| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Feb 2016 16:03:05 -0700
From: Joshua Henderson <joshua.henderson@...rochip.com>
To: Guenter Roeck <linux@...ck-us.net>, <linux-kernel@...r.kernel.org>
CC: <linux-mips@...ux-mips.org>, <ralf@...ux-mips.org>,
Purna Chandra Mandal <purna.mandal@...rochip.com>,
Wim Van Sebroeck <wim@...ana.be>,
<linux-watchdog@...r.kernel.org>
Subject: Re: [PATCH 2/2] watchdog: pic32-wdt: Add PIC32 watchdog driver
Guenter,
On 02/01/2016 08:27 PM, Guenter Roeck wrote:
> On 02/01/2016 04:02 PM, Joshua Henderson wrote:
>> When enabled, the watchdog peripheral can be used to reset the device if the
>> WDT is not cleared periodically in software.
>
> Commit description is a bit long.
Ack.
>>
>> Signed-off-by: Joshua Henderson <joshua.henderson@...rochip.com>
>> Signed-off-by: Purna Chandra Mandal <purna.mandal@...rochip.com>
>> Cc: Ralf Baechle <ralf@...ux-mips.org>
>> Cc: <linux-mips@...ux-mips.org>
>> ---
>> Note: Please merge this patch series through the MIPS tree.
>> ---
>> drivers/watchdog/Kconfig | 14 ++
>> drivers/watchdog/Makefile | 1 +
>> drivers/watchdog/pic32-wdt.c | 301 ++++++++++++++++++++++++++++++++++++++++++
>> 3 files changed, 316 insertions(+)
>> create mode 100644 drivers/watchdog/pic32-wdt.c
>>
>> diff --git a/drivers/watchdog/Kconfig b/drivers/watchdog/Kconfig
>> index 4f0e7be..131abc2 100644
>> --- a/drivers/watchdog/Kconfig
>> +++ b/drivers/watchdog/Kconfig
>> @@ -1410,6 +1410,20 @@ config MT7621_WDT
>> help
>> Hardware driver for the Mediatek/Ralink MT7621/8 SoC Watchdog Timer.
>>
>> +config PIC32_WDT
>> + tristate "Microchip PIC32 hardware watchdog"
>> + select WATCHDOG_CORE
>> + depends on MACH_PIC32
>> + default y
>
> Sure you want "y" here ?
No. Will remove.
>
>> + help
>> + Watchdog driver for the built in watchdog hardware in a PIC32.
>> +
>> + Configuration bits must be set appropriately for the watchdog to be
>> + controlled by this driver.
>> +
>> + To compile this driver as a loadable module, choose M here.
>> + The module will be called pic32-wdt.
>> +
>> # PARISC Architecture
>>
>> # POWERPC Architecture
>> diff --git a/drivers/watchdog/Makefile b/drivers/watchdog/Makefile
>> index f566753..244ed80 100644
>> --- a/drivers/watchdog/Makefile
>> +++ b/drivers/watchdog/Makefile
>> @@ -153,6 +153,7 @@ obj-$(CONFIG_LANTIQ_WDT) += lantiq_wdt.o
>> obj-$(CONFIG_RALINK_WDT) += rt2880_wdt.o
>> obj-$(CONFIG_IMGPDC_WDT) += imgpdc_wdt.o
>> obj-$(CONFIG_MT7621_WDT) += mt7621_wdt.o
>> +obj-$(CONFIG_PIC32_WDT) += pic32-wdt.o
>>
>> # PARISC Architecture
>>
>> diff --git a/drivers/watchdog/pic32-wdt.c b/drivers/watchdog/pic32-wdt.c
>> new file mode 100644
>> index 0000000..d80e62d
>> --- /dev/null
>> +++ b/drivers/watchdog/pic32-wdt.c
>> @@ -0,0 +1,301 @@
>> +/*
>> + * PIC32 watchdog driver
>> + *
>> + * Joshua Henderson <joshua.henderson@...rochip.com>
>> + * Copyright (c) 2016, Microchip Technology Inc.
>> + *
>> + * This program is free software; you can redistribute it and/or
>> + * modify it under the terms of the GNU General Public License
>> + * as published by the Free Software Foundation; either version
>> + * 2 of the License, or (at your option) any later version.
>> + */
>> +
>> +#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
>> +
>> +#include <linux/kernel.h>
>> +#include <linux/module.h>
>> +#include <linux/clk.h>
>> +#include <linux/err.h>
>> +#include <linux/io.h>
>> +#include <linux/of.h>
>> +#include <linux/of_device.h>
>> +#include <linux/pm.h>
>> +#include <linux/watchdog.h>
>> +#include <linux/spinlock.h>
>> +#include <linux/device.h>
>> +#include <linux/platform_device.h>
>
> Alphabetic order, please.
