each_entry(entry, &bucket->list, list) {
302 if (!match(ref, entry))
303 continue;
304
305 /*
306 * Some drivers map the same physical address multiple
307 * times. Without a hardware IOMMU this results in the
308 * same device addresses being put into the dma-debug
309 * hash multiple times too. This can result in false
310 * positives being reported. Therefore we implement a
311 * best-fit algorithm here which returns the entry from
312 * the hash which fits best to the reference value
313 * instead of the first-fit.
314 */
315 matches += 1;
316 match_lvl = 0;
317 entry->size == ref->size ? ++match_lvl : 0;
318 entry->type == ref->type ? ++match_lvl : 0;
319 entry->direction == ref->direction ? ++match_lvl : 0;
320 entry->sg_call_ents == ref->sg_call_ents ? ++match_lvl : 0;
321
322 if (match_lvl == 4) {
323 /* perfect-fit - return the result */
324 return entry;
325 } else if (match_lvl > last_lvl) {
326 /*
327 * We found an entry that fits better then the
328 * previous one or it is the 1st match.
329 */
330 last_lvl = match_lvl;
331 ret = entry;
332 }
333 }
334
335 /*
336 * If we have multiple matches but no perfect-fit, just return
337 * NULL.
338 */
339 ret = (matches == 1) ? ret : NULL;
340
341 return ret;
342 }
343
bucket_find_exact(struct hash_bucket * bucket,struct dma_debug_entry * ref)344 static struct dma_debug_entry *bucket_find_exact(struct hash_bucket *bucket,
345 struct dma_debug_entry *ref)
346 {
347 return __hash_bucket_find(bucket, ref, exact_match);
348 }
349
bucket_find_contain(struct hash_bucket ** bucket,struct dma_debug_entry * ref,unsigned long * flags)350 static struct dma_debug_entry *bucket_find_contain(struct hash_bucket **bucket,
351 struct dma_debug_entry *ref,
352 unsigned long *flags)
353 {
354
355 struct dma_debug_entry *entry, index = *ref;
356 int limit = min(HASH_SIZE, (index.dev_addr >> HASH_FN_SHIFT) + 1);
357
358 for (int i = 0; i < limit; i++) {
359 entry = __hash_bucket_find(*bucket, ref, containing_match);
360
361 if (entry)
362 return entry;
363
364 /*
365 * Nothing found, go back a hash bucket
366 */
367 put_hash_bucket(*bucket, *flags);
368 index.dev_addr -= (1 << HASH_FN_SHIFT);
369 *bucket = get_hash_bucket(&index, flags);
370 }
371
372 return NULL;
373 }
374
375 /*
376 * Add an entry to a hash bucket
377 */
hash_bucket_add(struct hash_bucket * bucket,struct dma_debug_entry * entry)378 static void hash_bucket_add(struct hash_bucket *bucket,
379 struct dma_debug_entry *entry)
380 {
381 list_add_tail(&entry->list, &bucket->list);
382 }
383
384 /*
385 * Remove entry from a hash bucket list
386 */
hash_bucket_del(struct dma_debug_entry * entry)387 static void hash_bucket_del(struct dma_debug_entry *entry)
388 {
389 list_del(&entry->list);
390 }
391
phys_addr(struct dma_debug_entry * entry)392 static unsigned long long phys_addr(struct dma_debug_entry *entry)
393 {
394 if (entry->type == dma_debug_resource)
395 return __pfn_to_phys(entry->pfn) + entry->offset;
396
397 return page_to_phys(pfn_to_page(entry->pfn)) + entry->offset;
398 }
399
400 /*
401 * For each mapping (initial cacheline in the case of
402 * dma_alloc_coherent/dma_map_page, initial cacheline in each page of a
403 * scatterlist, or the cacheline specified in dma_map_single) insert
404 * into this tree using the cacheline as the key. At
405 * dma_unmap_{single|sg|page} or dma_free_coherent delete the entry. If
406 * the entry already exists at insertion time add a tag as a reference
407 * count for the overlapping mappings. For now, the overlap tracking
408 * just ensures that 'unmaps' balance 'maps' before marking the
409 * cacheline idle, but we should also be flagging overlaps as an API
410 * violation.
411 *
412 * Memory usage is mostly constrained by the maximum number of available
413 * dma-debug entries in that we need a free dma_debug_entry before
414 * inserting into the tree. In the case of dma_map_page and
415 * dma_alloc_coherent there is only one dma_debug_entry and one
416 * dma_active_cacheline entry to track per event. dma_map_sg(), on the
417 * other hand, consumes a single dma_debug_entry, but inserts 'nents'
418 * entries into the tree.
419 *
420 * Use __GFP_NOWARN because the printk from an OOM, to netconsole, could end
421 * up right back in the DMA debugging code, leading to a deadlock.
422 */
423 static RADIX_TREE(dma_active_cacheline, GFP_ATOMIC | __GFP_NOWARN);
424 static DEFINE_SPINLOCK(radix_lock);
425 #define ACTIVE_CACHELINE_MAX_OVERLAP ((1 << RADIX_TREE_MAX_TAGS) - 1)
426 #define CACHELINE_PER_PAGE_SHIFT (PAGE_SHIFT - L1_CACHE_SHIFT)
427 #define CACHELINES_PER_PAGE (1 << CACHELINE_PER_PAGE_SHIFT)
428
to_cacheline_number(struct dma_debug_entry * entry)429 static phys_addr_t to_cacheline_number(struct dma_debug_entry *entry)
430 {
431 return (entry->pfn << CACHELINE_PER_PAGE_SHIFT) +
432 (entry->offset >> L1_CACHE_SHIFT);
433 }
434
active_cacheline_read_overlap(phys_addr_t cln)435 static int active_cacheline_read_overlap(phys_addr_t cln)
436 {
437 int overlap = 0, i;
438
439 for (i = RADIX_TREE_MAX_TAGS - 1; i >= 0; i--)
440 if (radix_tree_tag_get(&dma_active_cacheline, cln, i))
441 overlap |= 1 << i;
442 return overlap;
443 }
444
active_cacheline_set_overlap(phys_addr_t cln,int overlap)445 static int active_cacheline_set_overlap(phys_addr_t cln, int overlap)
446 {
447 int i;
448
449 if (overlap > ACTIVE_CACHELINE_MAX_OVERLAP || overlap < 0)
450 return overlap;
451
452 for (i = RADIX_TREE_MAX_TAGS - 1; i >= 0; i--)
453 if (overlap & 1 << i)
454 radix_tree_tag_set(&dma_active_cacheline, cln, i);
455 else
456 radix_tree_tag_clear(&dma_active_cacheline, cln, i);
457
458 return overlap;
459 }
460
active_cacheline_inc_overlap(phys_addr_t cln)461 static void active_cacheline_inc_overlap(phys_addr_t cln)
462 {
463 int overlap = active_cacheline_read_overlap(cln);
464
465 overlap = active_cacheline_set_overlap(cln, ++overlap);
466
467 /* If we overflowed the overlap counter then we're potentially
468 * leaking dma-mappings.
