kernel/linux.git/drivers/firmware/cirrus, branch v6.19.11

firmware: cs_dsp: Fix fragmentation regression in firmware download

2026-03-19T15:14:51+00:00

[ Upstream commit facfdef64d11c08e6f1e69d02a0b87cb74cee0f5 ] Use vmalloc() instead of kmalloc(..., GFP_DMA) to alloc the temporary buffer for firmware download blobs. This avoids the problem that a heavily fragmented system cannot allocate enough physically-contiguous memory for a large blob. The redundant alloc buffer mechanism was removed in commit 900baa6e7bb0 ("firmware: cs_dsp: Remove redundant download buffer allocator"). While doing that I was overly focused on the possibility of the underlying bus requiring DMA-safe memory. So I used GFP_DMA kmalloc()s. I failed to notice that the code I was removing used vmalloc(). This creates a regression. Way back in 2014 the problem of fragmentation with kmalloc()s was fixed by commit cdcd7f728753 ("ASoC: wm_adsp: Use vmalloc to allocate firmware download buffer"). Although we don't need physically-contiguous memory, we don't know if the bus needs some particular alignment of the buffers. Since the change in 2014, the firmware download has always used whatever alignment vmalloc() returns. To avoid introducing a new problem, the temporary buffer is still used, to keep the same alignment of pointers passed to regmap_raw_write(). Signed-off-by: Richard Fitzgerald Fixes: 900baa6e7bb0 ("firmware: cs_dsp: Remove redundant download buffer allocator") Link: https://patch.msgid.link/20260304141250.1578597-1-rf@opensource.cirrus.com Signed-off-by: Mark Brown Signed-off-by: Sasha Levin

firmware: cs_dsp: Don't use __free() in cs_dsp_load() and cs_dsp_load_coeff()

2026-02-26T23:00:55+00:00

[ Upstream commit ae9ccaed3f6701ee0fe40ad919516e0aa0844f21 ] Replace the __free(kfree) in cs_dsp_load() and cs_dsp_load_coeff() with a kfree(buf) at the end of the function. The use of __free() can create new cleanup bugs that are difficult to spot because the defective code is idiomatically correct regular C. In these two functions the __free() was mixed with gotos, and also used the suspect declaration __free(kfree) = NULL;. The __free() did not do anything to simplify the code. There aren't any early returns after the pointer is set, and the __free() can be replaced by a kfree() at the end of the function. Signed-off-by: Richard Fitzgerald Fixes: 900baa6e7bb0 ("firmware: cs_dsp: Remove redundant download buffer allocator") Link: https://patch.msgid.link/20251201160729.231867-1-rf@opensource.cirrus.com Signed-off-by: Mark Brown Signed-off-by: Sasha Levin

firmware: cs_dsp: Remove __free() from cs_dsp_debugfs_string_read()

2026-02-26T23:00:55+00:00

[ Upstream commit 7a9fa7fda93b7b3ae515f40f67bbf8e1d16337e8 ] Don't use __free(kfree) in cs_dsp_debugfs_string_read. Instead use normal kfree() to cleanup. The use of __free() can create new cleanup bugs that are difficult to spot because the defective code is idiomatically correct regular C. This function used the suspect declaration __free(kfree) = NULL;. The __free(kfree) didn't really do anything here. The function can be rearranged to avoid any need to return or goto within the code. Signed-off-by: Richard Fitzgerald Fixes: 3045e29d248b ("firmware: cs_dsp: Append \n to debugfs string during read") Link: https://patch.msgid.link/20251202113425.413700-1-rf@opensource.cirrus.com Signed-off-by: Mark Brown Signed-off-by: Sasha Levin

firmware: cs_dsp: rate-limit log messages in KUnit builds

2026-02-02T12:09:28+00:00

Use the dev_*_ratelimit() macros if the cs_dsp KUnit tests are enabled in the build, and allow the KUnit tests to disable message output. Some of the KUnit tests cause a very large number of log messages from cs_dsp, because the tests perform many different test cases. This could cause some lines to be dropped from the kernel log. Dropped lines can prevent the KUnit wrappers from parsing the ktap output in the dmesg log. The KUnit builds of cs_dsp export three bools that the KUnit tests can use to entirely disable log output of err, warn and info messages. Some tests have been updated to use this, replacing the previous fudge of a usleep() in the exit handler of each test. We don't necessarily want to disable all log messages if they aren't expected to be excessive, so the rate-limiting allows leaving some logging enabled. The rate-limited macros are not used in normal builds because it is not appropriate to rate-limit every message. That could cause important messages to be dropped, and there wouldn't be such a high rate of messages in normal operation. Signed-off-by: Richard Fitzgerald Reported-by: Mark Brown Closes: https://lore.kernel.org/linux-sound/af393f08-facb-4c44-a054-1f61254803ec@opensource.cirrus.com/T/#t Fixes: cd8c058499b6 ("firmware: cs_dsp: Add KUnit testing of bin error cases") Link: https://patch.msgid.link/20260130171256.863152-1-rf@opensource.cirrus.com Signed-off-by: Mark Brown

