b36f09c3c4
The DMAengine API has a long standing race condition that is inherent to the API itself. Calling dmaengine_terminate_all() is supposed to stop and abort any pending or active transfers that have previously been submitted. Unfortunately it is possible that this operation races against a currently running (or with some drivers also scheduled) completion callback. Since the API allows dmaengine_terminate_all() to be called from atomic context as well as from within a completion callback it is not possible to synchronize to the execution of the completion callback from within dmaengine_terminate_all() itself. This means that a user of the DMAengine API does not know when it is safe to free resources used in the completion callback, which can result in a use-after-free race condition. This patch addresses the issue by introducing an explicit synchronization primitive to the DMAengine API called dmaengine_synchronize(). The existing dmaengine_terminate_all() is deprecated in favor of dmaengine_terminate_sync() and dmaengine_terminate_async(). The former aborts all pending and active transfers and synchronizes to the current context, meaning it will wait until all running completion callbacks have finished. This means it is only possible to call this function from non-atomic context. The later function does not synchronize, but can still be used in atomic context or from within a complete callback. It has to be followed up by dmaengine_synchronize() before a client can free the resources used in a completion callback. In addition to this the semantics of the device_terminate_all() callback are slightly relaxed by this patch. It is now OK for a driver to only schedule the termination of the active transfer, but does not necessarily have to wait until the DMA controller has completely stopped. The driver must ensure though that the controller has stopped and no longer accesses any memory when the device_synchronize() callback returns. This was in part done since most drivers do not pay attention to this anyway at the moment and to emphasize that this needs to be done when the device_synchronize() callback is implemented. But it also helps with implementing support for devices where stopping the controller can require operations that may sleep. Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Signed-off-by: Vinod Koul <vinod.koul@intel.com>
414 lines
17 KiB
Plaintext
414 lines
17 KiB
Plaintext
DMAengine controller documentation
|
|
==================================
|
|
|
|
Hardware Introduction
|
|
+++++++++++++++++++++
|
|
|
|
Most of the Slave DMA controllers have the same general principles of
|
|
operations.
|
|
|
|
They have a given number of channels to use for the DMA transfers, and
|
|
a given number of requests lines.
|
|
|
|
Requests and channels are pretty much orthogonal. Channels can be used
|
|
to serve several to any requests. To simplify, channels are the
|
|
entities that will be doing the copy, and requests what endpoints are
|
|
involved.
|
|
|
|
The request lines actually correspond to physical lines going from the
|
|
DMA-eligible devices to the controller itself. Whenever the device
|
|
will want to start a transfer, it will assert a DMA request (DRQ) by
|
|
asserting that request line.
|
|
|
|
A very simple DMA controller would only take into account a single
|
|
parameter: the transfer size. At each clock cycle, it would transfer a
|
|
byte of data from one buffer to another, until the transfer size has
|
|
been reached.
|
|
|
|
That wouldn't work well in the real world, since slave devices might
|
|
require a specific number of bits to be transferred in a single
|
|
cycle. For example, we may want to transfer as much data as the
|
|
physical bus allows to maximize performances when doing a simple
|
|
memory copy operation, but our audio device could have a narrower FIFO
|
|
that requires data to be written exactly 16 or 24 bits at a time. This
|
|
is why most if not all of the DMA controllers can adjust this, using a
|
|
parameter called the transfer width.
|
|
|
|
Moreover, some DMA controllers, whenever the RAM is used as a source
|
|
or destination, can group the reads or writes in memory into a buffer,
|
|
so instead of having a lot of small memory accesses, which is not
|
|
really efficient, you'll get several bigger transfers. This is done
|
|
using a parameter called the burst size, that defines how many single
|
|
reads/writes it's allowed to do without the controller splitting the
|
|
transfer into smaller sub-transfers.