469 */
470 WARN_ONCE(overlap > ACTIVE_CACHELINE_MAX_OVERLAP,
471 pr_fmt("exceeded %d overlapping mappings of cacheline %pa\n"),
472 ACTIVE_CACHELINE_MAX_OVERLAP, &cln);
473 }
474
active_cacheline_dec_overlap(phys_addr_t cln)475 static int active_cacheline_dec_overlap(phys_addr_t cln)
476 {
477 int overlap = active_cacheline_read_overlap(cln);
478
479 return active_cacheline_set_overlap(cln, --overlap);
480 }
481
active_cacheline_insert(struct dma_debug_entry * entry)482 static int active_cacheline_insert(struct dma_debug_entry *entry)
483 {
484 phys_addr_t cln = to_cacheline_number(entry);
485 unsigned long flags;
486 int rc;
487
488 /* If the device is not writing memory then we don't have any
489 * concerns about the cpu consuming stale data. This mitigates
490 * legitimate usages of overlapping mappings.
491 */
492 if (entry->direction == DMA_TO_DEVICE)
493 return 0;
494
495 spin_lock_irqsave(&radix_lock, flags);
496 rc = radix_tree_insert(&dma_active_cacheline, cln, entry);
497 if (rc == -EEXIST)
498 active_cacheline_inc_overlap(cln);
499 spin_unlock_irqrestore(&radix_lock, flags);
500
501 return rc;
502 }
503
active_cacheline_remove(struct dma_debug_entry * entry)504 static void active_cacheline_remove(struct dma_debug_entry *entry)
505 {
506 phys_addr_t cln = to_cacheline_number(entry);
507 unsigned long flags;
508
509 /* ...mirror the insert case */
510 if (entry->direction == DMA_TO_DEVICE)
511 return;
512
513 spin_lock_irqsave(&radix_lock, flags);
514 /* since we are counting overlaps the final put of the
515 * cacheline will occur when the overlap count is 0.
516 * active_cacheline_dec_overlap() returns -1 in that case
517 */
518 if (active_cacheline_dec_overlap(cln) < 0)
519 radix_tree_delete(&dma_active_cacheline, cln);
520 spin_unlock_irqrestore(&radix_lock, flags);
521 }
522
523 /*
524 * Dump mappings entries on kernel space for debugging purposes
525 */
debug_dma_dump_mappings(struct device * dev)526 void debug_dma_dump_mappings(struct device *dev)
527 {
528 int idx;
529 phys_addr_t cln;
530
531 for (idx = 0; idx < HASH_SIZE; idx++) {
532 struct hash_bucket *bucket = &dma_entry_hash[idx];
533 struct dma_debug_entry *entry;
534 unsigned long flags;
535
536 spin_lock_irqsave(&bucket->lock, flags);
537 list_for_each_entry(entry, &bucket->list, list) {
538 if (!dev || dev == entry->dev) {
539 cln = to_cacheline_number(entry);
540 dev_info(entry->dev,
541 "%s idx %d P=%llx N=%lx D=%llx L=%llx cln=%pa %s %s\n",
542 type2name[entry->type], idx,
543 phys_addr(entry), entry->pfn,
544 entry->dev_addr, entry->size,
545 &cln, dir2name[entry->direction],
546 maperr2str[entry->map_err_type]);
547 }
548 }
549 spin_unlock_irqrestore(&bucket->lock, flags);
550
551 cond_resched();
552 }
553 }
554
555 /*
556 * Dump mappings entries on user space via debugfs
557 */
dump_show(struct seq_file * seq,void * v)558 static int dump_show(struct seq_file *seq, void *v)
559 {
560 int idx;
561 phys_addr_t cln;
562
563 for (idx = 0; idx < HASH_SIZE; idx++) {
564 struct hash_bucket *bucket = &dma_entry_hash[idx];
565 struct dma_debug_entry *entry;
566 unsigned long flags;
567
568 spin_lock_irqsave(&bucket->lock, flags);
569 list_for_each_entry(entry, &bucket->list, list) {
570 cln = to_cacheline_number(entry);
571 seq_printf(seq,
572 "%s %s %s idx %d P=%llx N=%lx D=%llx L=%llx cln=%pa %s %s\n",
573 dev_driver_string(entry->dev),
574 dev_name(entry->dev),
575 type2name[entry->type], idx,
576 phys_addr(entry), entry->pfn,
577 entry->dev_addr, entry->size,
578 &cln, dir2name[entry->direction],
579 maperr2str[entry->map_err_type]);
580 }
581 spin_unlock_irqrestore(&bucket->lock, flags);
582 }
583 return 0;
584 }
585 DEFINE_SHOW_ATTRIBUTE(dump);
586
587 /*
588 * Wrapper function for adding an entry to the hash.
589 * This function takes care of locking itself.
