[PATCH 3.2 019/104] ath6kl: fix struct hif_scatter_req list handling

2018-03-11 Thread Ben Hutchings 
3.2.101-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Kalle Valo 

commit 31b9cc9a873dcab161999622314f98a75d838975 upstream.

Jason noticed that with Yocto GCC 4.8.1 ath6kl crashes with this iperf command:

iperf -c $TARGET_IP -i 5 -t 50 -w 1M

The crash was:

Unable to handle kernel paging request at virtual address 1a48
pgd = 80004000
[1a48] *pgd=
Internal error: Oops: 805 [#1] SMP ARM
Modules linked in: ath6kl_sdio ath6kl_core [last unloaded: ath6kl_core]
CPU: 0 PID: 1953 Comm: kworker/u4:0 Not tainted 3.10.9-1.0.0_alpha+dbf364b #1
Workqueue: ath6kl ath6kl_sdio_write_async_work [ath6kl_sdio]
task: dcc9a680 ti: dc9ae000 task.ti: dc9ae000
PC is at v7_dma_clean_range+0x20/0x38
LR is at dma_cache_maint_page+0x50/0x54
pc : [<8001a6f8>]lr : [<800170fc>]psr: 2093
sp : dc9afcf8  ip : 8001a748  fp : 0004
r10:   r9 : 0001  r8 : 
r7 : 0001  r6 :   r5 : 80cb7000  r4 : 03f9a480
r3 : 001f  r2 : 0020  r1 : 1a48  r0 : 1a48
Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
Control: 10c53c7d  Table: 6cc5004a  DAC: 0015
Process kworker/u4:0 (pid: 1953, stack limit = 0xdc9ae238)
Stack: (0xdc9afcf8 to 0xdc9b)
fce0:   80c9b29c 
fd00:  80017134 8001a748 dc302ac0   dc454a00 80c12ed8
fd20: dc115410 80017238  dc454a10 0001 80017588 0001 
fd40:  dc302ac0 dc9afe38 dc9afe68 0004 80c12ed8  dc454a00
fd60: 0004 80436f88   0600  000c 80c113c4
fd80: 80c9b29c 0001 0004 dc115470 6013 dc302ac0 dc46e000 dc302800
fda0: dc9afe10 dc302b78 6013 dc302ac0 dc46e000 0035 dc46e5b0 80438c90
fdc0: dc9afe10 dc302800 dc302800 dc9afe68 dc9afe38 80424cb4 0005 dc9afe10
fde0: dc9afe20 80424de8 dc9afe10 dc302800 dc46e910 80424e90 dc473c00 dc454f00
fe00: 01b5 7f619d64 dcc7c830   dc9afe38 dc9afe68 
fe20:   dc9afe28 dc9afe28 80424d80  0035 9cac0034
fe40:     01b5   
fe60: dc9afe68 dc9afe10 3b9aca00  0080 0034  0100
fe80:   dc9afe10 0004 dc454a00  dc46e010 dc46e96c
fea0: dc46e000 dc46e964 00200200 00100100 dc46e910 7f619ec0 0600 80c0e770
fec0: dc15a900 dcc7c838  dc46e954 8042d434 dcc44680 dc46e954 dc004400
fee0: dc454500   dc9ae038 dc004400 8003c450 dcc44680 dc004414
ff00: dc46e954 dc454500 0001 dcc44680 dc004414 dcc44698 dc9ae000 dc9ae030
ff20: 0001 dc9ae000 dc004400 8003d158 8003d020   80c53941
ff40: dc9aff64 dcb71ea0  dcc44680 8003d020   
ff60:  80042480   00f8 dcc44680  
ff80: dc9aff80 dc9aff80   dc9aff90 dc9aff90 dc9affac dcb71ea0
ffa0: 800423cc   8000e018    
ffc0:        
ffe0:     0013   
[<8001a6f8>] (v7_dma_clean_range+0x20/0x38) from [<800170fc>] 
(dma_cache_maint_page+0x50/0x54)
[<800170fc>] (dma_cache_maint_page+0x50/0x54) from [<80017134>] 
(__dma_page_cpu_to_dev+0x34/0x9c)
[<80017134>] (__dma_page_cpu_to_dev+0x34/0x9c) from [<80017238>] 
(arm_dma_map_page+0x64/0x68)
[<80017238>] (arm_dma_map_page+0x64/0x68) from [<80017588>] 
(arm_dma_map_sg+0x7c/0xf4)
[<80017588>] (arm_dma_map_sg+0x7c/0xf4) from [<80436f88>] 
(sdhci_send_command+0x894/0xe00)
[<80436f88>] (sdhci_send_command+0x894/0xe00) from [<80438c90>] 
(sdhci_request+0xc0/0x1ec)
[<80438c90>] (sdhci_request+0xc0/0x1ec) from [<80424cb4>] 
(mmc_start_request+0xb8/0xd4)
[<80424cb4>] (mmc_start_request+0xb8/0xd4) from [<80424de8>] 
(__mmc_start_req+0x60/0x84)
[<80424de8>] (__mmc_start_req+0x60/0x84) from [<80424e90>] 
(mmc_wait_for_req+0x10/0x20)
[<80424e90>] (mmc_wait_for_req+0x10/0x20) from [<7f619d64>] 
(ath6kl_sdio_scat_rw.isra.10+0x1dc/0x240 [ath6kl_sdio])
[<7f619d64>] (ath6kl_sdio_scat_rw.isra.10+0x1dc/0x240 [ath6kl_sdio]) from 
[<7f619ec0>] (ath6kl_sdio_write_async_work+0x5c/0x104 [ath6kl_sdio])
[<7f619ec0>] (ath6kl_sdio_write_async_work+0x5c/0x104 [ath6kl_sdio]) from 
[<8003c450>] (process_one_work+0x10c/0x370)
[<8003c450>] (process_one_work+0x10c/0x370) from [<8003d158>] 
(worker_thread+0x138/0x3fc)
[<8003d158>] (worker_thread+0x138/0x3fc) from [<80042480>] (kthread+0xb4/0xb8)
[<80042480>] (kthread+0xb4/0xb8) from [<8000e018>] (ret_from_fork+0x14/0x3c)
Code: e1a02312 e2423001 e1c3 f57ff04f (ee070f3a)
---[ end trace 0c038f0b8e0b67a3 ]---
Kernel panic - not syncing: Fatal exception

