net: ipa: don't overrun IPA suspend interrupt registers

Message ID 20240218190450.331390-1-elder@linaro.org
State New
Headers
Series net: ipa: don't overrun IPA suspend interrupt registers |

Commit Message

Alex Elder Feb. 18, 2024, 7:04 p.m. UTC
  In newer hardware, IPA supports more than 32 endpoints.  Some
registers--such as IPA interrupt registers--represent endpoints
as bits in a 4-byte register, and such registers are repeated as
needed to represent endpoints beyond the first 32.

In ipa_interrupt_suspend_clear_all(), we clear all pending IPA
suspend interrupts by reading all status register(s) and writing
corresponding registers to clear interrupt conditions.

Unfortunately the number of registers to read/write is calculated
incorrectly, and as a result we access *many* more registers than
intended.  This bug occurs only when the IPA hardware signals a
SUSPEND interrupt, which happens when a packet is received for an
endpoint (or its underlying GSI channel) that is suspended.  This
situation is difficult to reproduce, but possible.

Fix this by correctly computing the number of interrupt registers to
read and write.  This is the only place in the code where registers
that map endpoints or channels this way perform this calculation.

Fixes: f298ba785e2d ("net: ipa: add a parameter to suspend registers")
Signed-off-by: Alex Elder <elder@linaro.org>
---
 drivers/net/ipa/ipa_interrupt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
  

Comments

Alex Elder Feb. 18, 2024, 7:07 p.m. UTC | #1
On 2/18/24 1:04 PM, Alex Elder wrote:
> In newer hardware, IPA supports more than 32 endpoints.  Some
> registers--such as IPA interrupt registers--represent endpoints
> as bits in a 4-byte register, and such registers are repeated as
> needed to represent endpoints beyond the first 32.

I'm sorry, this is a BUG FIX and I neglected to include "net"
in the subject.  Please handle this accordingly...

					-Alex

> 
> In ipa_interrupt_suspend_clear_all(), we clear all pending IPA
> suspend interrupts by reading all status register(s) and writing
> corresponding registers to clear interrupt conditions.
> 
> Unfortunately the number of registers to read/write is calculated
> incorrectly, and as a result we access *many* more registers than
> intended.  This bug occurs only when the IPA hardware signals a
> SUSPEND interrupt, which happens when a packet is received for an
> endpoint (or its underlying GSI channel) that is suspended.  This
> situation is difficult to reproduce, but possible.
> 
> Fix this by correctly computing the number of interrupt registers to
> read and write.  This is the only place in the code where registers
> that map endpoints or channels this way perform this calculation.
> 
> Fixes: f298ba785e2d ("net: ipa: add a parameter to suspend registers")
> Signed-off-by: Alex Elder <elder@linaro.org>
> ---
>   drivers/net/ipa/ipa_interrupt.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/net/ipa/ipa_interrupt.c b/drivers/net/ipa/ipa_interrupt.c
> index 4bc05948f772d..a78c692f2d3c5 100644
> --- a/drivers/net/ipa/ipa_interrupt.c
> +++ b/drivers/net/ipa/ipa_interrupt.c
> @@ -212,7 +212,7 @@ void ipa_interrupt_suspend_clear_all(struct ipa_interrupt *interrupt)
>   	u32 unit_count;
>   	u32 unit;
>   
> -	unit_count = roundup(ipa->endpoint_count, 32);
> +	unit_count = DIV_ROUND_UP(ipa->endpoint_count, 32);
>   	for (unit = 0; unit < unit_count; unit++) {
>   		const struct reg *reg;
>   		u32 val;
  
Simon Horman Feb. 19, 2024, 7:44 p.m. UTC | #2
On Sun, Feb 18, 2024 at 01:04:50PM -0600, Alex Elder wrote:
> In newer hardware, IPA supports more than 32 endpoints.  Some
> registers--such as IPA interrupt registers--represent endpoints
> as bits in a 4-byte register, and such registers are repeated as
> needed to represent endpoints beyond the first 32.
> 
> In ipa_interrupt_suspend_clear_all(), we clear all pending IPA
> suspend interrupts by reading all status register(s) and writing
> corresponding registers to clear interrupt conditions.
> 
> Unfortunately the number of registers to read/write is calculated
> incorrectly, and as a result we access *many* more registers than
> intended.  This bug occurs only when the IPA hardware signals a
> SUSPEND interrupt, which happens when a packet is received for an
> endpoint (or its underlying GSI channel) that is suspended.  This
> situation is difficult to reproduce, but possible.

I see what you mean about *many* more :)

> Fix this by correctly computing the number of interrupt registers to
> read and write.  This is the only place in the code where registers
> that map endpoints or channels this way perform this calculation.
> 
> Fixes: f298ba785e2d ("net: ipa: add a parameter to suspend registers")
> Signed-off-by: Alex Elder <elder@linaro.org>

As noted by Alex elsewhere elsewhere in this thread, this is for net.

Reviewed-by: Simon Horman <horms@kernel.org>
  

Patch

diff --git a/drivers/net/ipa/ipa_interrupt.c b/drivers/net/ipa/ipa_interrupt.c
index 4bc05948f772d..a78c692f2d3c5 100644
--- a/drivers/net/ipa/ipa_interrupt.c
+++ b/drivers/net/ipa/ipa_interrupt.c
@@ -212,7 +212,7 @@  void ipa_interrupt_suspend_clear_all(struct ipa_interrupt *interrupt)
 	u32 unit_count;
 	u32 unit;
 
-	unit_count = roundup(ipa->endpoint_count, 32);
+	unit_count = DIV_ROUND_UP(ipa->endpoint_count, 32);
 	for (unit = 0; unit < unit_count; unit++) {
 		const struct reg *reg;
 		u32 val;