| Message ID | 3f9f779c-a32f-4925-9ff9-a706861d3357@moroto.mountain |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-29319-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:30f:b0:101:a8e8:374 with SMTP id ia15csp102759dyb;
Wed, 17 Jan 2024 10:32:37 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IFs/tdG4qYEnR3cv755JZReMom551YCe4lPZRsbNCg9WNkb1M4PGAz6Qc40E11Ik6+qdZVc
X-Received: by 2002:a05:6214:130b:b0:681:132e:6e3a with SMTP id
pn11-20020a056214130b00b00681132e6e3amr13397718qvb.3.1705516357434;
Wed, 17 Jan 2024 10:32:37 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1705516357; cv=pass;
d=google.com; s=arc-20160816;
b=mhIPBYNW376ud896p9DffXi/+TNIEgOhJjUx0MRb69M/rw1QLrb2fYOPWmGZ4aVg/s
RZsz7FVAlArbPOdJM6z823ilbSoFoeraFoRo4On3mhee2wsathBbRCSPyLynKaJwZ0+F
/YuhG+nbU304Eti0SaxYaoM3pYcl743fG4SasASDb0HKfsmG+aHCK5l8fuvFUDNoke+N
zxrBdkRk3D8rnh7ZBFsFXHjXMJwXL2Lb29WWW51CtgGi6hc/u0ce5k1citlPfZv8zMC5
85txFbieITCEGfh+M+Fiyly04DMub02V/1hVCNiqFPSlTb0dFMfgKxPoB0+EGd7NnvH6
4mYQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=content-disposition:mime-version:list-unsubscribe:list-subscribe
:list-id:precedence:message-id:subject:cc:to:from:date
:dkim-signature;
bh=dowglsIPVbYVAFa4rVjn+rlDsEzlw1XXMllVZiyv4c4=;
fh=AMP6jLY/YgAkWlcuKAii2N0FHrlJK6sTn/slWMNRfkk=;
b=jxhMMetNsi+MQO2zFywxEusvbThFlBY1JOJxzswjdId/t8eyPEewYgdXvF4yBDvqXh
FfiUzx8pVpwJXv4hgmlSkmFPKaz3zI8Bb4Nm8iuGn6rR0JlvlES5jRyKG2EBIb0K++Yn
WmRtMYhgpnxk/eh6BejSVeOtV0hYTvbuYk5TQlKbHgllRLqHMy+3xAIx2ALdSnCyCSJu
Jbhw1NynjFetIYKspTWz/y5OWyYJodAY53rXlh0fIoRCqhJsMnmfjJL+WWpe9iaLelXP
LnHXYZsZkf/Rk1Xh9w57qhkKW8kRBADpuvpkgZm9Xt1p+TSCVo7mJiuLP/ihDthN9Wip
ohNA==
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@linaro.org header.s=google header.b=TwTr7tL+;
arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass
dkdomain=linaro.org dmarc=pass fromdomain=linaro.org);
spf=pass (google.com: domain of
linux-kernel+bounces-29319-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.199.223 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-29319-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
by mx.google.com with ESMTPS id
pj18-20020a05620a1d9200b007831e5b8ecbsi11985970qkn.91.2024.01.17.10.32.37
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 17 Jan 2024 10:32:37 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-29319-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
dkim=pass header.i=@linaro.org header.s=google header.b=TwTr7tL+;
arc=pass (i=1 spf=pass spfdomain=linaro.org dkim=pass
dkdomain=linaro.org dmarc=pass fromdomain=linaro.org);
spf=pass (google.com: domain of
linux-kernel+bounces-29319-ouuuleilei=gmail.com@vger.kernel.org designates
147.75.199.223 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-29319-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ny.mirrors.kernel.org (Postfix) with ESMTPS id 3999F1C21954
for <ouuuleilei@gmail.com>; Wed, 17 Jan 2024 18:32:37 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id 7E71023767;
Wed, 17 Jan 2024 18:32:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org
header.b="TwTr7tL+"
Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com
[209.85.128.43])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id AB57F22F0D
for <linux-kernel@vger.kernel.org>; Wed, 17 Jan 2024 18:32:13 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=209.85.128.43
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1705516335; cv=none;
