Received: by 2002:a05:6500:2018:b0:1fb:9675:f89d with SMTP id t24csp558288lqh; Fri, 31 May 2024 09:15:42 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWDlEIkA7MgAA9Yf575g1Rti7GLb2o8NI8exFwWHGfZAZpx4vnDCJHfDCHO8eGTmS/B40lLZCXS/ZEbft1lK7qYrjH1wqjwfAti8efBRw== X-Google-Smtp-Source: AGHT+IFLF9//KWQdqJOt1EFknb9Ck+V/D5q8u4ZO9AtMpBsvvoVnUeAxkIGbcJXGnfWlR8CRQjLC X-Received: by 2002:a05:6a00:1c93:b0:6ea:e2fd:6100 with SMTP id d2e1a72fcca58-702478daf36mr2384270b3a.30.1717172142223; Fri, 31 May 2024 09:15:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717172142; cv=pass; d=google.com; s=arc-20160816; b=AfREIWdg5MvjqHZyq+H1jJTo21Bxzew+JGK8TYYLcUAEh4Lx0KYVtLS8ezDgnHvm3y oU8bJ1gpYLIOsHDLYz9v3PGRq4fkBr9gJPoR3kyUwtw1e2tH7aiObN9EQy5HRJEbpnQ0 zFUQ8xG96ZjDOfkSehgLJ1s/58nVdaOn9yDKEK4h9XIVAkiU5Q88kaL57cDRqyl6UCm2 Y3aZKMQuICZXhVUs11t25RP7y9Vd0GCb6ebbk4LWmE1lz+8N/dgRk5flFtEWu95GMeuE sDT7OMveTZLANvDel6CAaivw0ZvA1tTnq9En/oM0+F2voeoZN/OvVclRXkHSGS5D691V dH3A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=Qaf7wlJcbuaI5XLr7jlnJohIFPCzjuNsqqKvlQY7mnY=; fh=PTO6XlWeH27rWcrHNpHi8SrGOmNYLy2XI4147pFiS3k=; b=iFUbavoqdQvL9fYTDnm81vSUxdIFBoI46s7mmcRSByqZ+4/Y313dbjlAiBN3tp821V iDo8w/O/WW5mOR3naRiNFjhdRNoeLqDtKfalU7GG0mhoBkWBbgHHpU2+c5AD8TwW88Nq AtQiYvRNOdR+n1PaY14qKRxMNvULEfueFBjEHmKhlJLpI8wSXwvDg/53bOsL/u1egHzg QF2QRFBXrwZHVuVzmP5KdRLpWJnoUK0xqWUwLxRuB38Rs9tESF8cxrycJFFY9gMYPwOi UnbySv6qLPZwgtJg2yTfbKr9WbIR1v6RWN+efjtTU796FH+mNnmWeDLWAw9nxkPlILiE npcQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=w2FIGB0I; arc=pass (i=1 spf=pass spfdomain=linux.dev dkim=pass dkdomain=linux.dev dmarc=pass fromdomain=linux.dev); spf=pass (google.com: domain of linux-kernel+bounces-197122-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-197122-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id d2e1a72fcca58-702423dce6csi1765175b3a.36.2024.05.31.09.15.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 31 May 2024 09:15:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-197122-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.dev header.s=key1 header.b=w2FIGB0I; arc=pass (i=1 spf=pass spfdomain=linux.dev dkim=pass dkdomain=linux.dev dmarc=pass fromdomain=linux.dev); spf=pass (google.com: domain of linux-kernel+bounces-197122-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-197122-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 39DB928BAF1 for ; Fri, 31 May 2024 16:14:46 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C512A176AC9; Fri, 31 May 2024 16:13:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="w2FIGB0I" Received: from out-187.mta0.migadu.com (out-187.mta0.migadu.com [91.218.175.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6376B158DD3 for ; Fri, 31 May 2024 16:13:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.187 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717172036; cv=none; b=SW5sAkH3r297CJGi3Htxl+pJkyWx6ctj5CHZgyPZUQSAvBpHRRAKSJvlvvTnczGhqA1sP7Tc6EI81PGmS9FxjYN9yInXp0O92cRBdXpUm+rA4IFU/oegHgOBl2+CkV/i3FSmmJy4pfy97AeF9+2ta21dmvN/PfA/WWMrJ3wI5fE= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717172036; c=relaxed/simple; bh=XYS6GElq0yArJgxoxvyHPMS3W4BDecfj/Oq019zf3Gc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=hdk0pqFE7c+5jrw8MRflqgr0PkAyWUP5sOLVeG6x4o3ZdNvt+EW4CQ6dZ29THZwxaaH/3LKJgIji5CMoCiHdxAFrtAtN1Hu+BKC1VhkufOd/wtftE5NwP40JAc9NyI3mPB47xVLyF5Q9kDr+BAqQathPOvH+7V5e+a4pvdeUEWI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=w2FIGB0I; arc=none smtp.client-ip=91.218.175.187 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev X-Envelope-To: lpieralisi@kernel.