Jason's analysis:

  "The GCC 4.8.1 compiler will not do the for-loop till scat_entries, instead,
   it only run one round loop. This may be caused by that the GCC

[PATCH 3.2 019/104] ath6kl: fix struct hif_scatter_req list handling

2018-03-11 Thread Ben Hutchings 
3.2.101-rc1 review patch.  If anyone has any objections, please let me know.

--

From: Kalle Valo 

commit 31b9cc9a873dcab161999622314f98a75d838975 upstream.

Jason noticed that with Yocto GCC 4.8.1 ath6kl crashes with this iperf command:

iperf -c $TARGET_IP -i 5 -t 50 -w 1M

The crash was:

Unable to handle kernel paging request at virtual address 1a48
pgd = 80004000
[1a48] *pgd=
Internal error: Oops: 805 [#1] SMP ARM
Modules linked in: ath6kl_sdio ath6kl_core [last unloaded: ath6kl_core]
CPU: 0 PID: 1953 Comm: kworker/u4:0 Not tainted 3.10.9-1.0.0_alpha+dbf364b #1
Workqueue: ath6kl ath6kl_sdio_write_async_work [ath6kl_sdio]
task: dcc9a680 ti: dc9ae000 task.ti: dc9ae000
PC is at v7_dma_clean_range+0x20/0x38
LR is at dma_cache_maint_page+0x50/0x54
pc : [<8001a6f8>]lr : [<800170fc>]psr: 2093
sp : dc9afcf8  ip : 8001a748  fp : 0004
r10:   r9 : 0001  r8 : 
r7 : 0001  r6 :   r5 : 80cb7000  r4 : 03f9a480
r3 : 001f  r2 : 0020  r1 : 1a48  r0 : 1a48
Flags: nzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
Control: 10c53c7d  Table: 6cc5004a  DAC: 0015
Process kworker/u4:0 (pid: 1953, stack limit = 0xdc9ae238)
Stack: (0xdc9afcf8 to 0xdc9b)
fce0:   80c9b29c 
fd00:  80017134 8001a748 dc302ac0   dc454a00 80c12ed8
fd20: dc115410 80017238  dc454a10 0001 80017588 0001 
fd40:  dc302ac0 dc9afe38 dc9afe68 0004 80c12ed8  dc454a00
fd60: 0004 80436f88   0600  000c 80c113c4
fd80: 80c9b29c 0001 0004 dc115470 6013 dc302ac0 dc46e000 dc302800
fda0: dc9afe10 dc302b78 6013 dc302ac0 dc46e000 0035 dc46e5b0 80438c90
fdc0: dc9afe10 dc302800 dc302800 dc9afe68 dc9afe38 80424cb4 0005 dc9afe10
fde0: dc9afe20 80424de8 dc9afe10 dc302800 dc46e910 80424e90 dc473c00 dc454f00
fe00: 01b5 7f619d64 dcc7c830   dc9afe38 dc9afe68 
fe20:   dc9afe28 dc9afe28 80424d80  0035 9cac0034
fe40:     01b5   
fe60: dc9afe68 dc9afe10 3b9aca00  0080 0034  0100
fe80:   dc9afe10 0004 dc454a00  dc46e010 dc46e96c
fea0: dc46e000 dc46e964 00200200 00100100 dc46e910 7f619ec0 0600 80c0e770
