From: John Garry <john.garry@huawei.com>
To: Bjorn Helgaas <helgaas@kernel.org>
Cc: <lorenzo.pieralisi@arm.com>, <arnd@arndb.de>,
<linux-pci@vger.kernel.org>, <rjw@rjwysocki.net>,
<linux-arm-kernel@lists.infradead.org>, <will.deacon@arm.com>,
<wangkefeng.wang@huawei.com>, <linuxarm@huawei.com>,
<andriy.shevchenko@linux.intel.com>,
<linux-kernel@vger.kernel.org>, <catalin.marinas@arm.com>
Subject: Re: [PATCH v4 1/3] lib: logic_pio: Use logical PIO low-level accessors for !CONFIG_INDIRECT_PIO
Date: Thu, 13 Jun 2019 16:21:35 +0100 [thread overview]
Message-ID: <5b03c093-26fb-0e01-6104-5f92eef7956e@huawei.com> (raw)
In-Reply-To: <20190613135825.GG13533@google.com>
On 13/06/2019 14:58, Bjorn Helgaas wrote:
> On Tue, Jun 11, 2019 at 10:12:52PM +0800, John Garry wrote:
> Another thought here:
>
>> if (addr < MMIO_UPPER_LIMIT) { \
>> ret = read##bw(PCI_IOBASE + addr); \
>> } else if (addr >= MMIO_UPPER_LIMIT && addr < IO_SPACE_LIMIT) { \
>> - struct logic_pio_hwaddr *entry = find_io_range(addr); \
>> + struct logic_pio_hwaddr *range = find_io_range(addr); \
>> + size_t sz = sizeof(type); \
>> \
>> - if (entry && entry->ops) \
>> - ret = entry->ops->in(entry->hostdata, \
>> - addr, sizeof(type)); \
>> + if (range && range->ops) \
>> + ret = range->ops->in(range->hostdata, addr, sz);\
>> else \
>> WARN_ON_ONCE(1);
Hi Bjorn,
\
>
> Could this be simplified a little by requiring callers to set
> range->ops for LOGIC_PIO_INDIRECT ranges *before* calling
> logic_pio_register_range()? E.g.,
>
> hisi_lpc_probe(...)
> {
> range = devm_kzalloc(...);
> range->flags = LOGIC_PIO_INDIRECT;
> range->ops = &hisi_lpc_ops;
> logic_pio_register_range(range);
> ...
>
> and
>
> logic_pio_register_range(struct logic_pio_hwaddr *new_range)
> {
> if (new_range->flags == LOGIC_PIO_INDIRECT && !new_range->ops)
> return -EINVAL;
> ...
>
> Then maybe you wouldn't need to check range->ops in the accessors.
>
I think I know the reason why it was done this way.
So currently there is no method to unregister a logical PIO region (the
old code leaked ranges as well). As such, if hisi_lpc_probe() fails
after we register the logical PIO range, there would be a range
registered but no actual host backing it. So we set the ops at the point
at which the probe cannot fail to avoid a potential problem.
And now I realise that there is a bug in the code - range is allocated
with devm_kzalloc and is passed to logic_pio_register_range(). As such,
if the hisi_lpc_probe() goes on to fail, then this memory would be
free'd and we have an issue.
PCI code should be ok as it uses kzalloc().
The simplest solution is to not change the logical PIO API to allocate
this memory itself, but rather make hisi_lpc_probe() use kzalloc(). And,
if we go this way, we can use your idea to set the ops.
I'll spin a separate patch for this.
Thanks,
John
> Bjorn
>
> .
>
WARNING: multiple messages have this Message-ID (diff)
From: John Garry <john.garry@huawei.com>
To: Bjorn Helgaas <helgaas@kernel.org>
Cc: rjw@rjwysocki.net, wangkefeng.wang@huawei.com,
lorenzo.pieralisi@arm.com, arnd@arndb.de,
linux-pci@vger.kernel.org, will.deacon@arm.com,
linuxarm@huawei.com, linux-kernel@vger.kernel.org,
catalin.marinas@arm.com, andriy.shevchenko@linux.intel.com,
linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH v4 1/3] lib: logic_pio: Use logical PIO low-level accessors for !CONFIG_INDIRECT_PIO
Date: Thu, 13 Jun 2019 16:21:35 +0100 [thread overview]
Message-ID: <5b03c093-26fb-0e01-6104-5f92eef7956e@huawei.com> (raw)
In-Reply-To: <20190613135825.GG13533@google.com>
On 13/06/2019 14:58, Bjorn Helgaas wrote:
> On Tue, Jun 11, 2019 at 10:12:52PM +0800, John Garry wrote:
> Another thought here:
>
>> if (addr < MMIO_UPPER_LIMIT) { \
>> ret = read##bw(PCI_IOBASE + addr); \
>> } else if (addr >= MMIO_UPPER_LIMIT && addr < IO_SPACE_LIMIT) { \
>> - struct logic_pio_hwaddr *entry = find_io_range(addr); \
>> + struct logic_pio_hwaddr *range = find_io_range(addr); \
>> + size_t sz = sizeof(type); \
>> \
>> - if (entry && entry->ops) \
>> - ret = entry->ops->in(entry->hostdata, \
>> - addr, sizeof(type)); \
>> + if (range && range->ops) \
>> + ret = range->ops->in(range->hostdata, addr, sz);\
>> else \
>> WARN_ON_ONCE(1);
Hi Bjorn,
\
>
> Could this be simplified a little by requiring callers to set
> range->ops for LOGIC_PIO_INDIRECT ranges *before* calling
> logic_pio_register_range()? E.g.,
>
> hisi_lpc_probe(...)
