Patchwork ACPI/IORT: Fix rc_dma_get_range()

login
register
mail settings
Submitter Jean-Philippe Brucker
Date Jan. 10, 2019, 1:35 p.m.
Message ID <20190110133551.35529-1-jean-philippe.brucker@arm.com>
Download mbox | patch
Permalink /patch/696609/
State New
Headers show

Comments

Jean-Philippe Brucker - Jan. 10, 2019, 1:35 p.m.
When executed for a PCI_ROOT_COMPLEX type, iort_match_node_callback()
expects the opaque pointer argument to be a PCI bus device. At the
moment rc_dma_get_range() passes the PCI endpoint instead of the bus,
and we've been lucky to have pci_domain_nr(ptr) return 0 instead of
crashing. Pass the bus device to iort_scan_node().

Reported-by: Eric Auger <eric.auger@redhat.com>
Fixes: 5ac65e8c8941 ("ACPI/IORT: Support address size limit for root complexes")
Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
---
 drivers/acpi/arm64/iort.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
Auger Eric - Jan. 10, 2019, 1:51 p.m.
Hi jean,

On 1/10/19 2:35 PM, Jean-Philippe Brucker wrote:
> When executed for a PCI_ROOT_COMPLEX type, iort_match_node_callback()
> expects the opaque pointer argument to be a PCI bus device. At the
> moment rc_dma_get_range() passes the PCI endpoint instead of the bus,
> and we've been lucky to have pci_domain_nr(ptr) return 0 instead of
> crashing. Pass the bus device to iort_scan_node().
> 
> Reported-by: Eric Auger <eric.auger@redhat.com>
> Fixes: 5ac65e8c8941 ("ACPI/IORT: Support address size limit for root complexes")
> Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>

Thanks

Eric
> ---
>  drivers/acpi/arm64/iort.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
> index fdd90ffceb85..c08afe44c488 100644
> --- a/drivers/acpi/arm64/iort.c
> +++ b/drivers/acpi/arm64/iort.c
> @@ -952,9 +952,10 @@ static int rc_dma_get_range(struct device *dev, u64 *size)
>  {
>  	struct acpi_iort_node *node;
>  	struct acpi_iort_root_complex *rc;
> +	struct pci_bus *pbus = to_pci_dev(dev)->bus;
>  
>  	node = iort_scan_node(ACPI_IORT_NODE_PCI_ROOT_COMPLEX,
> -			      iort_match_node_callback, dev);
> +			      iort_match_node_callback, &pbus->dev);
>  	if (!node || node->revision < 1)
>  		return -ENODEV;
>  
>
Robin Murphy - Jan. 10, 2019, 2:17 p.m.
On 10/01/2019 13:35, Jean-Philippe Brucker wrote:
> When executed for a PCI_ROOT_COMPLEX type, iort_match_node_callback()
> expects the opaque pointer argument to be a PCI bus device. At the
> moment rc_dma_get_range() passes the PCI endpoint instead of the bus,
> and we've been lucky to have pci_domain_nr(ptr) return 0 instead of
> crashing. Pass the bus device to iort_scan_node().

Oops - that makes sense, and I can now see the combination of 
circumstances that would have led me to overlook it at the time. Sorry 
about that! However..

> Reported-by: Eric Auger <eric.auger@redhat.com>
> Fixes: 5ac65e8c8941 ("ACPI/IORT: Support address size limit for root complexes")
> Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
> ---
>   drivers/acpi/arm64/iort.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
> index fdd90ffceb85..c08afe44c488 100644
> --- a/drivers/acpi/arm64/iort.c
> +++ b/drivers/acpi/arm64/iort.c
> @@ -952,9 +952,10 @@ static int rc_dma_get_range(struct device *dev, u64 *size)
>   {
>   	struct acpi_iort_node *node;
>   	struct acpi_iort_root_complex *rc;
> +	struct pci_bus *pbus = to_pci_dev(dev)->bus;

...is this still right if the device is beyond a switch or other bridge 
and not on the root bus?

Robin.

>   
>   	node = iort_scan_node(ACPI_IORT_NODE_PCI_ROOT_COMPLEX,
> -			      iort_match_node_callback, dev);
> +			      iort_match_node_callback, &pbus->dev);
>   	if (!node || node->revision < 1)
>   		return -ENODEV;
>   
>
Jean-Philippe Brucker - Jan. 10, 2019, 2:53 p.m.
On 10/01/2019 14:17, Robin Murphy wrote:
> On 10/01/2019 13:35, Jean-Philippe Brucker wrote:
>> When executed for a PCI_ROOT_COMPLEX type, iort_match_node_callback()
>> expects the opaque pointer argument to be a PCI bus device. At the
>> moment rc_dma_get_range() passes the PCI endpoint instead of the bus,
>> and we've been lucky to have pci_domain_nr(ptr) return 0 instead of
>> crashing. Pass the bus device to iort_scan_node().
> 
> Oops - that makes sense, and I can now see the combination of 
> circumstances that would have led me to overlook it at the time. Sorry 
> about that! However..
> 
>> Reported-by: Eric Auger <eric.auger@redhat.com>
>> Fixes: 5ac65e8c8941 ("ACPI/IORT: Support address size limit for root complexes")
>> Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
>> ---
>>   drivers/acpi/arm64/iort.c | 3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
>> index fdd90ffceb85..c08afe44c488 100644
>> --- a/drivers/acpi/arm64/iort.c
>> +++ b/drivers/acpi/arm64/iort.c
>> @@ -952,9 +952,10 @@ static int rc_dma_get_range(struct device *dev, u64 *size)
>>   {
>>   	struct acpi_iort_node *node;
>>   	struct acpi_iort_root_complex *rc;
>> +	struct pci_bus *pbus = to_pci_dev(dev)->bus;
> 
> ...is this still right if the device is beyond a switch or other bridge 
> and not on the root bus?