b=CEWLmvsOcU9nACQUEcX8zbo4e88gMFMZ1G1HMtuIr5C+Tm3GxxsapS1dDe6AwEKVN3l41MmkA0qnjJj2iCOUY+hEtQ++U1aFWfepbeJ6zAntXbJF4+3f9UZHatSgvdz3UTlbLxsJPPcMhufVRiCNqSacv+UlGyg2hFOSyzi+oeA=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1705516335; c=relaxed/simple;
bh=GJoKVb2+DXUwHo6EryFUbR0bKGFrwQdlvWC+jGiPY6k=;
h=Received:DKIM-Signature:X-Google-DKIM-Signature:
X-Gm-Message-State:X-Google-Smtp-Source:X-Received:Received:Date:
From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type:
Content-Disposition:X-Mailer;
b=ikATTLcBp3AOA9Bq2sdBnowqktNlw9oT2h3NG+g9l8mXsZ9SC9ShKgwZmuDsdx6xbiYrOICAtPiiaZKxjaijFMJzS/9SeDNqrj2RZ0lTa1ohCJcXXd33VHJtZwS/jS1K82rkxyvGsU5QC3a6XL0P4KE0Z2LRlHSWqHvFjEpLxEg=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=linaro.org;
spf=pass smtp.mailfrom=linaro.org;
dkim=pass (2048-bit key) header.d=linaro.org header.i=@linaro.org
header.b=TwTr7tL+; arc=none smtp.client-ip=209.85.128.43
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=none dis=none) header.from=linaro.org
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=linaro.org
Received: by mail-wm1-f43.google.com with SMTP id
5b1f17b1804b1-40d6b4e2945so126812315e9.0
for <linux-kernel@vger.kernel.org>;
Wed, 17 Jan 2024 10:32:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=linaro.org; s=google; t=1705516332; x=1706121132;
darn=vger.kernel.org;
h=content-disposition:mime-version:message-id:subject:cc:to:from:date
:from:to:cc:subject:date:message-id:reply-to;
bh=dowglsIPVbYVAFa4rVjn+rlDsEzlw1XXMllVZiyv4c4=;
b=TwTr7tL+WDZwmHbKemDUyUDIWb4rMpnc4+pKMYXD0kBmNUhOxA2BQCrDumLI49gUkE
SItrJ7H+S6tadYJjJB0HhN6c7BO4OguGscHfxRnOnavEK6nTgFWY20WxemizPHzBDsI2
1yCI9pmUvXn41H5HhNmLIDYwGWm9MTTMOmle8NHNJPE4m8M5FVeh+h6wy63h82g4pFTk
hE3JYSyUOy9LMoGkudQ1dytir8o/fvxTRHzJiNkUB/ooMJ++fajbjI9Dr+fmwzwgGA5S
wGwcFo0FefarJ73kGoG9DNY1hiOjL/AOcI4Uq85wiJdwSXfWF6UnNs/dw8tust6D57Iy
ml8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1705516332; x=1706121132;
h=content-disposition:mime-version:message-id:subject:cc:to:from:date
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=dowglsIPVbYVAFa4rVjn+rlDsEzlw1XXMllVZiyv4c4=;
b=HZRwYQeOzQsWQdNtWIRjGE8hF5l0fVQG/aUt+jxr0HZdQswvQ73u/TLk/8ir9mWUlF
29iICT6dkHpXwPllIZTZ/07xclkuEabYFLs+mKVadoKU9f6HU7K8QpnCevWj+Z9zoJ+r
FXN59xYbhAlvYg0eReQODmcKhqxstzGigTcfuCHcSKMOB4XeRP/YrRaJs4MMbkX2/NdZ
L2EeqSC8YTCRI/Ce9gtQ1Fgm5lxmfD9TblFYqzr67a8UEsbuSpo0LqRMJ5j22HCzUrkP
brxZw30jMpHRdCuarmrhf1v61LlKZopnKt551LU0tO2HdeuKklRhJ4XgaukS86b1xPAw
3fjQ==
X-Gm-Message-State: AOJu0Ywd9FionUedehd4wKVSW6VEO5ism1+/2QT1WnDNezZnqWSySXsd
YZloODTc95hq5QuQRZeHWfIax+f9qm4kYQ==
X-Received: by 2002:a05:600c:45ce:b0:40e:6e84:e95f with SMTP id
s14-20020a05600c45ce00b0040e6e84e95fmr2723425wmo.252.1705516331931;
Wed, 17 Jan 2024 10:32:11 -0800 (PST)
Received: from localhost ([102.140.209.237])
by smtp.gmail.com with ESMTPSA id
o8-20020a05600c4fc800b0040e549c77a1sm27223849wmq.32.2024.01.17.10.32.10
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 17 Jan 2024 10:32:11 -0800 (PST)
Date: Wed, 17 Jan 2024 21:32:08 +0300
From: Dan Carpenter <dan.carpenter@linaro.org>
To: Niklas Cassel <niklas.cassel@wdc.com>
Cc: Jingoo Han <jingoohan1@gmail.com>,
Gustavo Pimentel <gustavo.pimentel@synopsys.com>,
Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>,
Lorenzo Pieralisi <lpieralisi@kernel.org>, Krzysztof =?utf-8?q?Wilczy=C5=84?=