Ack.
>
>> +
>> +#include <asm/mach-pic32/pic32.h>
>> +
>> +/* Watchdog Timer Registers */
>> +#define WDTCON_REG 0x00
>> +
>> +/* Watchdog Timer Control Register fields */
>> +#define WDTCON_WIN_EN 0x0001
>> +#define WDTCON_RMCS_MASK 0x0003
>> +#define WDTCON_RMCS_SHIFT 0x0006
>> +#define WDTCON_RMPS_MASK 0x001F
>> +#define WDTCON_RMPS_SHIFT 0x0008
>> +#define WDTCON_ON 0x8000
>> +#define WDTCON_CLR_KEY 0x5743
>> +
>> +/* Reset Control Register fields for watchdog */
>> +#define RESETCON_TIMEOUT_IDLE 0x0004
>> +#define RESETCON_TIMEOUT_SLEEP 0x0008
>> +#define RESETCON_WDT_TIMEOUT 0x0010
>> +
>
> Can you use BIT() to make it easier to understand which values are bit masks ?
Ack.
>> +struct pic32_wdt {
>> + spinlock_t lock;
>> + void __iomem *regs;
>> + void __iomem *rst_base;
>> + struct clk *clk;
>> + unsigned long next_heartbeat;
>> + unsigned long timeout;
>> +};
>> +
>> +static inline int wdt_is_enabled(struct pic32_wdt *wdt)
>> +{
>> + return readl(wdt->regs + WDTCON_REG) & WDTCON_ON;
>> +}
>
> Return bool.
Ack.
>
>> +
>> +static inline int wdt_is_win_enabled(struct pic32_wdt *wdt)
>> +{
>
> Return bool.
Ack.
>
>> + u32 v;
>> +
>> + v = readl(wdt->regs + WDTCON_REG);
>> + v &= WDTCON_WIN_EN;
>> +
>> + return v;
>
> return readl(wdt->regs + WDTCON_REG) & WDTCON_WIN_EN;
>
> would be good enough and be more consistent with the other
> function above.
Ack.
>
>> +}
>> +
>> +static inline void wdt_enable(struct pic32_wdt *wdt)
>> +{
>> + writel(WDTCON_ON, PIC32_SET(wdt->regs + WDTCON_REG));
>> +}
>> +
>
> Can you use consistent function name prefixes ?
Ack. A couple of these single use functions will just be removed and put inline.
>
>> +static inline void wdt_disable(struct pic32_wdt *wdt)
>> +{
>> + writel(WDTCON_ON, PIC32_CLR(wdt->regs + WDTCON_REG));
>> + cpu_relax();
>
> Is this needed ?
No watchdog registers may be read or written in the CPU cycle immediately following the instruction that clears the module’s ON bit. I will see if I can come up with something better and at least comment why this is here.
>
>> +}
>> +
>> +static inline u32 wdt_get_post_scaler(struct pic32_wdt *wdt)
>> +{
>> + u32 v = readl(wdt->regs + WDTCON_REG);
>> +
>> + return (v >> WDTCON_RMPS_SHIFT) & WDTCON_RMPS_MASK;
>> +}
>> +
>> +static inline u32 wdt_get_clk_id(struct pic32_wdt *wdt)
>> +{
>> + u32 v = readl(wdt->regs + WDTCON_REG);
>> +
>> + return (v >> WDTCON_RMCS_SHIFT) & WDTCON_RMCS_MASK;
>> +}
>> +
>> +static inline void wdt_keepalive(struct pic32_wdt *wdt)
>> +{
>> + /* write key through single half-word */
>> + writew(WDTCON_CLR_KEY, wdt->regs + WDTCON_REG + 2);
>> +}
>> +
>> +static int pic32_wdt_bootstatus(struct pic32_wdt *wdt)
>> +{
>> + u32 v = readl(wdt->rst_base);
>> +
>> + writel(RESETCON_WDT_TIMEOUT, PIC32_CLR(wdt->rst_base));
>> +
>> + return v & RESETCON_WDT_TIMEOUT;
>> +}
>> +
>> +static int pic32_wdt_get_timeout_secs(struct pic32_wdt *wdt)
>> +{
>> + unsigned long rate;
>> + u32 period, ps, terminal;
>> +
>> + rate = clk_get_rate(wdt->clk);
>> + pr_debug("wdt: clk_id %d, clk_rate %lu (prescale)\n",
>> + wdt_get_clk_id(wdt), rate);
>> +
>> + /* default, prescaler of 32 (i.e. div-by-32) is implicit. */
>> + rate >>= 5;
>> +
>> + /* calculate terminal count from postscaler. */
>> + ps = wdt_get_post_scaler(wdt);
>> + terminal = 1 << ps;
>
> BIT(ps) would be a bit nicer.