590 */
add_dma_entry(struct dma_debug_entry * entry,unsigned long attrs)591 static void add_dma_entry(struct dma_debug_entry *entry, unsigned long attrs)
592 {
593 struct hash_bucket *bucket;
594 unsigned long flags;
595 int rc;
596
597 bucket = get_hash_bucket(entry, &flags);
598 hash_bucket_add(bucket, entry);
599 put_hash_bucket(bucket, flags);
600
601 rc = active_cacheline_insert(entry);
602 if (rc == -ENOMEM) {
603 pr_err_once("cacheline tracking ENOMEM, dma-debug disabled\n");
604 global_disable = true;
605 } else if (rc == -EEXIST && !(attrs & DMA_ATTR_SKIP_CPU_SYNC)) {
606 err_printk(entry->dev, entry,
607 "cacheline tracking EEXIST, overlapping mappings aren't supported\n");
608 }
609 }
610
dma_debug_create_entries(gfp_t gfp)611 static int dma_debug_create_entries(gfp_t gfp)
612 {
613 struct dma_debug_entry *entry;
614 int i;
615
616 entry = (void *)get_zeroed_page(gfp);
617 if (!entry)
618 return -ENOMEM;
619
620 for (i = 0; i < DMA_DEBUG_DYNAMIC_ENTRIES; i++)
621 list_add_tail(&entry[i].list, &free_entries);
622
623 num_free_entries += DMA_DEBUG_DYNAMIC_ENTRIES;
624 nr_total_entries += DMA_DEBUG_DYNAMIC_ENTRIES;
625
626 return 0;
627 }
628
__dma_entry_alloc(void)629 static struct dma_debug_entry *__dma_entry_alloc(void)
630 {
631 struct dma_debug_entry *entry;
632
633 entry = list_entry(free_entries.next, struct dma_debug_entry, list);
634 list_del(&entry->list);
635 memset(entry, 0, sizeof(*entry));
636
637 num_free_entries -= 1;
638 if (num_free_entries < min_free_entries)
639 min_free_entries = num_free_entries;
640
641 return entry;
642 }
643
644 /*
645 * This should be called outside of free_entries_lock scope to avoid potential
646 * deadlocks with serial consoles that use DMA.
647 */
__dma_entry_alloc_check_leak(u32 nr_entries)648 static void __dma_entry_alloc_check_leak(u32 nr_entries)
649 {
650 u32 tmp = nr_entries % nr_prealloc_entries;
651
652 /* Shout each time we tick over some multiple of the initial pool */
653 if (tmp < DMA_DEBUG_DYNAMIC_ENTRIES) {
654 pr_info("dma_debug_entry pool grown to %u (%u00%%)\n",
655 nr_entries,
656 (nr_entries / nr_prealloc_entries));
657 }
658 }
659
660 /* struct dma_entry allocator
661 *
662 * The next two functions implement the allocator for
663 * struct dma_debug_entries.
664 */
dma_entry_alloc(void)665 static struct dma_debug_entry *dma_entry_alloc(void)
666 {
667 bool alloc_check_leak = false;
668 struct dma_debug_entry *entry;
669 unsigned long flags;
670 u32 nr_entries;
671
672 spin_lock_irqsave(&free_entries_lock, flags);
673 if (num_free_entries == 0) {
674 if (dma_debug_create_entries(GFP_ATOMIC)) {
675 global_disable = true;
676 spin_unlock_irqrestore(&free_entries_lock, flags);
677 pr_err("debugging out of memory - disabling\n");
678 return NULL;
679 }
680 alloc_check_leak = true;
681 nr_entries = nr_total_entries;
682 }
683
684 entry = __dma_entry_alloc();
685
686 spin_unlock_irqrestore(&free_entries_lock, flags);
687
688 if (alloc_check_leak)
689 __dma_entry_alloc_check_leak(nr_entries);
690
691 #ifdef CONFIG_STACKTRACE
692 entry->stack_len = stack_trace_save(entry->stack_entries,
693 ARRAY_SIZE(entry->stack_entries),
694 1);
695 #endif
696 return entry;
697 }
698
dma_entry_free(struct dma_debug_entry * entry)699 static void dma_entry_free(struct dma_debug_entry *entry)
700 {
701 unsigned long flags;
702
703 active_cacheline_remove(entry);
704
705 /*
706 * add to beginning of the list - this way the entries are
707 * more likely cache hot when they are reallocated.
708 */
709 spin_lock_irqsave(&free_entries_lock, flags);
710 list_add(&entry->list, &free_entries);
711 num_free_entries += 1;
712 spin_unlock_irqrestore(&free_entries_lock, flags);
713 }
714
715 /*
716 * DMA-API debugging init code
717 *
718 * The init code does two things:
719 * 1. Initialize core data structures
720 * 2. Preallocate a given number of dma_debug_entry structs
721 */
722
filter_read(struct file * file,char __user * user_buf,size_t count,loff_t * ppos)723 static ssize_t filter_read(struct file *file, char __user *user_buf,
724 size_t count, loff_t *ppos)
725 {
726 char buf[NAME_MAX_LEN + 1];
727 unsigned long flags;
728 int len;
729
730 if (!current_driver_name[0])
731 return 0;
732
733 /*
734 * We can't copy to userspace directly because current_driver_name can
735 * only be read under the driver_name_lock with irqs disabled. So
736 * create a temporary copy first.
737 */
738 read_lock_irqsave(&driver_name_lock, flags);
739 len = scnprintf(buf, NAME_MAX_LEN + 1, "%s\n", current_driver_name);
740 read_unlock_irqrestore(&driver_name_lock, flags);
741
742 return simple_read_from_buffer(user_buf, count, ppos, buf, len);
743 }
744
filter_write(struct file * file,const char __user * userbuf,size_t count,loff_t * ppos)745 static ssize_t filter_write(struct file *file, const char __user *userbuf,
746 size_t count, loff_t *ppos)
747 {
748 char buf[NAME_MAX_LEN];
749 unsigned long flags;
750 size_t len;
751 int i;
752
753 /*
754 * We can't copy from userspace directly. Access to
755 * current_driver_name is protected with a write_lock with irqs
756 * disabled. Since copy_from_user can fault and may sleep we
757 * need to copy to temporary buffer first
758 */
759 len = min(count, (size_t)(NAME_MAX_LEN - 1));
760 if (copy_from_user(buf, userbuf, len))
761 return -EFAULT;
762
763 buf[len] = 0;
764
765 write_lock_irqsave(&driver_name_lock, flags);
766
767 /*
768 * Now handle the string we got from userspace very carefully.
769 * The rules are:
770 * - only use the first token we got
771 * - token delimiter is everything looking like a space
772 * character (' ', '\n', '\t' ...)
773 *
774 */
775 if (!isalnum(buf[0])) {
776 /*
777 * If the first character userspace gave us is not
778 * alphanumerical then assume the filter should be
779 * switched off.
780 */
781 if (current_driver_name[0])
782 pr_info("switching off dma-debug driver filter\n");
783 current_driver_name[0] = 0;
784 current_driver = NULL;
785 goto out_unlock;
786 }
787
788 /*
789 * Now parse out the first token and use it as the name for the
790 * driver to filter for.
