From: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
To: Tim Harvey <tharvey-UMMOYl/HMS+akBO8gow8eQ@public.gmane.org>
Cc: linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org,
linux-pci-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Jingoo Han <jg1.han-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>,
Lucas Stach <l.stach-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org>,
Mark Rutland <mark.rutland-5wv7dgnIgG8@public.gmane.org>,
linux-samsung-soc
<linux-samsung-soc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Richard Zhu <r65037-KZfg59tc24xl57MIdRCFDg@public.gmane.org>,
Sascha Hauer <kernel-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org>,
Arnd Bergmann <arnd-r2nGTMty4D4@public.gmane.org>,
Stephen Warren <swarren-3lzwWm7+Weoh9ZMKESR00Q@public.gmane.org>,
Bjorn Helgaas <bhelgaas-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Simon Horman <horms-/R6kz+dDXgpPR4JQBCEnsQ@public.gmane.org>,
Thierry Reding
<thierry.reding-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Ben Dooks <ben-linux-elnMNo+KYs3YtjvyW6yDsg@public.gmane.org>,
linux-tegra <linux-tegra-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Kukjin Kim <kgene.kim-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org>,
Shawn Guo <shawn.guo-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>,
Grant Likely
<grant.likely-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
Subject: Re: [PATCH 1/2] of/irq: Fix irq-mapping in of_irq_parse_raw()
Date: Tue, 11 Mar 2014 14:15:33 -0600 [thread overview]
Message-ID: <20140311201533.GF31835@obsidianresearch.com> (raw)
In-Reply-To: <1393944864-28113-1-git-send-email-tharvey-UMMOYl/HMS+akBO8gow8eQ@public.gmane.org>
On Tue, Mar 04, 2014 at 06:54:24AM -0800, Tim Harvey wrote:
> When an interrupt-map contains multiple entries an imap pointer arithmetic
> bug can cause only the first entry to be properly evaluated and causes
> the out_irq parameters to be incorrect depending on the #interrupt-cells
> and #address-cells of the parent interrupt controller.
Tim,
I took a bit closer look at this for you, and I suspect the root fix
is this:
--- a/Documentation/devicetree/bindings/arm/gic.txt
+++ b/Documentation/devicetree/bindings/arm/gic.txt
@@ -55,7 +55,6 @@ Example:
intc: interrupt-controller@fff11000 {
compatible = "arm,cortex-a9-gic";
#interrupt-cells = <3>;
- #address-cells = <1>;
interrupt-controller;
reg = <0xfff11000 0x1000>,
<0xfff10100 0x100>;
(plus the corresponding purge from the .dt files)
It looks like the implementation does follow the OF specification:
Each mapping entry consists of a 3-tuple of (child-interrupt,
interrupt-parent, parent-interrupt). The number of cells for the
child-interrupt specifier is determined by the "#address-cells" and
"#interrupt-cells"property of this node. The number of cells for the
parent-interrupt value is determined by the "#address-cells"and
"#interrupt-cells"property values of this node's
interrupt-parent.
So by specifying interrupt-cells = 3, address-cells = 1, the GIC is
requiring 4 DWs for its interrupt specifier.
I see no reason why it doesn't have an address-cells = 0 like other
interrupt controllers..
Setting #address-cells to 0 in the GIC node should be functionally
equivalent to your patch below, since newaddrsize will == 0.
