Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp1593551ybz;
        Sat, 18 Apr 2020 04:23:29 -0700 (PDT)
X-Google-Smtp-Source: APiQypK4NuwLPqc6iXMBYY7I0mY9/bT3cW66V42XljLFtthUwsdlrGJKXwetWSATTLyBNrueJBEj
X-Received: by 2002:a50:a0c7:: with SMTP id 65mr6877140edo.7.1587209009179;
        Sat, 18 Apr 2020 04:23:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1587209009; cv=none;
        d=google.com; s=arc-20160816;
        b=E0Dht0YKuDEul6VJ8+JMvDElqTDeNlCygJIqkfN1H46nbEQLh7eeQBr+UqSEvNZfoj
         VT2z8OmMBTsU7xhmoyX0KVgnQZXsI9rr7NvcarvdlKX25JwQIrQzlLJadL2pzLub35+Y
         HbKfbgl17ONn3RE6x4YYEvhx1kDEEG1FCZAl+H4CNK3I08x6/SXMbdnmH6t+gIheaxdG
         2on/b0Yxee9qb77FLRRK2JDdjS5bFKexE7ag4hYEdN1urP1hBnx7ZPTWYD/jTmkRpRQF
         ZVEzbkJHW1ewmXZLV0nPuR0gdmpXs+Y6vpxFBrWw5N04mWFeYLRpfz25QmoNmPVXrpqS
         7WzA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :organization:references:in-reply-to:message-id:subject:cc:to:from
         :date:dkim-signature;
        bh=Hhll6Zy+ep/ajAGQQMrWwoXVjEYDtjkpJZURXEf5xs0=;
        b=lDH3DzPNEBvzMAQli9Sq1pH2IGlguvkaj7grOQ2VWphvdLsE9CBd9g/GefR5ax485g
         2FxVDRQXZaDaJKPo/2BSh7NFQ5txF3gANxdD1yKNAoLkKqdQChT5vY78mWEabQlQ0ilj
         dH3nZW93TlRMo/CEG6hjXZ7jweucZ/xgT+C35UDA6DZAKg/uOUynKavd70lUX5Np3G/n
         sexbYnM2tKTgq04u5HnuKhNt5htskTuZCT9/l51ZJs2eXBct7yJtlpvspNoGneaKsLK4
         WsvQH05+2i7JO0FIDm8YjDnUvBjAVMYePPRHY4o/GOQfyLyjPxKAiZ2OkTw0X9FQ20Hs
         BbBg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="NLB/Zicy";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id t13si15187811edy.503.2020.04.18.04.23.05;
        Sat, 18 Apr 2020 04:23:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="NLB/Zicy";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1725964AbgDRLV3 (ORCPT <rfc822;busarih159@gmail.com>
        + 99 others); Sat, 18 Apr 2020 07:21:29 -0400
Received: from mail.kernel.org ([198.145.29.99]:49954 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725857AbgDRLV2 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 18 Apr 2020 07:21:28 -0400
Received: from disco-boy.misterjones.org (disco-boy.misterjones.org [51.254.78.96])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 911CA21D79;
        Sat, 18 Apr 2020 11:21:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1587208887;
        bh=77wH0JlbUKInqkEkZYANjIIPct4Xemzg7GiHD8oFtqY=;
        h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
        b=NLB/ZicyUDIxey2fxqxQOXODT77sVJZQcqZKsU8IZeZMavmwzJxuF6Q9Yy9RgjJ2W
         ArPRj/TRmUCFc3SkqTl999PoABRpxWrTNHqIug/WXL/ELyPnO8AW7C/RZIAQy2IQyk
         ClGR2JVfFExTmtT9iTR5TJRakT0dLuyPppHumC+U=
Received: from 78.163-31-62.static.virginmediabusiness.co.uk ([62.31.163.78] helo=why)
        by disco-boy.misterjones.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
        (Exim 4.92)
        (envelope-from <maz@kernel.org>)
        id 1jPlXJ-004Pmh-IF; Sat, 18 Apr 2020 12:21:25 +0100
Date:   Sat, 18 Apr 2020 12:21:23 +0100
From:   Marc Zyngier <maz@kernel.org>
To:     Alan Mikhak <alan.mikhak@sifive.com>
Cc:     linux-kernel@vger.kernel.org, dmaengine@vger.kernel.org,
        linux-pci@vger.kernel.org, tglx@linutronix.de,
        gustavo.pimentel@synopsys.com, kishon@ti.com,
        paul.walmsley@sifive.com
Subject: Re: [PATCH] genirq/msi: Check null pointer before copying struct
 msi_msg
Message-ID: <20200418122123.10157ddd@why>
In-Reply-To: <1587149322-28104-1-git-send-email-alan.mikhak@sifive.com>
References: <1587149322-28104-1-git-send-email-alan.mikhak@sifive.com>
Organization: Approximate
X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-SA-Exim-Connect-IP: 62.31.163.78
X-SA-Exim-Rcpt-To: alan.mikhak@sifive.com, linux-kernel@vger.kernel.org, dmaengine@vger.kernel.org, linux-pci@vger.kernel.org, tglx@linutronix.de, gustavo.pimentel@synopsys.com, kishon@ti.com, paul.walmsley@sifive.com
X-SA-Exim-Mail-From: maz@kernel.org
X-SA-Exim-Scanned: No (on disco-boy.misterjones.org); SAEximRunCond expanded to false
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, 17 Apr 2020 11:48:42 -0700
Alan Mikhak <alan.mikhak@sifive.com> wrote:

Hi Alan,

> From: Alan Mikhak <alan.mikhak@sifive.com>
> 
> Modify __get_cached_msi_msg() to check both pointers for null before
> copying the contents from the struct msi_msg pointer to the pointer
> provided by caller.
> 
> Without this sanity check, __get_cached_msi_msg() crashes when invoked by
> dw_edma_irq_request() in drivers/dma/dw-edma/dw-edma-core.c running on a
> Linux-based PCIe endpoint device. MSI interrupt are not received by PCIe
> endpoint devices. As a result, irq_get_msi_desc() returns null since there
> are no cached struct msi_msg entry on the endpoint side.
> 
> Signed-off-by: Alan Mikhak <alan.mikhak@sifive.com>
> ---
>  kernel/irq/msi.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/kernel/irq/msi.c b/kernel/irq/msi.c
> index eb95f6106a1e..f39d42ef0d50 100644
> --- a/kernel/irq/msi.c
> +++ b/kernel/irq/msi.c
> @@ -58,7 +58,8 @@ void free_msi_entry(struct msi_desc *entry)
>  
>  void __get_cached_msi_msg(struct msi_desc *entry, struct msi_msg *msg)
>  {
> -	*msg = entry->msg;
> +	if (entry && msg)
> +		*msg = entry->msg;
>  }
>  
>  void get_cached_msi_msg(unsigned int irq, struct msi_msg *msg)

I'm not convinced by this. If you know that, by construction, these
interrupts are not associated with an underlying MSI, why calling
get_cached_msi_msg() the first place?

There seem to be some assumptions in the DW EDMA driver that the
signaling would be MSI based, so maybe someone from Synopsys (Gustavo?)
could clarify that. From my own perspective, running on an endpoint
device means that it is *generating* interrupts, and I'm not sure what
the MSIs represent here.

Thanks,

	M.
-- 
Jazz is not dead. It just smells funny...