791 */
792 for (i = 0; i < NAME_MAX_LEN - 1; ++i) {
793 current_driver_name[i] = buf[i];
794 if (isspace(buf[i]) || buf[i] == ' ' || buf[i] == 0)
795 break;
796 }
797 current_driver_name[i] = 0;
798 current_driver = NULL;
799
800 pr_info("enable driver filter for driver [%s]\n",
801 current_driver_name);
802
803 out_unlock:
804 write_unlock_irqrestore(&driver_name_lock, flags);
805
806 return count;
807 }
808
809 static const struct file_operations filter_fops = {
810 .read = filter_read,
811 .write = filter_write,
812 .llseek = default_llseek,
813 };
814
dma_debug_fs_init(void)815 static int __init dma_debug_fs_init(void)
816 {
817 struct dentry *dentry = debugfs_create_dir("dma-api", NULL);
818
819 debugfs_create_bool("disabled", 0444, dentry, &global_disable);
820 debugfs_create_u32("error_count", 0444, dentry, &error_count);
821 debugfs_create_u32("all_errors", 0644, dentry, &show_all_errors);
822 debugfs_create_u32("num_errors", 0644, dentry, &show_num_errors);
823 debugfs_create_u32("num_free_entries", 0444, dentry, &num_free_entries);
824 debugfs_create_u32("min_free_entries", 0444, dentry, &min_free_entries);
825 debugfs_create_u32("nr_total_entries", 0444, dentry, &nr_total_entries);
826 debugfs_create_file("driver_filter", 0644, dentry, NULL, &filter_fops);
827 debugfs_create_file("dump", 0444, dentry, NULL, &dump_fops);
828
829 return 0;
830 }
831 core_initcall_sync(dma_debug_fs_init);
832
device_dma_allocations(struct device * dev,struct dma_debug_entry ** out_entry)833 static int device_dma_allocations(struct device *dev, struct dma_debug_entry **out_entry)
834 {
835 struct dma_debug_entry *entry;
836 unsigned long flags;
837 int count = 0, i;
838
839 for (i = 0; i < HASH_SIZE; ++i) {
840 spin_lock_irqsave(&dma_entry_hash[i].lock, flags);
841 list_for_each_entry(entry, &dma_entry_hash[i].list, list) {
842 if (entry->dev == dev) {
843 count += 1;
844 *out_entry = entry;
845 }
846 }
847 spin_unlock_irqrestore(&dma_entry_hash[i].lock, flags);
848 }
849
850 return count;
851 }
852
dma_debug_device_change(struct notifier_block * nb,unsigned long action,void * data)853 static int dma_debug_device_change(struct notifier_block *nb, unsigned long action, void *data)
854 {
855 struct device *dev = data;
856 struct dma_debug_entry *entry;
857 int count;
858
859 if (dma_debug_disabled())
860 return 0;
861
862 switch (action) {
863 case BUS_NOTIFY_UNBOUND_DRIVER:
864 count = device_dma_allocations(dev, &entry);
865 if (count == 0)
866 break;
867 err_printk(dev, entry, "device driver has pending "
868 "DMA allocations while released from device "
869 "[count=%d]\n"
870 "One of leaked entries details: "
871 "[device address=0x%016llx] [size=%llu bytes] "
872 "[mapped with %s] [mapped as %s]\n",
873 count, entry->dev_addr, entry->size,
874 dir2name[entry->direction], type2name[entry->type]);
875 break;
876 default:
877 break;
878 }
879
880 return 0;
881 }
882
dma_debug_add_bus(const struct bus_type * bus)883 void dma_debug_add_bus(const struct bus_type *bus)
884 {
885 struct notifier_block *nb;
886
887 if (dma_debug_disabled())
888 return;
889
890 nb = kzalloc(sizeof(struct notifier_block), GFP_KERNEL);
891 if (nb == NULL) {
892 pr_err("dma_debug_add_bus: out of memory\n");
893 return;
894 }
895
896 nb->notifier_call = dma_debug_device_change;
897
898 bus_register_notifier(bus, nb);
899 }
900
dma_debug_init(void)901 static int dma_debug_init(void)
902 {
903 int i, nr_pages;
904
905 /* Do not use dma_debug_initialized here, since we really want to be
906 * called to set dma_debug_initialized
907 */
908 if (global_disable)
909 return 0;
910
911 for (i = 0; i < HASH_SIZE; ++i) {
912 INIT_LIST_HEAD(&dma_entry_hash[i].list);
913 spin_lock_init(&dma_entry_hash[i].lock);
914 }
915
916 nr_pages = DIV_ROUND_UP(nr_prealloc_entries, DMA_DEBUG_DYNAMIC_ENTRIES);
917 for (i = 0; i < nr_pages; ++i)
918 dma_debug_create_entries(GFP_KERNEL);
919 if (num_free_entries >= nr_prealloc_entries) {
920 pr_info("preallocated %d debug entries\n", nr_total_entries);
921 } else if (num_free_entries > 0) {
922 pr_warn("%d debug entries requested but only %d allocated\n",
923 nr_prealloc_entries, nr_total_entries);
924 } else {
925 pr_err("debugging out of memory error - disabled\n");
926 global_disable = true;
927
928 return 0;
929 }
930 min_free_entries = num_free_entries;
931
932 dma_debug_initialized = true;
933
934 pr_info("debugging enabled by kernel config\n");
935 return 0;
936 }
937 core_initcall(dma_debug_init);
938
dma_debug_cmdline(char * str)939 static __init int dma_debug_cmdline(char *str)
940 {
941 if (!str)
942 return -EINVAL;
943
944 if (strncmp(str, "off", 3) == 0) {
945 pr_info("debugging disabled on kernel command line\n");
946 global_disable = true;
947 }
948
949 return 1;
950 }
951
dma_debug_entries_cmdline(char * str)952 static __init int dma_debug_entries_cmdline(char *str)
953 {
954 if (!str)
955 return -EINVAL;
956 if (!get_option(&str, &nr_prealloc_entries))
957 nr_prealloc_entries = PREALLOC_DMA_DEBUG_ENTRIES;
958 return 1;
959 }
960
961 __setup("dma_debug=", dma_debug_cmdline);
962 __setup("dma_debug_entries=", dma_debug_entries_cmdline);
963
check_unmap(struct dma_debug_entry * ref)964 static void check_unmap(struct dma_debug_entry *ref)
965 {
966 struct dma_debug_entry *entry;
967 struct hash_bucket *bucket;
968 unsigned long flags;