Regards,
Jason
> diff --git a/drivers/of/irq.c b/drivers/of/irq.c
> index 9bcf2cf..8829197 100644
> +++ b/drivers/of/irq.c
> @@ -237,11 +237,11 @@ int of_irq_parse_raw(const __be32 *addr, struct of_phandle_args *out_irq)
> /* Check for malformed properties */
> if (WARN_ON(newaddrsize + newintsize > MAX_PHANDLE_ARGS))
> goto fail;
> - if (imaplen < (newaddrsize + newintsize))
> + if (imaplen < newintsize)
> goto fail;
>
> - imap += newaddrsize + newintsize;
> - imaplen -= newaddrsize + newintsize;
> + imap += newintsize;
> + imaplen -= newintsize;
>
> pr_debug(" -> imaplen=%d\n", imaplen);
> }
WARNING: multiple messages have this Message-ID (diff)
From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
To: Tim Harvey <tharvey@gateworks.com>
Cc: linux-arm-kernel@lists.infradead.org, linux-pci@vger.kernel.org,
Jingoo Han <jg1.han@samsung.com>,
Lucas Stach <l.stach@pengutronix.de>,
Mark Rutland <mark.rutland@arm.com>,
linux-samsung-soc <linux-samsung-soc@vger.kernel.org>,
Richard Zhu <r65037@freescale.com>,
Sascha Hauer <kernel@pengutronix.de>,
Arnd Bergmann <arnd@arndb.de>,
Stephen Warren <swarren@wwwdotorg.org>,
Bjorn Helgaas <bhelgaas@google.com>,
Simon Horman <horms@verge.net.au>,
Thierry Reding <thierry.reding@gmail.com>,
Ben Dooks <ben-linux@fluff.org>,
linux-tegra <linux-tegra@vger.kernel.org>,
Kukjin Kim <kgene.kim@samsung.com>,
Shawn Guo <shawn.guo@linaro.org>,
Grant Likely <grant.likely@linaro.org>
Subject: Re: [PATCH 1/2] of/irq: Fix irq-mapping in of_irq_parse_raw()
Date: Tue, 11 Mar 2014 14:15:33 -0600 [thread overview]
Message-ID: <20140311201533.GF31835@obsidianresearch.com> (raw)
In-Reply-To: <1393944864-28113-1-git-send-email-tharvey@gateworks.com>
On Tue, Mar 04, 2014 at 06:54:24AM -0800, Tim Harvey wrote:
> When an interrupt-map contains multiple entries an imap pointer arithmetic
> bug can cause only the first entry to be properly evaluated and causes
> the out_irq parameters to be incorrect depending on the #interrupt-cells
> and #address-cells of the parent interrupt controller.
Tim,
I took a bit closer look at this for you, and I suspect the root fix
is this:
--- a/Documentation/devicetree/bindings/arm/gic.txt
+++ b/Documentation/devicetree/bindings/arm/gic.txt
@@ -55,7 +55,6 @@ Example:
intc: interrupt-controller@fff11000 {
compatible = "arm,cortex-a9-gic";
#interrupt-cells = <3>;
- #address-cells = <1>;
interrupt-controller;
reg = <0xfff11000 0x1000>,
<0xfff10100 0x100>;
(plus the corresponding purge from the .dt files)
It looks like the implementation does follow the OF specification:
Each mapping entry consists of a 3-tuple of (child-interrupt,
interrupt-parent, parent-interrupt). The number of cells for the
child-interrupt specifier is determined by the "#address-cells" and
"#interrupt-cells"property of this node. The number of cells for the
parent-interrupt value is determined by the "#address-cells"and
"#interrupt-cells"property values of this node's
interrupt-parent.
So by specifying interrupt-cells = 3, address-cells = 1, the GIC is
requiring 4 DWs for its interrupt specifier.
I see no reason why it doesn't have an address-cells = 0 like other
interrupt controllers..
Setting #address-cells to 0 in the GIC node should be functionally
equivalent to your patch below, since newaddrsize will == 0.