Ack.
>
>> +
>> + /* find time taken (in secs) to reach terminal count */
>> + period = terminal / rate;
>
> Can rate be 0 ?
I think it's not safe to assume it can't be 0. Will handle this scenario.
>
>> + pr_info("wdt: clk_rate %lu (postscale) / terminal %d, timeout %dsec\n",
>> + rate, terminal, period);
>
> Is this needed ? Seems like a debug message to me.
> Users won't be able to make sense of it.
Will convert to pr_debug().
>
>> +
>> + return period;
>> +}
>> +
>> +static void pic32_wdt_keepalive(struct pic32_wdt *wdt)
>> +{
>> + wdt->next_heartbeat = jiffies +
>> + msecs_to_jiffies(wdt->timeout * MSEC_PER_SEC);
>> + wdt_keepalive(wdt);
>> +}
>> +
>> +static int pic32_wdt_start(struct watchdog_device *wdd)
>> +{
>> + struct pic32_wdt *wdt = watchdog_get_drvdata(wdd);
>> +
>> + spin_lock(&wdt->lock);
>
> Is this lock (on top of the lock provided by the watchdog subsystem)
> needed ? If so, please explain.
>
>> + if (wdt_is_enabled(wdt))
>> + goto done;
>
> Can this happpen, and if so, does it matter ?
Yes, it can happen. There is a program-time-only configuration that relieves control of watchdog enable/disable from software. However, this is optional and configurable at program time. Does it matter? I don't think it does. I'll make sure removing this is OK.
>
>> +
>> + wdt_enable(wdt);
>> +done:
>> + pic32_wdt_keepalive(wdt);
>> + spin_unlock(&wdt->lock);
>> +
>> + return 0;
>> +}
>> +
>> +static int pic32_wdt_stop(struct watchdog_device *wdd)
>> +{
>> + struct pic32_wdt *wdt = watchdog_get_drvdata(wdd);
>> +
>> + spin_lock(&wdt->lock);
>> + wdt_disable(wdt);
>> + spin_unlock(&wdt->lock);
>> +
>> + return 0;
>> +}
>> +
>> +static int pic32_wdt_ping(struct watchdog_device *wdd)
>> +{
>> + struct pic32_wdt *wdt = watchdog_get_drvdata(wdd);
>> +
>> + spin_lock(&wdt->lock);
>> + pic32_wdt_keepalive(wdt);
>> + spin_unlock(&wdt->lock);
>> +
>> + return 0;
>> +}
>> +
>> +static unsigned int pic32_wdt_get_timeleft(struct watchdog_device *wdd)
>> +{
>> + struct pic32_wdt *wdt = watchdog_get_drvdata(wdd);
>> +
>> + return jiffies_to_msecs(wdt->next_heartbeat - jiffies) / MSEC_PER_SEC;
>> +}
>
> Please no software "get_timeleft" implementation. If this is desired,
> we can implement it in the watchdog core.
Will remove.
>
>> +
>> +static const struct watchdog_ops pic32_wdt_fops = {
>> + .owner = THIS_MODULE,
>> + .start = pic32_wdt_start,
>> + .stop = pic32_wdt_stop,
>> + .get_timeleft = pic32_wdt_get_timeleft,
>> + .ping = pic32_wdt_ping,
>> +};
>> +
>> +static const struct watchdog_info pic32_wdt_ident = {
>> + .options = WDIOF_KEEPALIVEPING |
>> + WDIOF_MAGICCLOSE | WDIOF_CARDRESET,
>
> Is the timeout truly not configurable ?
>
It is not configurable in software. This is only configurable at program time, not at runtime.
>> + .identity = "PIC32 Watchdog",
>> +};
>> +
>> +static struct watchdog_device pic32_wdd = {
>> + .info = &pic32_wdt_ident,
>> + .ops = &pic32_wdt_fops,
>> + .min_timeout = 1,
>> + .max_timeout = 1048,
>
> Real or arbitrary ?
Arbitrary. Technically, hardware can support 1ms to ~1048 seconds. But, this is highly dependent on other configuration and would involve a calculation to be accurate because the actual watchdog timeout is based on clock postscalers. However, I don't see that these are really needed and will remove them.
>
>> +};
>> +
>> +static const struct of_device_id pic32_wdt_dt_ids[] = {
>> + { .compatible = "microchip,pic32mzda-wdt-v2", },
>
> Is this compatible statement documented ?
This is indeed a typo. The string should be "microchip,pic32mzda-wdt" and it is documented. I goofed and did not copy you on dt bindings in [PATCH 1/2]. See https://lkml.org/lkml/2016/2/1/867 for reference.