969
970 bucket = get_hash_bucket(ref, &flags);
971 entry = bucket_find_exact(bucket, ref);
972
973 if (!entry) {
974 /* must drop lock before calling dma_mapping_error */
975 put_hash_bucket(bucket, flags);
976
977 if (dma_mapping_error(ref->dev, ref->dev_addr)) {
978 err_printk(ref->dev, NULL,
979 "device driver tries to free an "
980 "invalid DMA memory address\n");
981 } else {
982 err_printk(ref->dev, NULL,
983 "device driver tries to free DMA "
984 "memory it has not allocated [device "
985 "address=0x%016llx] [size=%llu bytes]\n",
986 ref->dev_addr, ref->size);
987 }
988 return;
989 }
990
991 if (ref->size != entry->size) {
992 err_printk(ref->dev, entry, "device driver frees "
993 "DMA memory with different size "
994 "[device address=0x%016llx] [map size=%llu bytes] "
995 "[unmap size=%llu bytes]\n",
996 ref->dev_addr, entry->size, ref->size);
997 }
998
999 if (ref->type != entry->type) {
1000 err_printk(ref->dev, entry, "device driver frees "
1001 "DMA memory with wrong function "
1002 "[device address=0x%016llx] [size=%llu bytes] "
1003 "[mapped as %s] [unmapped as %s]\n",
1004 ref->dev_addr, ref->size,
1005 type2name[entry->type], type2name[ref->type]);
1006 } else if ((entry->type == dma_debug_coherent) &&
1007 (phys_addr(ref) != phys_addr(entry))) {
1008 err_printk(ref->dev, entry, "device driver frees "
1009 "DMA memory with different CPU address "
1010 "[device address=0x%016llx] [size=%llu bytes] "
1011 "[cpu alloc address=0x%016llx] "
1012 "[cpu free address=0x%016llx]",
1013 ref->dev_addr, ref->size,
1014 phys_addr(entry),
1015 phys_addr(ref));
1016 }
1017
1018 if (ref->sg_call_ents && ref->type == dma_debug_sg &&
1019 ref->sg_call_ents != entry->sg_call_ents) {
1020 err_printk(ref->dev, entry, "device driver frees "
1021 "DMA sg list with different entry count "
1022 "[map count=%d] [unmap count=%d]\n",
1023 entry->sg_call_ents, ref->sg_call_ents);
1024 }
1025
1026 /*
1027 * This may be no bug in reality - but most implementations of the
1028 * DMA API don't handle this properly, so check for it here
1029 */
1030 if (ref->direction != entry->direction) {
1031 err_printk(ref->dev, entry, "device driver frees "
1032 "DMA memory with different direction "
1033 "[device address=0x%016llx] [size=%llu bytes] "
1034 "[mapped with %s] [unmapped with %s]\n",
1035 ref->dev_addr, ref->size,
1036 dir2name[entry->direction],
1037 dir2name[ref->direction]);
1038 }
1039
1040 /*
1041 * Drivers should use dma_mapping_error() to check the returned
1042 * addresses of dma_map_single() and dma_map_page().
1043 * If not, print this warning message. See Documentation/core-api/dma-api.rst.
1044 */
1045 if (entry->map_err_type == MAP_ERR_NOT_CHECKED) {
1046 err_printk(ref->dev, entry,
1047 "device driver failed to check map error"
1048 "[device address=0x%016llx] [size=%llu bytes] "
1049 "[mapped as %s]",
1050 ref->dev_addr, ref->size,
1051 type2name[entry->type]);
1052 }
1053
1054 hash_bucket_del(entry);
1055 dma_entry_free(entry);
1056
1057 put_hash_bucket(bucket, flags);
1058 }
1059
check_for_stack(struct device * dev,struct page * page,size_t offset)1060 static void check_for_stack(struct device *dev,
1061 struct page *page, size_t offset)
1062 {
1063 void *addr;
1064 struct vm_struct *stack_vm_area = task_stack_vm_area(current);
1065
1066 if (!stack_vm_area) {
1067 /* Stack is direct-mapped. */
1068 if (PageHighMem(page))
1069 return;
1070 addr = page_address(page) + offset;
1071 if (object_is_on_stack(addr))
1072 err_printk(dev, NULL, "device driver maps memory from stack [addr=%p]\n", addr);
1073 } else {
1074 /* Stack is vmalloced. */
1075 int i;
1076
1077 for (i = 0; i < stack_vm_area->nr_pages; i++) {
1078 if (page != stack_vm_area->pages[i])
1079 continue;
1080
1081 addr = (u8 *)current->stack + i * PAGE_SIZE + offset;
1082 err_printk(dev, NULL, "device driver maps memory from stack [probable addr=%p]\n", addr);
1083 break;
1084 }
1085 }
1086 }
1087
check_for_illegal_area(struct device * dev,void * addr,unsigned long len)1088 static void check_for_illegal_area(struct device *dev, void *addr, unsigned long len)
1089 {
1090 if (memory_intersects(_stext, _etext, addr, len) ||
1091 memory_intersects(__start_rodata, __end_rodata, addr, len))
1092 err_printk(dev, NULL, "device driver maps memory from kernel text or rodata [addr=%p] [len=%lu]\n", addr, len);
1093 }
1094
check_sync(struct device * dev,struct dma_debug_entry * ref,bool to_cpu)1095 static void check_sync(struct device *dev,
1096 struct dma_debug_entry *ref,
1097 bool to_cpu)
1098 {
1099 struct dma_debug_entry *entry;
1100 struct hash_bucket *bucket;
1101 unsigned long flags;
1102
1103 bucket = get_hash_bucket(ref, &flags);
1104
1105 entry = bucket_find_contain(&bucket, ref, &flags);
1106
1107 if (!entry) {
1108 err_printk(dev, NULL, "device driver tries "
1109 "to sync DMA memory it has not allocated "
1110 "[device address=0x%016llx] [size=%llu bytes]\n",
1111 (unsigned long long)ref->dev_addr, ref->size);
1112 goto out;
1113 }
1114
1115 if (ref->size > entry->size) {
1116 err_printk(dev, entry, "device driver syncs"
1117 " DMA memory outside allocated range "
1118 "[device address=0x%016llx] "
1119 "[allocation size=%llu bytes] "
1120 "[sync offset+size=%llu]\n",
1121 entry->dev_addr, entry->size,
1122 ref->size);
1123 }
1124
1125 if (entry->direction == DMA_BIDIRECTIONAL)