firmware: cs_dsp: Add test cases for client_ops == NULL

2025-11-28T11:47:56+00:00

Add test cases for the client not providing a pointer to a struct cs_dsp_client_ops. This proves that it is safe for the client to leave the client_ops pointer at NULL if it does not need to implement any of the callbacks. Signed-off-by: Richard Fitzgerald Link: https://patch.msgid.link/20251128102132.1575177-3-rf@opensource.cirrus.com Signed-off-by: Mark Brown

firmware: cs_dsp: Don't require client to provide a struct cs_dsp_client_ops

2025-11-28T11:47:55+00:00

A client of cs_dsp does not necessarily need to implement any of the optional callbacks in struct cs_dsp_client_ops, so allow the client_ops pointer to be NULL. This has been done by pointing client_ops at a default empty cs_dsp_client_ops. It keeps the code cleaner by avoiding having to add double nested NULL checks everywhere one of these callbacks is called. Signed-off-by: Richard Fitzgerald Link: https://patch.msgid.link/20251128102132.1575177-2-rf@opensource.cirrus.com Signed-off-by: Mark Brown

firmware: cs_dsp: Use kvzalloc() to allocate control caches

2025-11-27T11:41:23+00:00

Use kvzalloc() instead of kzalloc() to allocate memory to cache the content of a firmware control. Most firmware controls are only small, typically a few bytes. But on some firmware there can be much larger controls for coefficient or model data. The overhead of kvzalloc() is negligible because most control allocs can be satisfied by the normal kmalloc() that kvzalloc() will try first. Signed-off-by: Richard Fitzgerald Link: https://patch.msgid.link/20251127103947.1094934-1-rf@opensource.cirrus.com Signed-off-by: Mark Brown

firmware: cs_dsp: Take pwr_lock around reading controls debugfs

2025-11-27T11:41:22+00:00

In cs_dsp_debugfs_read_controls_show() take the pwr_lock mutex around the list walk. This protects against debugfs returning a partial set of new controls if those controls are being added to the list while it is being walked. Controls are never deleted from this list, and are only added to the end of the list. So there was never a danger of following a stale pointer to garbage. The worst case was that the printed list is truncated if it saw an entry that was the list end just before a new entry was appended to the list. With the original code, the truncated list from the debugfs could show only _some_ of the new entries. This could be confusing because it appears that some new entries are missing. Adding the mutex means that the debugfs read provides an atomic view. Either it shows the old content before any of the new controls were added; or it shows the new content after all the new controls are added. Signed-off-by: Richard Fitzgerald Link: https://patch.msgid.link/20251127113238.1251352-1-rf@opensource.cirrus.com Signed-off-by: Mark Brown

firmware: cs_dsp: Remove redundant download buffer allocator

2025-11-26T17:41:26+00:00

Now that cs_dsp uses regmap_raw_write() instead of regmap_raw_write_async() it doesn't need to keep multiple DMA-safe buffers of every chunk of data it wrote. See commit fe08b7d5085a ("firmware: cs_dsp: Remove async regmap writes") Only one write can be in progress at a time, so one DMA-safe buffer can be re-used. The single DMA-safe buffer is reallocated if the next write chunk is larger. Reallocation size is rounded up to reduce the amount of churn. PAGE_SIZE is used as a convenient size multiple. Typically for .wmfw files the first chunk is the largest. A DMA-safe intermediate buffer is used because we can't assume that the bus underlying regmap can accept non-DMA-safe buffers. Note that a chunk from the firmware file cannot simply be split into arbitrarily-sized chunks to avoid buffer reallocation. The data in the firmware file is preformatted to be written directly to the device as one block. It already takes account of alignment, write-bursts and write length requirements of the target hardware, so that the cs_dsp driver can treat it as an opaque blob. Signed-off-by: Richard Fitzgerald Link: https://patch.msgid.link/20251126131501.884188-1-rf@opensource.cirrus.com Signed-off-by: Mark Brown

firmware: cs_dsp: Store control length as 32-bit

2025-11-24T19:15:19+00:00

The architectures supported by this driver have a maximum of 32-bits of address, so we don't need more than 32-bits to store the length of control data. Change the length in struct cs_dsp_coeff_ctl to an unsigned int instead of a size_t. Also make a corresponding trivial change to wm_adsp.c to prevent a compiler warning. Tested on x86_64 builds this saves at least 4 bytes per control (another 4 bytes might be saved if the compiler was inserting padding to align the size_t). Signed-off-by: Richard Fitzgerald Link: https://patch.msgid.link/20251124171536.78962-1-rf@opensource.cirrus.com Signed-off-by: Mark Brown