>
>> + { /* sentinel */ }
>> +};
>> +MODULE_DEVICE_TABLE(of, pic32_wdt_dt_ids);
>> +
>> +static int pic32_wdt_drv_probe(struct platform_device *pdev)
>> +{
>> + int ret;
>> + struct watchdog_device *wdd = &pic32_wdd;
>> + struct pic32_wdt *wdt;
>> + struct resource *mem;
>> +
>> + wdt = devm_kzalloc(&pdev->dev, sizeof(*wdt), GFP_KERNEL);
>> + if (IS_ERR(wdt))
>> + return PTR_ERR(wdt);
>> +
>> + mem = platform_get_resource(pdev, IORESOURCE_MEM, 0);
>> + wdt->regs = devm_ioremap_resource(&pdev->dev, mem);
>> + if (IS_ERR(wdt->regs))
>> + return PTR_ERR(wdt->regs);
>> +
>> + wdt->rst_base = devm_ioremap(&pdev->dev, PIC32_BASE_RESET, 0x10);
>> + if (IS_ERR(wdt->rst_base))
>> + return PTR_ERR(wdt->rst_base);
>> +
>> + wdt->clk = devm_clk_get(&pdev->dev, NULL);
>> + if (IS_ERR(wdt->clk)) {
>> + dev_err(&pdev->dev, "clk not found\n");
>> + return PTR_ERR(wdt->clk);
>> + }
>> +
>> + ret = clk_prepare_enable(wdt->clk);
>> + if (ret) {
>> + dev_err(&pdev->dev, "clk enable failed\n");
>> + return ret;
>> + }
>> +
>> + if (wdt_is_win_enabled(wdt)) {
>> + dev_err(&pdev->dev, "windowed-clear mode is not supported.\n");
>> + ret = -EOPNOTSUPP;
>> + goto out_disable_clk;
>
> It might make more sense to check this first, before enabling the clock.
>
> Also, can this not be disabled in software ?
It cannot be changed in software at runtime. This is configurable only at program time.
>
>> + }
>> +
>> + wdt->timeout = pic32_wdt_get_timeout_secs(wdt);
>
> Can timeout end up being 0 (less than 1 second) ?
This scenario will be handled.
>
>> + spin_lock_init(&wdt->lock);
>> +
>> + wdd->timeout = wdt->timeout;
>
> wdt->timeout is only used to calculate next_timeout which is only used
> to calculate the time left in software, which you should not do. Please drop.
Ack.
>
>> + wdd->bootstatus = pic32_wdt_bootstatus(wdt) ? WDIOF_CARDRESET : 0;
>> +
>> + ret = watchdog_register_device(wdd);
>> + if (ret) {
>> + dev_err(&pdev->dev, "watchdog register failed, err %d\n", ret);
>> + goto out_disable_clk;
>> + }
>> +
>> + watchdog_set_nowayout(wdd, WATCHDOG_NOWAYOUT);
>> + watchdog_set_drvdata(wdd, wdt);
>
> Race condition.
I'm assuming you are just talking about these two calls needing to go before watchdog_register_device(). Will reorder.
>
>> +
>> + platform_set_drvdata(pdev, wdd);
>> + return 0;
>> +
>> +out_disable_clk:
>> + clk_disable_unprepare(wdt->clk);
>> +
>> + return ret;
>> +}
>> +
>> +static int pic32_wdt_drv_remove(struct platform_device *pdev)
>> +{
>> + struct watchdog_device *wdd = platform_get_drvdata(pdev);
>> + struct pic32_wdt *wdt = watchdog_get_drvdata(wdd);
>> +
>> + clk_disable_unprepare(wdt->clk);
>> + watchdog_unregister_device(wdd);
>
> Please call unregister first.
Ack.
>
>> +
>> + return 0;
>> +}
>> +
>> +static struct platform_driver pic32_wdt_driver = {
>> + .probe = pic32_wdt_drv_probe,
>> + .remove = pic32_wdt_drv_remove,
>> + .driver = {
>> + .name = "pi32-wdt",
>
> pi32 or pic32 ?
>
Typo. Should be pic32-wdt.
>> + .owner = THIS_MODULE,
>> + .of_match_table = of_match_ptr(pic32_wdt_dt_ids),
>> + }
>> +};
>> +
>> +module_platform_driver(pic32_wdt_driver);
>> +
>> +MODULE_AUTHOR("Joshua Henderson <joshua.henderson@...rochip.com>");
>> +MODULE_DESCRIPTION("Microchip PIC32 Watchdog Timer");
>> +MODULE_LICENSE("GPL");
>> --
>> 1.7.9.5
>>
>>
>
Thanks,
Josh
Powered by blists - more mailing lists