My understanding is that the pci_dev still has a valid ->bus
representing its nearest upstream bridge, and the domain_nr attribute of
each bus is copied from its parent by pci_alloc_bus(). Other places in
the kernel seem to do the same thing, including iort_iommu_configure()
in this file

Thanks,
Jean
Lorenzo Pieralisi - Jan. 10, 2019, 3:59 p.m.
On Thu, Jan 10, 2019 at 01:35:51PM +0000, Jean-Philippe Brucker wrote:
> When executed for a PCI_ROOT_COMPLEX type, iort_match_node_callback()
> expects the opaque pointer argument to be a PCI bus device. At the
> moment rc_dma_get_range() passes the PCI endpoint instead of the bus,
> and we've been lucky to have pci_domain_nr(ptr) return 0 instead of
> crashing. Pass the bus device to iort_scan_node().

Arguably it would have been better if it crashed instead of returning 0
(which is the default PCI domain number in most systems) by sheer luck.

Anyway - thanks for spotting this, I will mark if for stable and send it
to Will for an upcoming -rc asap.

Thanks,
Lorenzo

> Reported-by: Eric Auger <eric.auger@redhat.com>
> Fixes: 5ac65e8c8941 ("ACPI/IORT: Support address size limit for root complexes")
> Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
> ---
>  drivers/acpi/arm64/iort.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
> index fdd90ffceb85..c08afe44c488 100644
> --- a/drivers/acpi/arm64/iort.c
> +++ b/drivers/acpi/arm64/iort.c
> @@ -952,9 +952,10 @@ static int rc_dma_get_range(struct device *dev, u64 *size)
>  {
>  	struct acpi_iort_node *node;
>  	struct acpi_iort_root_complex *rc;
> +	struct pci_bus *pbus = to_pci_dev(dev)->bus;
>  
>  	node = iort_scan_node(ACPI_IORT_NODE_PCI_ROOT_COMPLEX,
> -			      iort_match_node_callback, dev);
> +			      iort_match_node_callback, &pbus->dev);
>  	if (!node || node->revision < 1)
>  		return -ENODEV;
>  
> -- 
> 2.19.1
>
Robin Murphy - Jan. 10, 2019, 4:17 p.m.
On 10/01/2019 14:53, Jean-Philippe Brucker wrote:
> On 10/01/2019 14:17, Robin Murphy wrote:
>> On 10/01/2019 13:35, Jean-Philippe Brucker wrote:
>>> When executed for a PCI_ROOT_COMPLEX type, iort_match_node_callback()
>>> expects the opaque pointer argument to be a PCI bus device. At the
>>> moment rc_dma_get_range() passes the PCI endpoint instead of the bus,
>>> and we've been lucky to have pci_domain_nr(ptr) return 0 instead of
>>> crashing. Pass the bus device to iort_scan_node().
>>
>> Oops - that makes sense, and I can now see the combination of
>> circumstances that would have led me to overlook it at the time. Sorry
>> about that! However..
>>
>>> Reported-by: Eric Auger <eric.auger@redhat.com>
>>> Fixes: 5ac65e8c8941 ("ACPI/IORT: Support address size limit for root complexes")
>>> Signed-off-by: Jean-Philippe Brucker <jean-philippe.brucker@arm.com>
>>> ---
>>>    drivers/acpi/arm64/iort.c | 3 ++-
>>>    1 file changed, 2 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
>>> index fdd90ffceb85..c08afe44c488 100644
>>> --- a/drivers/acpi/arm64/iort.c
>>> +++ b/drivers/acpi/arm64/iort.c
>>> @@ -952,9 +952,10 @@ static int rc_dma_get_range(struct device *dev, u64 *size)
>>>    {
>>>    	struct acpi_iort_node *node;
>>>    	struct acpi_iort_root_complex *rc;
>>> +	struct pci_bus *pbus = to_pci_dev(dev)->bus;
>>
>> ...is this still right if the device is beyond a switch or other bridge
>> and not on the root bus?
> 
> My understanding is that the pci_dev still has a valid ->bus
> representing its nearest upstream bridge, and the domain_nr attribute of
> each bus is copied from its parent by pci_alloc_bus(). Other places in
> the kernel seem to do the same thing, including iort_iommu_configure()
> in this file

OK, having re-read the commit message properly and gone and looked at 
the rest of the code, I think my concern is indeed unfounded - thanks. 
Mostly I'd forgotten that the IORT node is associated with the segment 
number rather than the actual RC device, so with doubts relieved:

Acked-by: Robin Murphy <robin.murphy@arm.com>

Cheers,
Robin.

Patch

diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c
index fdd90ffceb85..c08afe44c488 100644
--- a/drivers/acpi/arm64/iort.c
+++ b/drivers/acpi/arm64/iort.c
@@ -952,9 +952,10 @@  static int rc_dma_get_range(struct device *dev, u64 *size)
 {
 	struct acpi_iort_node *node;
 	struct acpi_iort_root_complex *rc;
+	struct pci_bus *pbus = to_pci_dev(dev)->bus;
 
 	node = iort_scan_node(ACPI_IORT_NODE_PCI_ROOT_COMPLEX,
-			      iort_match_node_callback, dev);
+			      iort_match_node_callback, &pbus->dev);
 	if (!node || node->revision < 1)
 		return -ENODEV;