1126 goto out;
1127
1128 if (ref->direction != entry->direction) {
1129 err_printk(dev, entry, "device driver syncs "
1130 "DMA memory with different direction "
1131 "[device address=0x%016llx] [size=%llu bytes] "
1132 "[mapped with %s] [synced with %s]\n",
1133 (unsigned long long)ref->dev_addr, entry->size,
1134 dir2name[entry->direction],
1135 dir2name[ref->direction]);
1136 }
1137
1138 if (to_cpu && !(entry->direction == DMA_FROM_DEVICE) &&
1139 !(ref->direction == DMA_TO_DEVICE))
1140 err_printk(dev, entry, "device driver syncs "
1141 "device read-only DMA memory for cpu "
1142 "[device address=0x%016llx] [size=%llu bytes] "
1143 "[mapped with %s] [synced with %s]\n",
1144 (unsigned long long)ref->dev_addr, entry->size,
1145 dir2name[entry->direction],
1146 dir2name[ref->direction]);
1147
1148 if (!to_cpu && !(entry->direction == DMA_TO_DEVICE) &&
1149 !(ref->direction == DMA_FROM_DEVICE))
1150 err_printk(dev, entry, "device driver syncs "
1151 "device write-only DMA memory to device "
1152 "[device address=0x%016llx] [size=%llu bytes] "
1153 "[mapped with %s] [synced with %s]\n",
1154 (unsigned long long)ref->dev_addr, entry->size,
1155 dir2name[entry->direction],
1156 dir2name[ref->direction]);
1157
1158 if (ref->sg_call_ents && ref->type == dma_debug_sg &&
1159 ref->sg_call_ents != entry->sg_call_ents) {
1160 err_printk(ref->dev, entry, "device driver syncs "
1161 "DMA sg list with different entry count "
1162 "[map count=%d] [sync count=%d]\n",
1163 entry->sg_call_ents, ref->sg_call_ents);
1164 }
1165
1166 out:
1167 put_hash_bucket(bucket, flags);
1168 }
1169
check_sg_segment(struct device * dev,struct scatterlist * sg)1170 static void check_sg_segment(struct device *dev, struct scatterlist *sg)
1171 {
1172 #ifdef CONFIG_DMA_API_DEBUG_SG
1173 unsigned int max_seg = dma_get_max_seg_size(dev);
1174 u64 start, end, boundary = dma_get_seg_boundary(dev);
1175
1176 /*
1177 * Either the driver forgot to set dma_parms appropriately, or
1178 * whoever generated the list forgot to check them.
1179 */
1180 if (sg->length > max_seg)
1181 err_printk(dev, NULL, "mapping sg segment longer than device claims to support [len=%u] [max=%u]\n",
1182 sg->length, max_seg);
1183 /*
1184 * In some cases this could potentially be the DMA API
1185 * implementation's fault, but it would usually imply that
1186 * the scatterlist was built inappropriately to begin with.
1187 */
1188 start = sg_dma_address(sg);
1189 end = start + sg_dma_len(sg) - 1;
1190 if ((start ^ end) & ~boundary)
1191 err_printk(dev, NULL, "mapping sg segment across boundary [start=0x%016llx] [end=0x%016llx] [boundary=0x%016llx]\n",
1192 start, end, boundary);
1193 #endif
1194 }
1195
debug_dma_map_single(struct device * dev,const void * addr,unsigned long len)1196 void debug_dma_map_single(struct device *dev, const void *addr,
1197 unsigned long len)
1198 {
1199 if (unlikely(dma_debug_disabled()))
1200 return;
1201
1202 if (!virt_addr_valid(addr))
1203 err_printk(dev, NULL, "device driver maps memory from invalid area [addr=%p] [len=%lu]\n",
1204 addr, len);
1205
1206 if (is_vmalloc_addr(addr))
1207 err_printk(dev, NULL, "device driver maps memory from vmalloc area [addr=%p] [len=%lu]\n",
1208 addr, len);
1209 }
1210 EXPORT_SYMBOL(debug_dma_map_single);
1211
debug_dma_map_page(struct device * dev,struct page * page,size_t offset,size_t size,int direction,dma_addr_t dma_addr,unsigned long attrs)1212 void debug_dma_map_page(struct device *dev, struct page *page, size_t offset,
1213 size_t size, int direction, dma_addr_t dma_addr,
1214 unsigned long attrs)
1215 {
1216 struct dma_debug_entry *entry;
1217
1218 if (unlikely(dma_debug_disabled()))
1219 return;
1220
1221 if (dma_mapping_error(dev, dma_addr))
1222 return;
1223
1224 entry = dma_entry_alloc();
1225 if (!entry)
1226 return;
1227
1228 entry->dev = dev;
1229 entry->type = dma_debug_single;
1230 entry->pfn = page_to_pfn(page);
1231 entry->offset = offset;
1232 entry->dev_addr = dma_addr;
1233 entry->size = size;
1234 entry->direction = direction;
1235 entry->map_err_type = MAP_ERR_NOT_CHECKED;
1236
1237 check_for_stack(dev, page, offset);
1238
1239 if (!PageHighMem(page)) {
1240 void *addr = page_address(page) + offset;
1241
1242 check_for_illegal_area(dev, addr, size);
1243 }
1244
1245 add_dma_entry(entry, attrs);
1246 }
1247
debug_dma_mapping_error(struct device * dev,dma_addr_t dma_addr)1248 void debug_dma_mapping_error(struct device *dev, dma_addr_t dma_addr)
1249 {
1250 struct dma_debug_entry ref;
1251 struct dma_debug_entry *entry;
1252 struct hash_bucket *bucket;
1253 unsigned long flags;
1254
1255 if (unlikely(dma_debug_disabled()))
1256 return;
1257
1258 ref.dev = dev;
1259 ref.dev_addr = dma_addr;
1260 bucket = get_hash_bucket(&ref, &flags);
1261
1262 list_for_each_entry(entry, &bucket->list, list) {
1263 if (!exact_match(&ref, entry))
1264 continue;
1265
1266 /*
1267 * The same physical address can be mapped multiple
1268 * times. Without a hardware IOMMU this results in the
1269 * same device addresses being put into the dma-debug
1270 * hash multiple times too. This can result in false
1271 * positives being reported. Therefore we implement a
1272 * best-fit algorithm here which updates the first entry
1273 * from the hash which fits the reference value and is
1274 * not currently listed as being checked.