fec0: dc15a900 dcc7c838  dc46e954 8042d434 dcc44680 dc46e954 dc004400
fee0: dc454500   dc9ae038 dc004400 8003c450 dcc44680 dc004414
ff00: dc46e954 dc454500 0001 dcc44680 dc004414 dcc44698 dc9ae000 dc9ae030
ff20: 0001 dc9ae000 dc004400 8003d158 8003d020   80c53941
ff40: dc9aff64 dcb71ea0  dcc44680 8003d020   
ff60:  80042480   00f8 dcc44680  
ff80: dc9aff80 dc9aff80   dc9aff90 dc9aff90 dc9affac dcb71ea0
ffa0: 800423cc   8000e018    
ffc0:        
ffe0:     0013   
[<8001a6f8>] (v7_dma_clean_range+0x20/0x38) from [<800170fc>] 
(dma_cache_maint_page+0x50/0x54)
[<800170fc>] (dma_cache_maint_page+0x50/0x54) from [<80017134>] 
(__dma_page_cpu_to_dev+0x34/0x9c)
[<80017134>] (__dma_page_cpu_to_dev+0x34/0x9c) from [<80017238>] 
(arm_dma_map_page+0x64/0x68)
[<80017238>] (arm_dma_map_page+0x64/0x68) from [<80017588>] 
(arm_dma_map_sg+0x7c/0xf4)
[<80017588>] (arm_dma_map_sg+0x7c/0xf4) from [<80436f88>] 
(sdhci_send_command+0x894/0xe00)
[<80436f88>] (sdhci_send_command+0x894/0xe00) from [<80438c90>] 
(sdhci_request+0xc0/0x1ec)
[<80438c90>] (sdhci_request+0xc0/0x1ec) from [<80424cb4>] 
(mmc_start_request+0xb8/0xd4)
[<80424cb4>] (mmc_start_request+0xb8/0xd4) from [<80424de8>] 
(__mmc_start_req+0x60/0x84)
[<80424de8>] (__mmc_start_req+0x60/0x84) from [<80424e90>] 
(mmc_wait_for_req+0x10/0x20)
[<80424e90>] (mmc_wait_for_req+0x10/0x20) from [<7f619d64>] 
(ath6kl_sdio_scat_rw.isra.10+0x1dc/0x240 [ath6kl_sdio])
[<7f619d64>] (ath6kl_sdio_scat_rw.isra.10+0x1dc/0x240 [ath6kl_sdio]) from 
[<7f619ec0>] (ath6kl_sdio_write_async_work+0x5c/0x104 [ath6kl_sdio])
[<7f619ec0>] (ath6kl_sdio_write_async_work+0x5c/0x104 [ath6kl_sdio]) from 
[<8003c450>] (process_one_work+0x10c/0x370)
[<8003c450>] (process_one_work+0x10c/0x370) from [<8003d158>] 
(worker_thread+0x138/0x3fc)
[<8003d158>] (worker_thread+0x138/0x3fc) from [<80042480>] (kthread+0xb4/0xb8)
[<80042480>] (kthread+0xb4/0xb8) from [<8000e018>] (ret_from_fork+0x14/0x3c)
Code: e1a02312 e2423001 e1c3 f57ff04f (ee070f3a)
---[ end trace 0c038f0b8e0b67a3 ]---
Kernel panic - not syncing: Fatal exception

Jason's analysis:

  "The GCC 4.8.1 compiler will not do the for-loop till scat_entries, instead,
   it only run one round loop. This may be caused by that the GCC 4.8.1 thought
   that the