=?utf-8?q?ski?= <kw@linux.com>, Rob Herring <robh@kernel.org>,
Bjorn Helgaas <bhelgaas@google.com>, linux-pci@vger.kernel.org,
linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: [PATCH] PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()
Message-ID: <3f9f779c-a32f-4925-9ff9-a706861d3357@moroto.mountain>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Mailer: git-send-email haha only kidding
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1788363520084009749
X-GMAIL-MSGID: 1788363520084009749
|
| Series |
PCI: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq()
|
|
Commit Message
Dan Carpenter
Jan. 17, 2024, 6:32 p.m. UTC
The "msg_addr" variable is u64. However, the "tbl_offset" is an unsigned
int. This means that when the code does
msg_addr &= ~aligned_offset;
it will unintentionally zero out the high 32 bits. Declare "tbl_offset"
as a u64 to address this bug.
Fixes: 2217fffcd63f ("PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
---
From static analysis (not tested).
drivers/pci/controller/dwc/pcie-designware-ep.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Hello Dan, On Wed, Jan 17, 2024 at 09:32:08PM +0300, Dan Carpenter wrote: > The "msg_addr" variable is u64. However, the "tbl_offset" is an unsigned Here you write tbl_offset. > int. This means that when the code does > > msg_addr &= ~aligned_offset; > > it will unintentionally zero out the high 32 bits. Declare "tbl_offset" Here you also write tbl_offset. > as a u64 to address this bug. > > Fixes: 2217fffcd63f ("PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support") > Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> > --- > From static analysis (not tested). > > drivers/pci/controller/dwc/pcie-designware-ep.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c > index 5befed2dc02b..2b6607c23541 100644 > --- a/drivers/pci/controller/dwc/pcie-designware-ep.c > +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c > @@ -525,7 +525,7 @@ int dw_pcie_ep_raise_msix_irq(struct dw_pcie_ep *ep, u8 func_no, > struct dw_pcie_ep_func *ep_func; > struct pci_epc *epc = ep->epc; > u32 reg, msg_data, vec_ctrl; > - unsigned int aligned_offset; > + u64 aligned_offset; Yet here you change actually change aligned_offset. Since msg_addr is u64, aligned_offset should also be u64. Sorry that I missed this. I followed the pattern of dw_pcie_ep_raise_msi_irq(). I've tested my original patch, but the MSI address must have been in the lower 32-bits. Thank you for the fix! If you modify dw_pcie_ep_raise_msix_irq(), perhaps we should also modify dw_pcie_ep_raise_msi_irq(), as it also has aligned_offset defined as "unsigned int" and msg_addr as "u64". Looking more carefully at dw_pcie_ep_raise_msi_irq(), it has: u64 msg_addr; u32 msg_addr_lower, msg_addr_upper; and does: msg_addr = ((u64)msg_addr_upper) << 32 | (msg_addr_lower & ~aligned_offset); So there is no problem there as that operation is performed only on msg_addr_lower, which is u32. However, perhaps we should also modify dw_pcie_ep_raise_msi_irq(), so that "aligned_offset" is u64 instead of "unsigned int", so that it also matches the msi_data. That way dw_pcie_ep_raise_msi_irq() could instead look like this: msg_addr = ((u64)msg_addr_upper) << 32 | msg_addr_lower; msg_addr &= ~aligned_offset; which is slightly more readable IMO, and will ensure that dw_pcie_ep_raise_msi_irq() and dw_pcie_ep_raise_msix_irq() are more similar. But I will leave that decision up to you. Kind regards, Niklas