1275 */
1276 if (entry->map_err_type == MAP_ERR_NOT_CHECKED) {
1277 entry->map_err_type = MAP_ERR_CHECKED;
1278 break;
1279 }
1280 }
1281
1282 put_hash_bucket(bucket, flags);
1283 }
1284 EXPORT_SYMBOL(debug_dma_mapping_error);
1285
debug_dma_unmap_page(struct device * dev,dma_addr_t dma_addr,size_t size,int direction)1286 void debug_dma_unmap_page(struct device *dev, dma_addr_t dma_addr,
1287 size_t size, int direction)
1288 {
1289 struct dma_debug_entry ref = {
1290 .type = dma_debug_single,
1291 .dev = dev,
1292 .dev_addr = dma_addr,
1293 .size = size,
1294 .direction = direction,
1295 };
1296
1297 if (unlikely(dma_debug_disabled()))
1298 return;
1299 check_unmap(&ref);
1300 }
1301
debug_dma_map_sg(struct device * dev,struct scatterlist * sg,int nents,int mapped_ents,int direction,unsigned long attrs)1302 void debug_dma_map_sg(struct device *dev, struct scatterlist *sg,
1303 int nents, int mapped_ents, int direction,
1304 unsigned long attrs)
1305 {
1306 struct dma_debug_entry *entry;
1307 struct scatterlist *s;
1308 int i;
1309
1310 if (unlikely(dma_debug_disabled()))
1311 return;
1312
1313 for_each_sg(sg, s, nents, i) {
1314 check_for_stack(dev, sg_page(s), s->offset);
1315 if (!PageHighMem(sg_page(s)))
1316 check_for_illegal_area(dev, sg_virt(s), s->length);
1317 }
1318
1319 for_each_sg(sg, s, mapped_ents, i) {
1320 entry = dma_entry_alloc();
1321 if (!entry)
1322 return;
1323
1324 entry->type = dma_debug_sg;
1325 entry->dev = dev;
1326 entry->pfn = page_to_pfn(sg_page(s));
1327 entry->offset = s->offset;
1328 entry->size = sg_dma_len(s);
1329 entry->dev_addr = sg_dma_address(s);
1330 entry->direction = direction;
1331 entry->sg_call_ents = nents;
1332 entry->sg_mapped_ents = mapped_ents;
1333
1334 check_sg_segment(dev, s);
1335
1336 add_dma_entry(entry, attrs);
1337 }
1338 }
1339
get_nr_mapped_entries(struct device * dev,struct dma_debug_entry * ref)1340 static int get_nr_mapped_entries(struct device *dev,
1341 struct dma_debug_entry *ref)
1342 {
1343 struct dma_debug_entry *entry;
1344 struct hash_bucket *bucket;
1345 unsigned long flags;
1346 int mapped_ents;
1347
1348 bucket = get_hash_bucket(ref, &flags);
1349 entry = bucket_find_exact(bucket, ref);
1350 mapped_ents = 0;
1351
1352 if (entry)
1353 mapped_ents = entry->sg_mapped_ents;
1354 put_hash_bucket(bucket, flags);
1355
1356 return mapped_ents;
1357 }
1358
debug_dma_unmap_sg(struct device * dev,struct scatterlist * sglist,int nelems,int dir)1359 void debug_dma_unmap_sg(struct device *dev, struct scatterlist *sglist,
1360 int nelems, int dir)
1361 {
1362 struct scatterlist *s;
1363 int mapped_ents = 0, i;
1364
1365 if (unlikely(dma_debug_disabled()))
1366 return;
1367
1368 for_each_sg(sglist, s, nelems, i) {
1369
1370 struct dma_debug_entry ref = {
1371 .type = dma_debug_sg,
1372 .dev = dev,
1373 .pfn = page_to_pfn(sg_page(s)),
1374 .offset = s->offset,
1375 .dev_addr = sg_dma_address(s),
1376 .size = sg_dma_len(s),
1377 .direction = dir,
1378 .sg_call_ents = nelems,
1379 };
1380
1381 if (mapped_ents && i >= mapped_ents)
1382 break;
1383
1384 if (!i)
1385 mapped_ents = get_nr_mapped_entries(dev, &ref);
1386
1387 check_unmap(&ref);
1388 }
1389 }
1390
debug_dma_alloc_coherent(struct device * dev,size_t size,dma_addr_t dma_addr,void * virt,unsigned long attrs)1391 void debug_dma_alloc_coherent(struct device *dev, size_t size,
1392 dma_addr_t dma_addr, void *virt,
1393 unsigned long attrs)
1394 {
1395 struct dma_debug_entry *entry;
1396
1397 if (unlikely(dma_debug_disabled()))
1398 return;
1399
1400 if (unlikely(virt == NULL))
1401 return;
1402
1403 /* handle vmalloc and linear addresses */
1404 if (!is_vmalloc_addr(virt) && !virt_addr_valid(virt))
1405 return;
1406
1407 entry = dma_entry_alloc();
1408 if (!entry)
1409 return;
1410
1411 entry->type = dma_debug_coherent;
1412 entry->dev = dev;
1413 entry->offset = offset_in_page(virt);
1414 entry->size = size;
1415 entry->dev_addr = dma_addr;
1416 entry->direction = DMA_BIDIRECTIONAL;
1417
1418 if (is_vmalloc_addr(virt))
1419 entry->pfn = vmalloc_to_pfn(virt);
1420 else
1421 entry->pfn = page_to_pfn(virt_to_page(virt));
1422
1423 add_dma_entry(entry, attrs);
1424 }
1425
debug_dma_free_coherent(struct device * dev,size_t size,void * virt,dma_addr_t dma_addr)1426 void debug_dma_free_coherent(struct device *dev, size_t size,
1427 void *virt, dma_addr_t dma_addr)
1428 {
1429 struct dma_debug_entry ref = {
1430 .type = dma_debug_coherent,
1431 .dev = dev,
1432 .offset = offset_in_page(virt),
1433 .dev_addr = dma_addr,
1434 .size = size,
1435 .direction = DMA_BIDIRECTIONAL,
1436 };
1437
1438 /* handle vmalloc and linear addresses */
1439 if (!is_vmalloc_addr(virt) && !virt_addr_valid(virt))