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1717172032; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Qaf7wlJcbuaI5XLr7jlnJohIFPCzjuNsqqKvlQY7mnY=; b=w2FIGB0INIhu6VVvsFM5KwIGw4z7lIFwD8CKxzGHIC739QzQmk2STRcVji1Ca84PW+sl91 0zp2Uiw5YUmH0jFB5Hf4777v2LPsoFbDiYlQJbIEr0B+3F2pr+gOPfQ+usbw2psr2x9opw uMROgDK+ucm0Dla8+Dj4+FOVc5xZXvQ= X-Envelope-To: kw@linux.com X-Envelope-To: robh@kernel.org X-Envelope-To: linux-pci@vger.kernel.org X-Envelope-To: thippeswamy.havalige@amd.com X-Envelope-To: linux-arm-kernel@lists.infradead.org X-Envelope-To: markus.elfring@web.de X-Envelope-To: dan.carpenter@linaro.org X-Envelope-To: linux-kernel@vger.kernel.org X-Envelope-To: bhelgaas@google.com X-Envelope-To: michal.simek@amd.com X-Envelope-To: sean.anderson@linux.dev X-Envelope-To: stable@vger.kernel.org X-Envelope-To: bharatku@xilinx.com X-Envelope-To: helgaas@kernel.org X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Sean Anderson To: Lorenzo Pieralisi , =?UTF-8?q?Krzysztof=20Wilczy=C5=84ski?= , Rob Herring , linux-pci@vger.kernel.org Cc: Thippeswamy Havalige , linux-arm-kernel@lists.infradead.org, Markus Elfring , Dan Carpenter , linux-kernel@vger.kernel.org, Bjorn Helgaas , Michal Simek , Sean Anderson , stable@vger.kernel.org, Bharat Kumar Gogada , Bjorn Helgaas Subject: [PATCH v4 2/7] PCI: xilinx-nwl: Fix off-by-one in IRQ handler Date: Fri, 31 May 2024 12:13:32 -0400 Message-Id: <20240531161337.864994-3-sean.anderson@linux.dev> In-Reply-To: <20240531161337.864994-1-sean.anderson@linux.dev> References: <20240531161337.864994-1-sean.anderson@linux.dev> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT MSGF_LEG_MASK is laid out with INTA in bit 0, INTB in bit 1, INTC in bit 2, and INTD in bit 3. Hardware IRQ numbers start at 0, and we register PCI_NUM_INTX irqs. So to enable INTA (aka hwirq 0) we should set bit 0. Remove the subtraction of one. This bug would cause legacy interrupts not to be delivered, as enabling INTB would actually enable INTA, and enabling INTA wouldn't enable anything at all. It is likely that this got overlooked for so long since most PCIe hardware uses MSIs. This fixes the following UBSAN error: UBSAN: shift-out-of-bounds in ../drivers/pci/controller/pcie-xilinx-nwl.c:389:11 shift exponent 18446744073709551615 is too large for 32-bit type 'int' CPU: 1 PID: 61 Comm: kworker/u10:1 Not tainted 6.6.20+ #268 Hardware name: xlnx,zynqmp (DT) Workqueue: events_unbound deferred_probe_work_func Call trace: dump_backtrace (arch/arm64/kernel/stacktrace.c:235) show_stack (arch/arm64/kernel/stacktrace.c:242) dump_stack_lvl (lib/dump_stack.c:107) dump_stack (lib/dump_stack.c:114) __ubsan_handle_shift_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:387) nwl_unmask_leg_irq (drivers/pci/controller/pcie-xilinx-nwl.c:389 (discriminator 1)) irq_enable (kernel/irq/internals.h:234 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345) __irq_startup (kernel/irq/internals.h:239 kernel/irq/chip.c:180 kernel/irq/chip.c:250) irq_startup (kernel/irq/chip.c:270) __setup_irq (kernel/irq/manage.c:1800) request_threaded_irq (kernel/irq/manage.c:2206) pcie_pme_probe (include/linux/interrupt.h:168 drivers/pci/pcie/pme.c:348) Fixes: 9a181e1093af ("PCI: xilinx-nwl: Modify IRQ chip for legacy interrupts") Cc: Signed-off-by: Sean Anderson --- Changes in v4: - Explain likely effects of the off-by-one error - Trim down UBSAN backtrace Changes in v3: - Expand commit message drivers/pci/controller/pcie-xilinx-nwl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/pcie-xilinx-nwl.c b/drivers/pci/controller/pcie-xilinx-nwl.c index 0408f4d612b5..437927e3bcca 100644 --- a/drivers/pci/controller/pcie-xilinx-nwl.c +++ b/drivers/pci/controller/pcie-xilinx-nwl.c @@ -371,7 +371,7 @@ static void nwl_mask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val & (~mask)), MSGF_LEG_MASK); @@ -385,7 +385,7 @@ static void nwl_unmask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val | mask), MSGF_LEG_MASK); -- 2.35.1.1320.gc452695387.dirty