|
|
|
|
Our theoretical DMA controller would then only be able to do transfers
|
|
that involve a single contiguous block of data. However, some of the
|
|
transfers we usually have are not, and want to copy data from
|
|
non-contiguous buffers to a contiguous buffer, which is called
|
|
scatter-gather.
|
|
|
|
DMAEngine, at least for mem2dev transfers, require support for
|
|
scatter-gather. So we're left with two cases here: either we have a
|
|
quite simple DMA controller that doesn't support it, and we'll have to
|
|
implement it in software, or we have a more advanced DMA controller,
|
|
that implements in hardware scatter-gather.
|
|
|
|
The latter are usually programmed using a collection of chunks to
|
|
transfer, and whenever the transfer is started, the controller will go
|
|
over that collection, doing whatever we programmed there.
|
|
|
|
This collection is usually either a table or a linked list. You will
|
|
then push either the address of the table and its number of elements,
|
|
or the first item of the list to one channel of the DMA controller,
|
|
and whenever a DRQ will be asserted, it will go through the collection
|
|
to know where to fetch the data from.
|
|
|
|
Either way, the format of this collection is completely dependent on
|
|
your hardware. Each DMA controller will require a different structure,
|
|
but all of them will require, for every chunk, at least the source and
|
|
destination addresses, whether it should increment these addresses or
|
|
not and the three parameters we saw earlier: the burst size, the
|
|
transfer width and the transfer size.
|
|
|
|
The one last thing is that usually, slave devices won't issue DRQ by
|
|
default, and you have to enable this in your slave device driver first
|
|
whenever you're willing to use DMA.
|
|
|
|
These were just the general memory-to-memory (also called mem2mem) or
|
|
memory-to-device (mem2dev) kind of transfers. Most devices often
|
|
support other kind of transfers or memory operations that dmaengine
|
|
support and will be detailed later in this document.
|
|
|
|
DMA Support in Linux
|
|
++++++++++++++++++++
|
|
|
|
Historically, DMA controller drivers have been implemented using the
|
|
async TX API, to offload operations such as memory copy, XOR,
|
|
cryptography, etc., basically any memory to memory operation.
|
|
|
|
Over time, the need for memory to device transfers arose, and
|
|
dmaengine was extended. Nowadays, the async TX API is written as a
|
|
layer on top of dmaengine, and acts as a client. Still, dmaengine
|
|
accommodates that API in some cases, and made some design choices to
|
|
ensure that it stayed compatible.
|
|
|
|
For more information on the Async TX API, please look the relevant
|
|
documentation file in Documentation/crypto/async-tx-api.txt.
|
|
|
|
DMAEngine Registration
|
|
++++++++++++++++++++++
|
|
|
|
struct dma_device Initialization
|
|
--------------------------------
|
|
|
|
Just like any other kernel framework, the whole DMAEngine registration
|
|
relies on the driver filling a structure and registering against the
|
|
framework. In our case, that structure is dma_device.
|
|
|
|
The first thing you need to do in your driver is to allocate this
|
|
structure. Any of the usual memory allocators will do, but you'll also
|
|
need to initialize a few fields in there:
|
|
|
|
* channels: should be initialized as a list using the
|
|
INIT_LIST_HEAD macro for example
|
|
|
|
* src_addr_widths:
|
|
- should contain a bitmask of the supported source transfer width
|
|
|
|
* dst_addr_widths:
|
|
- should contain a bitmask of the supported destination transfer
|
|
width
|
|
|
|
* directions:
|
|
- should contain a bitmask of the supported slave directions
|
|
(i.e. excluding mem2mem transfers)
|
|
|
|
* residue_granularity:
|
|
- Granularity of the transfer residue reported to dma_set_residue.
|
|
- This can be either:
|
|
+ Descriptor
|
|
-> Your device doesn't support any kind of residue
|
|
reporting. The framework will only know that a particular
|
|
transaction descriptor is done.