On Wed, Jan 17, 2024 at 09:21:41PM +0000, Niklas Cassel wrote: > Hello Dan, > > On Wed, Jan 17, 2024 at 09:32:08PM +0300, Dan Carpenter wrote: > > The "msg_addr" variable is u64. However, the "tbl_offset" is an unsigned > > Here you write tbl_offset. > > > int. This means that when the code does > > > > msg_addr &= ~aligned_offset; > > > > it will unintentionally zero out the high 32 bits. Declare "tbl_offset" > > Here you also write tbl_offset. > That's so weird... I can't imagine how that happened. Do you think it could be a Welsh mice situation where forest creatures are changing my work when I'm away from my desk? https://www.youtube.com/shorts/h8gkIbtaaek Fixed in v2. Thanks! regards, dan carpenter
On Fri, Jan 19, 2024 at 11:25:51AM +0300, Dan Carpenter wrote: > On Wed, Jan 17, 2024 at 09:21:41PM +0000, Niklas Cassel wrote: > > Hello Dan, > > > > On Wed, Jan 17, 2024 at 09:32:08PM +0300, Dan Carpenter wrote: > > > The "msg_addr" variable is u64. However, the "tbl_offset" is an unsigned > > > > Here you write tbl_offset. > > > > > int. This means that when the code does > > > > > > msg_addr &= ~aligned_offset; > > > > > > it will unintentionally zero out the high 32 bits. Declare "tbl_offset" > > > > Here you also write tbl_offset. > > > > That's so weird... I can't imagine how that happened. Do you think it > could be a Welsh mice situation where forest creatures are changing my > work when I'm away from my desk? https://www.youtube.com/shorts/h8gkIbtaaek Yes, that it the most likely scenario :) In fact, I think that is what happened with my original patch too... Because while the C-standards says: """ 6.5.3.3 Unary arithmetic operators The result of the unary - operator is the negative of its (promoted) operand. The integer promotions are performed on the operand, and the result has the promoted type. """ Of course, I also remember that implicit integer promotions are only up to "int" or "unsigned int". Because of course it is fine to convert types smaller than int implicitly... but bigger than int? No way! :) #include <stdio.h> #include <stdint.h> void main() { uint16_t val_16 = 0xffff; uint8_t mask_8 = 0xf0; uint32_t val_32 = 0xffffffff; uint16_t mask_16 = 0x00f0; uint64_t val_64 = 0xffffffffffffffff; uint32_t mask_32 = 0x000000f0; uint16_t res_16 = val_16 & ~mask_8; uint32_t res_32 = val_32 & ~mask_16; uint64_t res_64 = val_64 & ~mask_32; printf("16: res: %#llx val: %#llx mask: %#llx\n", res_16, val_16, mask_8); printf("32: res: %#llx val: %#llx mask: %#llx\n", res_32, val_32, mask_16); printf("64: res: %#llx val: %#llx mask: %#llx\n", res_64, val_64, mask_32); } output: 16: res: 0xff0f val: 0xffff mask: 0xf0 32: res: 0xffffff0f val: 0xffffffff mask: 0xf0 64: res: 0xffffff0f val: 0xffffffffffffffff mask: 0xf0 (Silly me for not also reading 6.3.1.1...) Kind regards, Niklas
diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c index 5befed2dc02b..2b6607c23541 100644 --- a/drivers/pci/controller/dwc/pcie-designware-ep.c +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c @@ -525,7 +525,7 @@ int dw_pcie_ep_raise_msix_irq(struct dw_pcie_ep *ep, u8 func_no, struct dw_pcie_ep_func *ep_func; struct pci_epc *epc = ep->epc; u32 reg, msg_data, vec_ctrl; - unsigned int aligned_offset; + u64 aligned_offset; u32 tbl_offset; u64 msg_addr; int ret;