1440 return;
1441
1442 if (is_vmalloc_addr(virt))
1443 ref.pfn = vmalloc_to_pfn(virt);
1444 else
1445 ref.pfn = page_to_pfn(virt_to_page(virt));
1446
1447 if (unlikely(dma_debug_disabled()))
1448 return;
1449
1450 check_unmap(&ref);
1451 }
1452
debug_dma_map_resource(struct device * dev,phys_addr_t addr,size_t size,int direction,dma_addr_t dma_addr,unsigned long attrs)1453 void debug_dma_map_resource(struct device *dev, phys_addr_t addr, size_t size,
1454 int direction, dma_addr_t dma_addr,
1455 unsigned long attrs)
1456 {
1457 struct dma_debug_entry *entry;
1458
1459 if (unlikely(dma_debug_disabled()))
1460 return;
1461
1462 entry = dma_entry_alloc();
1463 if (!entry)
1464 return;
1465
1466 entry->type = dma_debug_resource;
1467 entry->dev = dev;
1468 entry->pfn = PHYS_PFN(addr);
1469 entry->offset = offset_in_page(addr);
1470 entry->size = size;
1471 entry->dev_addr = dma_addr;
1472 entry->direction = direction;
1473 entry->map_err_type = MAP_ERR_NOT_CHECKED;
1474
1475 add_dma_entry(entry, attrs);
1476 }
1477
debug_dma_unmap_resource(struct device * dev,dma_addr_t dma_addr,size_t size,int direction)1478 void debug_dma_unmap_resource(struct device *dev, dma_addr_t dma_addr,
1479 size_t size, int direction)
1480 {
1481 struct dma_debug_entry ref = {
1482 .type = dma_debug_resource,
1483 .dev = dev,
1484 .dev_addr = dma_addr,
1485 .size = size,
1486 .direction = direction,
1487 };
1488
1489 if (unlikely(dma_debug_disabled()))
1490 return;
1491
1492 check_unmap(&ref);
1493 }
1494
debug_dma_sync_single_for_cpu(struct device * dev,dma_addr_t dma_handle,size_t size,int direction)1495 void debug_dma_sync_single_for_cpu(struct device *dev, dma_addr_t dma_handle,
1496 size_t size, int direction)
1497 {
1498 struct dma_debug_entry ref;
1499
1500 if (unlikely(dma_debug_disabled()))
1501 return;
1502
1503 ref.type = dma_debug_single;
1504 ref.dev = dev;
1505 ref.dev_addr = dma_handle;
1506 ref.size = size;
1507 ref.direction = direction;
1508 ref.sg_call_ents = 0;
1509
1510 check_sync(dev, &ref, true);
1511 }
1512
debug_dma_sync_single_for_device(struct device * dev,dma_addr_t dma_handle,size_t size,int direction)1513 void debug_dma_sync_single_for_device(struct device *dev,
1514 dma_addr_t dma_handle, size_t size,
1515 int direction)
1516 {
1517 struct dma_debug_entry ref;
1518
1519 if (unlikely(dma_debug_disabled()))
1520 return;
1521
1522 ref.type = dma_debug_single;
1523 ref.dev = dev;
1524 ref.dev_addr = dma_handle;
1525 ref.size = size;
1526 ref.direction = direction;
1527 ref.sg_call_ents = 0;
1528
1529 check_sync(dev, &ref, false);
1530 }
1531
debug_dma_sync_sg_for_cpu(struct device * dev,struct scatterlist * sg,int nelems,int direction)1532 void debug_dma_sync_sg_for_cpu(struct device *dev, struct scatterlist *sg,
1533 int nelems, int direction)
1534 {
1535 struct scatterlist *s;
1536 int mapped_ents = 0, i;
1537
1538 if (unlikely(dma_debug_disabled()))
1539 return;
1540
1541 for_each_sg(sg, s, nelems, i) {
1542
1543 struct dma_debug_entry ref = {
1544 .type = dma_debug_sg,
1545 .dev = dev,
1546 .pfn = page_to_pfn(sg_page(s)),
1547 .offset = s->offset,
1548 .dev_addr = sg_dma_address(s),
1549 .size = sg_dma_len(s),
1550 .direction = direction,
1551 .sg_call_ents = nelems,
1552 };
1553
1554 if (!i)
1555 mapped_ents = get_nr_mapped_entries(dev, &ref);
1556
1557 if (i >= mapped_ents)
1558 break;
1559
1560 check_sync(dev, &ref, true);
1561 }
1562 }
1563
debug_dma_sync_sg_for_device(struct device * dev,struct scatterlist * sg,int nelems,int direction)1564 void debug_dma_sync_sg_for_device(struct device *dev, struct scatterlist *sg,
1565 int nelems, int direction)
1566 {
1567 struct scatterlist *s;
1568 int mapped_ents = 0, i;
1569
1570 if (unlikely(dma_debug_disabled()))
1571 return;
1572
1573 for_each_sg(sg, s, nelems, i) {
1574
1575 struct dma_debug_entry ref = {
1576 .type = dma_debug_sg,
1577 .dev = dev,
1578 .pfn = page_to_pfn(sg_page(s)),
1579 .offset = s->offset,
1580 .dev_addr = sg_dma_address(s),
1581 .size = sg_dma_len(s),
1582 .direction = direction,
1583 .sg_call_ents = nelems,
1584 };
1585 if (!i)
1586 mapped_ents = get_nr_mapped_entries(dev, &ref);
1587
1588 if (i >= mapped_ents)
1589 break;
1590
1591 check_sync(dev, &ref, false);
1592 }
1593 }
1594
dma_debug_driver_setup(char * str)1595 static int __init dma_debug_driver_setup(char *str)
1596 {
1597 int i;
1598
1599 for (i = 0; i < NAME_MAX_LEN - 1; ++i, ++str) {
1600 current_driver_name[i] = *str;
1601 if (*str == 0)
1602 break;
1603 }
1604
1605 if (current_driver_name[0])
1606 pr_info("enable driver filter for driver [%s]\n",
1607 current_driver_name);
1608
1609
1610 return 1;
1611 }
1612 __setup("dma_debug_driver=", dma_debug_driver_setup);
1613