LinuxLists.cc - [PATCH] mbigen: don't clear eventid when free

2019-03-16 11:16:15

Subject: [PATCH] mbigen: don't clear eventid when free_irq

From: Jianguo Chen <[email protected]>

mbigen_write_msg clears eventid bits of a mbigen register
when free a interrupt, because msi_domain_deactivate memset
struct msg to zero. Then multiple mbigen pins with zero eventid
will report the same interrupt number.

The eventid clear call trace:
free_irq
__free_irq
irq_shutdown
irq_domain_deactivate_irq
__irq_domain_deactivate_irq
__irq_domain_deactivate_irq
msi_domain_deactivate
platform_msi_write_msg
mbigen_write_msg

Signed-off-by: Jianguo Chen <[email protected]>
---
drivers/irqchip/irq-mbigen.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/drivers/irqchip/irq-mbigen.c b/drivers/irqchip/irq-mbigen.c
index 567b29c..fad7291 100644
--- a/drivers/irqchip/irq-mbigen.c
+++ b/drivers/irqchip/irq-mbigen.c
@@ -161,6 +161,9 @@ static void mbigen_write_msg(struct msi_desc *desc,
struct msi_msg *msg)
void __iomem *base = d->chip_data;
u32 val;

+ if (!msg->address_lo && !msg->address_hi)
+ return;
+
base += get_mbigen_vec_reg(d->hwirq);
val = readl_relaxed(base);

--
1.8.5.6

.

2019-03-21 09:12:46

by Marc Zyngier

[permalink] [raw]

Subject: Re: [PATCH] mbigen: don't clear eventid when free_irq

On Sat, 16 Mar 2019 11:15:03 +0000
chenjianguo <[email protected]> wrote:

> From: Jianguo Chen <[email protected]>
>
> mbigen_write_msg clears eventid bits of a mbigen register
> when free a interrupt, because msi_domain_deactivate memset
> struct msg to zero. Then multiple mbigen pins with zero eventid
> will report the same interrupt number.
>
> The eventid clear call trace:
> free_irq
> __free_irq
> irq_shutdown
> irq_domain_deactivate_irq
> __irq_domain_deactivate_irq
> __irq_domain_deactivate_irq
> msi_domain_deactivate
> platform_msi_write_msg
> mbigen_write_msg
>
> Signed-off-by: Jianguo Chen <[email protected]>
> ---
> drivers/irqchip/irq-mbigen.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/irqchip/irq-mbigen.c b/drivers/irqchip/irq-mbigen.c
> index 567b29c..fad7291 100644
> --- a/drivers/irqchip/irq-mbigen.c
> +++ b/drivers/irqchip/irq-mbigen.c
> @@ -161,6 +161,9 @@ static void mbigen_write_msg(struct msi_desc *desc,
> struct msi_msg *msg)
> void __iomem *base = d->chip_data;
> u32 val;
>
> + if (!msg->address_lo && !msg->address_hi)
> + return;
> +
> base += get_mbigen_vec_reg(d->hwirq);
> val = readl_relaxed(base);
>

For whatever reason, I couldn't apply this patch (even when fishing a
copy of this email from the archives). It seems to be corrupted is
various ways, so I had to write the patch from scratch, which is not the
most reliable way to work. Good thing this was something trivial, I
wouldn't do it for something more complicated.

In the future, please make sure to use 'git send-email' to send your
patches, as it is known to work correctly.

Thanks,

M.
--
Without deviation from the norm, progress is not possible.

2019-03-21 13:22:53

by Chen Jianguo

[permalink] [raw]

Subject: Re: [PATCH] mbigen: don't clear eventid when free_irq

Hi Marc
On 2019/3/21 17:11, Marc Zyngier wrote:
> On Sat, 16 Mar 2019 11:15:03 +0000
> chenjianguo <[email protected]> wrote:
>
>> From: Jianguo Chen <[email protected]>
>>
>> mbigen_write_msg clears eventid bits of a mbigen register
>> when free a interrupt, because msi_domain_deactivate memset
>> struct msg to zero. Then multiple mbigen pins with zero eventid
>> will report the same interrupt number.
>>
>> The eventid clear call trace:
>> free_irq
>> __free_irq
>> irq_shutdown
>> irq_domain_deactivate_irq
>> __irq_domain_deactivate_irq
>> __irq_domain_deactivate_irq
>> msi_domain_deactivate
>> platform_msi_write_msg
>> mbigen_write_msg
>>
>> Signed-off-by: Jianguo Chen <[email protected]>
>> ---
>> drivers/irqchip/irq-mbigen.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/drivers/irqchip/irq-mbigen.c b/drivers/irqchip/irq-mbigen.c
>> index 567b29c..fad7291 100644
>> --- a/drivers/irqchip/irq-mbigen.c
>> +++ b/drivers/irqchip/irq-mbigen.c
>> @@ -161,6 +161,9 @@ static void mbigen_write_msg(struct msi_desc *desc,
>> struct msi_msg *msg)
>> void __iomem *base = d->chip_data;
>> u32 val;
>>
>> + if (!msg->address_lo && !msg->address_hi)
>> + return;
>> +
>> base += get_mbigen_vec_reg(d->hwirq);
>> val = readl_relaxed(base);
>>
>
> For whatever reason, I couldn't apply this patch (even when fishing a
> copy of this email from the archives). It seems to be corrupted is
> various ways, so I had to write the patch from scratch, which is not the
> most reliable way to work. Good thing this was something trivial, I
> wouldn't do it for something more complicated.
>
> In the future, please make sure to use 'git send-email' to send your
> patches, as it is known to work correctly.
>
> Thanks,
>
> M.
>

Mbigen vector register and pin structure shows as below:

event id 0 1 2 127
vector register reg0 reg1 reg2 reg127
| | | |
MBIGEN pin0 pin1 pin2 ... pin127
|-----|-----|-----|-----|
| | | | |
device interrupt num0 num1 num2 num127

Suppose a device driver requested irq num0 and num1 at the beginning,
and for some reason it freed irq num1, mbigen_write_msg will write reg1
with event id 0. Then the pin1 probably mistakenly report interrupt num0
to device driver if there is a signal on the pin.

event id 0 0 2 127
vector register reg0 reg1 reg2 reg127
| | | |
MBIGEN pin0 pin1 pin2 ... pin127
|-----|-----|-----|-----|
| | | | |
device interrup num0 num1 num2 num127

Thanks,
Jianguo Chen