|
|
+ Segment
|
|
-> Your device is able to report which chunks have been
|
|
transferred
|
|
+ Burst
|
|
-> Your device is able to report which burst have been
|
|
transferred
|
|
|
|
* dev: should hold the pointer to the struct device associated
|
|
to your current driver instance.
|
|
|
|
Supported transaction types
|
|
---------------------------
|
|
|
|
The next thing you need is to set which transaction types your device
|
|
(and driver) supports.
|
|
|
|
Our dma_device structure has a field called cap_mask that holds the
|
|
various types of transaction supported, and you need to modify this
|
|
mask using the dma_cap_set function, with various flags depending on
|
|
transaction types you support as an argument.
|
|
|
|
All those capabilities are defined in the dma_transaction_type enum,
|
|
in include/linux/dmaengine.h
|
|
|
|
Currently, the types available are:
|
|
* DMA_MEMCPY
|
|
- The device is able to do memory to memory copies
|
|
|
|
* DMA_XOR
|
|
- The device is able to perform XOR operations on memory areas
|
|
- Used to accelerate XOR intensive tasks, such as RAID5
|
|
|
|
* DMA_XOR_VAL
|
|
- The device is able to perform parity check using the XOR
|
|
algorithm against a memory buffer.
|
|
|
|
* DMA_PQ
|
|
- The device is able to perform RAID6 P+Q computations, P being a
|
|
simple XOR, and Q being a Reed-Solomon algorithm.
|
|
|
|
* DMA_PQ_VAL
|
|
- The device is able to perform parity check using RAID6 P+Q
|
|
algorithm against a memory buffer.
|
|
|
|
* DMA_INTERRUPT
|
|
- The device is able to trigger a dummy transfer that will
|
|
generate periodic interrupts
|
|
- Used by the client drivers to register a callback that will be
|
|
called on a regular basis through the DMA controller interrupt
|
|
|
|
* DMA_SG
|
|
- The device supports memory to memory scatter-gather
|
|
transfers.
|
|
- Even though a plain memcpy can look like a particular case of a
|
|
scatter-gather transfer, with a single chunk to transfer, it's a
|
|
distinct transaction type in the mem2mem transfers case
|
|
|
|
* DMA_PRIVATE
|
|
- The devices only supports slave transfers, and as such isn't
|
|
available for async transfers.
|
|
|
|
* DMA_ASYNC_TX
|
|
- Must not be set by the device, and will be set by the framework
|
|
if needed
|
|
- /* TODO: What is it about? */
|
|
|
|
* DMA_SLAVE
|
|
- The device can handle device to memory transfers, including
|
|
scatter-gather transfers.
|
|
- While in the mem2mem case we were having two distinct types to
|
|
deal with a single chunk to copy or a collection of them, here,
|
|
we just have a single transaction type that is supposed to
|
|
handle both.
|
|
- If you want to transfer a single contiguous memory buffer,
|
|
simply build a scatter list with only one item.
|
|
|
|
* DMA_CYCLIC
|
|
- The device can handle cyclic transfers.
|
|
- A cyclic transfer is a transfer where the chunk collection will
|
|
loop over itself, with the last item pointing to the first.
|
|
- It's usually used for audio transfers, where you want to operate
|
|
on a single ring buffer that you will fill with your audio data.
|
|
|
|
* DMA_INTERLEAVE
|
|
- The device supports interleaved transfer.
|
|
- These transfers can transfer data from a non-contiguous buffer
|
|
to a non-contiguous buffer, opposed to DMA_SLAVE that can
|
|
transfer data from a non-contiguous data set to a continuous
|
|
destination buffer.
|
|
- It's usually used for 2d content transfers, in which case you
|
|
want to transfer a portion of uncompressed data directly to the
|
|
display to print it
|
|
|
|
These various types will also affect how the source and destination
|
|
addresses change over time.
|
|
|
|
Addresses pointing to RAM are typically incremented (or decremented)
|
|
after each transfer. In case of a ring buffer, they may loop
|
|
(DMA_CYCLIC). Addresses pointing to a device's register (e.g. a FIFO)
|
|
are typically fixed.