> {
> range = devm_kzalloc(...);
> range->flags = LOGIC_PIO_INDIRECT;
> range->ops = &hisi_lpc_ops;
> logic_pio_register_range(range);
> ...
>
> and
>
> logic_pio_register_range(struct logic_pio_hwaddr *new_range)
> {
> if (new_range->flags == LOGIC_PIO_INDIRECT && !new_range->ops)
> return -EINVAL;
> ...
>
> Then maybe you wouldn't need to check range->ops in the accessors.
>
I think I know the reason why it was done this way.
So currently there is no method to unregister a logical PIO region (the
old code leaked ranges as well). As such, if hisi_lpc_probe() fails
after we register the logical PIO range, there would be a range
registered but no actual host backing it. So we set the ops at the point
at which the probe cannot fail to avoid a potential problem.
And now I realise that there is a bug in the code - range is allocated
with devm_kzalloc and is passed to logic_pio_register_range(). As such,
if the hisi_lpc_probe() goes on to fail, then this memory would be
free'd and we have an issue.
PCI code should be ok as it uses kzalloc().
The simplest solution is to not change the logical PIO API to allocate
this memory itself, but rather make hisi_lpc_probe() use kzalloc(). And,
if we go this way, we can use your idea to set the ops.
I'll spin a separate patch for this.
Thanks,
John
> Bjorn
>
> .
>
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2019-06-13 15:21 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-11 14:12 [PATCH v4 0/3] Fix ARM64 crash for accessing unmapped IO port regions John Garry
2019-06-11 14:12 ` John Garry
2019-06-11 14:12 ` [PATCH v4 1/3] lib: logic_pio: Use logical PIO low-level accessors for !CONFIG_INDIRECT_PIO John Garry
2019-06-11 14:12 ` John Garry
2019-06-13 2:39 ` Bjorn Helgaas
2019-06-13 2:39 ` Bjorn Helgaas
2019-06-13 9:39 ` John Garry
2019-06-13 9:39 ` John Garry
2019-06-13 20:09 ` Bjorn Helgaas
2019-06-13 20:09 ` Bjorn Helgaas
2019-06-14 9:02 ` John Garry
2019-06-14 9:02 ` John Garry
2019-06-14 11:50 ` Bjorn Helgaas
2019-06-14 11:50 ` Bjorn Helgaas
2019-06-14 12:22 ` John Garry
2019-06-14 12:22 ` John Garry
2019-06-13 13:58 ` Bjorn Helgaas
2019-06-13 13:58 ` Bjorn Helgaas
2019-06-13 15:21 ` John Garry [this message]
2019-06-13 15:21 ` John Garry
2019-06-11 14:12 ` [PATCH v4 2/3] lib: logic_pio: Reject accesses to unregistered CPU MMIO regions John Garry
2019-06-11 14:12 ` John Garry
2019-06-13 3:20 ` Bjorn Helgaas
2019-06-13 3:20 ` Bjorn Helgaas
2019-06-13 7:47 ` Arnd Bergmann
2019-06-13 7:47 ` Arnd Bergmann
2019-06-13 10:17 ` John Garry
2019-06-13 10:17 ` John Garry
2019-06-13 13:46 ` Bjorn Helgaas
2019-06-13 13:46 ` Bjorn Helgaas
2019-06-13 14:09 ` John Garry
2019-06-13 14:09 ` John Garry
2019-06-11 14:12 ` [PATCH v4 3/3] lib: logic_pio: Fix up a print John Garry
2019-06-11 14:12 ` John Garry
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5b03c093-26fb-0e01-6104-5f92eef7956e@huawei.com \
--to=john.garry@huawei.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=arnd@arndb.de \
--cc=catalin.marinas@arm.com \
--cc=helgaas@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linuxarm@huawei.com \
--cc=lorenzo.pieralisi@arm.com \
--cc=rjw@rjwysocki.net \
--cc=wangkefeng.wang@huawei.com \
--cc=will.deacon@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.