|
|
|
|
Device operations
|
|
-----------------
|
|
|
|
Our dma_device structure also requires a few function pointers in
|
|
order to implement the actual logic, now that we described what
|
|
operations we were able to perform.
|
|
|
|
The functions that we have to fill in there, and hence have to
|
|
implement, obviously depend on the transaction types you reported as
|
|
supported.
|
|
|
|
* device_alloc_chan_resources
|
|
* device_free_chan_resources
|
|
- These functions will be called whenever a driver will call
|
|
dma_request_channel or dma_release_channel for the first/last
|
|
time on the channel associated to that driver.
|
|
- They are in charge of allocating/freeing all the needed
|
|
resources in order for that channel to be useful for your
|
|
driver.
|
|
- These functions can sleep.
|
|
|
|
* device_prep_dma_*
|
|
- These functions are matching the capabilities you registered
|
|
previously.
|
|
- These functions all take the buffer or the scatterlist relevant
|
|
for the transfer being prepared, and should create a hardware
|
|
descriptor or a list of hardware descriptors from it
|
|
- These functions can be called from an interrupt context
|
|
- Any allocation you might do should be using the GFP_NOWAIT
|
|
flag, in order not to potentially sleep, but without depleting
|
|
the emergency pool either.
|
|
- Drivers should try to pre-allocate any memory they might need
|
|
during the transfer setup at probe time to avoid putting to
|
|
much pressure on the nowait allocator.
|
|
|
|
- It should return a unique instance of the
|
|
dma_async_tx_descriptor structure, that further represents this
|
|
particular transfer.
|
|
|
|
- This structure can be initialized using the function
|
|
dma_async_tx_descriptor_init.
|
|
- You'll also need to set two fields in this structure:
|
|
+ flags:
|
|
TODO: Can it be modified by the driver itself, or
|
|
should it be always the flags passed in the arguments
|
|
|
|
+ tx_submit: A pointer to a function you have to implement,
|
|
that is supposed to push the current
|
|
transaction descriptor to a pending queue, waiting
|
|
for issue_pending to be called.
|
|
|
|
* device_issue_pending
|
|
- Takes the first transaction descriptor in the pending queue,
|
|
and starts the transfer. Whenever that transfer is done, it
|
|
should move to the next transaction in the list.
|
|
- This function can be called in an interrupt context
|
|
|
|
* device_tx_status
|
|
- Should report the bytes left to go over on the given channel
|
|
- Should only care about the transaction descriptor passed as
|
|
argument, not the currently active one on a given channel
|
|
- The tx_state argument might be NULL
|
|
- Should use dma_set_residue to report it
|
|
- In the case of a cyclic transfer, it should only take into
|
|
account the current period.
|
|
- This function can be called in an interrupt context.
|
|
|
|
* device_config
|
|
- Reconfigures the channel with the configuration given as
|
|
argument
|
|
- This command should NOT perform synchronously, or on any
|
|
currently queued transfers, but only on subsequent ones
|
|
- In this case, the function will receive a dma_slave_config
|
|
structure pointer as an argument, that will detail which
|
|
configuration to use.
|
|
- Even though that structure contains a direction field, this
|
|
field is deprecated in favor of the direction argument given to
|
|
the prep_* functions
|
|
- This call is mandatory for slave operations only. This should NOT be
|
|
set or expected to be set for memcpy operations.
|
|
If a driver support both, it should use this call for slave
|
|
operations only and not for memcpy ones.
|
|
|
|
* device_pause
|
|
- Pauses a transfer on the channel
|
|
- This command should operate synchronously on the channel,
|
|
pausing right away the work of the given channel
|
|
|
|
* device_resume
|
|
- Resumes a transfer on the channel
|
|
- This command should operate synchronously on the channel,
|
|
pausing right away the work of the given channel
|
|
|
|
* device_terminate_all
|
|
- Aborts all the pending and ongoing transfers on the channel
|
|
- For aborted transfers the complete callback should not be called
|
|
- Can be called from atomic context or from within a complete
|
|
callback of a descriptor. Must not sleep. Drivers must be able
|
|
to handle this correctly.
|
|
- Termination may be asynchronous. The driver does not have to
|
|
wait until the currently active transfer has completely stopped.
|
|
See device_synchronize.
|
|
|
|
* device_synchronize
|
|
- Must synchronize the termination of a channel to the current
|
|
context.
|
|
- Must make sure that memory for previously submitted
|
|
descriptors is no longer accessed by the DMA controller.
|
|
- Must make sure that all complete callbacks for previously
|
|
submitted descriptors have finished running and none are
|
|
scheduled to run.
|
|
- May sleep.
|
|
|
|
|
|
Misc notes (stuff that should be documented, but don't really know
|
|
where to put them)
|
|
------------------------------------------------------------------
|
|
* dma_run_dependencies
|
|
- Should be called at the end of an async TX transfer, and can be
|
|
ignored in the slave transfers case.
|
|
- Makes sure that dependent operations are run before marking it
|
|
as complete.
|
|
|
|
* dma_cookie_t
|
|
- it's a DMA transaction ID that will increment over time.
|
|
- Not really relevant any more since the introduction of virt-dma
|
|
that abstracts it away.
|
|
|
|
* DMA_CTRL_ACK
|
|
- If clear, the descriptor cannot be reused by provider until the
|
|
client acknowledges receipt, i.e. has has a chance to establish any
|
|
dependency chains
|
|
- This can be acked by invoking async_tx_ack()
|
|
- If set, does not mean descriptor can be reused
|
|
|
|
* DMA_CTRL_REUSE
|
|
- If set, the descriptor can be reused after being completed. It should
|
|
not be freed by provider if this flag is set.
|
|
- The descriptor should be prepared for reuse by invoking
|
|
dmaengine_desc_set_reuse() which will set DMA_CTRL_REUSE.
|
|
- dmaengine_desc_set_reuse() will succeed only when channel support
|
|
reusable descriptor as exhibited by capablities
|
|
- As a consequence, if a device driver wants to skip the dma_map_sg() and
|
|
dma_unmap_sg() in between 2 transfers, because the DMA'd data wasn't used,
|
|
it can resubmit the transfer right after its completion.
|
|
- Descriptor can be freed in few ways
|
|
- Clearing DMA_CTRL_REUSE by invoking dmaengine_desc_clear_reuse()
|
|
and submitting for last txn
|
|
- Explicitly invoking dmaengine_desc_free(), this can succeed only
|
|
when DMA_CTRL_REUSE is already set
|
|
- Terminating the channel
|
|
|
|
|
|
General Design Notes
|
|
--------------------
|
|
|
|
Most of the DMAEngine drivers you'll see are based on a similar design
|
|
that handles the end of transfer interrupts in the handler, but defer
|
|
most work to a tasklet, including the start of a new transfer whenever
|
|
the previous transfer ended.
|
|
|
|
This is a rather inefficient design though, because the inter-transfer
|
|
latency will be not only the interrupt latency, but also the
|
|
scheduling latency of the tasklet, which will leave the channel idle
|
|
in between, which will slow down the global transfer rate.
|
|
|
|
You should avoid this kind of practice, and instead of electing a new
|
|
transfer in your tasklet, move that part to the interrupt handler in
|
|
order to have a shorter idle window (that we can't really avoid
|
|
anyway).
|
|
|
|
Glossary
|
|
--------
|
|
|
|
Burst: A number of consecutive read or write operations
|
|
that can be queued to buffers before being flushed to
|
|
memory.
|
|
Chunk: A contiguous collection of bursts
|
|
Transfer: A collection of chunks (be it contiguous or not)
|