Regards,
Jason
> diff --git a/drivers/of/irq.c b/drivers/of/irq.c
> index 9bcf2cf..8829197 100644
> +++ b/drivers/of/irq.c
> @@ -237,11 +237,11 @@ int of_irq_parse_raw(const __be32 *addr, struct of_phandle_args *out_irq)
> /* Check for malformed properties */
> if (WARN_ON(newaddrsize + newintsize > MAX_PHANDLE_ARGS))
> goto fail;
> - if (imaplen < (newaddrsize + newintsize))
> + if (imaplen < newintsize)
> goto fail;
>
> - imap += newaddrsize + newintsize;
> - imaplen -= newaddrsize + newintsize;
> + imap += newintsize;
> + imaplen -= newintsize;
>
> pr_debug(" -> imaplen=%d\n", imaplen);
> }
WARNING: multiple messages have this Message-ID (diff)
From: jgunthorpe@obsidianresearch.com (Jason Gunthorpe)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 1/2] of/irq: Fix irq-mapping in of_irq_parse_raw()
Date: Tue, 11 Mar 2014 14:15:33 -0600 [thread overview]
Message-ID: <20140311201533.GF31835@obsidianresearch.com> (raw)
In-Reply-To: <1393944864-28113-1-git-send-email-tharvey@gateworks.com>
On Tue, Mar 04, 2014 at 06:54:24AM -0800, Tim Harvey wrote:
> When an interrupt-map contains multiple entries an imap pointer arithmetic
> bug can cause only the first entry to be properly evaluated and causes
> the out_irq parameters to be incorrect depending on the #interrupt-cells
> and #address-cells of the parent interrupt controller.
Tim,
I took a bit closer look at this for you, and I suspect the root fix
is this:
--- a/Documentation/devicetree/bindings/arm/gic.txt
+++ b/Documentation/devicetree/bindings/arm/gic.txt
@@ -55,7 +55,6 @@ Example:
intc: interrupt-controller at fff11000 {
compatible = "arm,cortex-a9-gic";
#interrupt-cells = <3>;
- #address-cells = <1>;
interrupt-controller;
reg = <0xfff11000 0x1000>,
<0xfff10100 0x100>;
(plus the corresponding purge from the .dt files)
It looks like the implementation does follow the OF specification:
Each mapping entry consists of a 3-tuple of (child-interrupt,
interrupt-parent, parent-interrupt). The number of cells for the
child-interrupt specifier is determined by the "#address-cells" and
"#interrupt-cells"property of this node. The number of cells for the
parent-interrupt value is determined by the "#address-cells"and
"#interrupt-cells"property values of this node's
interrupt-parent.
So by specifying interrupt-cells = 3, address-cells = 1, the GIC is
requiring 4 DWs for its interrupt specifier.
I see no reason why it doesn't have an address-cells = 0 like other
interrupt controllers..
Setting #address-cells to 0 in the GIC node should be functionally
equivalent to your patch below, since newaddrsize will == 0.
Regards,
Jason
> diff --git a/drivers/of/irq.c b/drivers/of/irq.c
> index 9bcf2cf..8829197 100644
> +++ b/drivers/of/irq.c
> @@ -237,11 +237,11 @@ int of_irq_parse_raw(const __be32 *addr, struct of_phandle_args *out_irq)
> /* Check for malformed properties */
> if (WARN_ON(newaddrsize + newintsize > MAX_PHANDLE_ARGS))
> goto fail;
> - if (imaplen < (newaddrsize + newintsize))
> + if (imaplen < newintsize)
> goto fail;
>
> - imap += newaddrsize + newintsize;
> - imaplen -= newaddrsize + newintsize;
> + imap += newintsize;
> + imaplen -= newintsize;
>
> pr_debug(" -> imaplen=%d\n", imaplen);
> }
next prev parent reply other threads:[~2014-03-11 20:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-03-04 14:54 [PATCH 1/2] of/irq: Fix irq-mapping in of_irq_parse_raw() Tim Harvey
2014-03-04 14:54 ` Tim Harvey
2014-03-04 14:54 ` Tim Harvey
2014-03-04 19:40 ` Tim Harvey
2014-03-04 19:40 ` Tim Harvey
[not found] ` <1393944864-28113-1-git-send-email-tharvey-UMMOYl/HMS+akBO8gow8eQ@public.gmane.org>
2014-03-11 20:15 ` Jason Gunthorpe [this message]
2014-03-11 20:15 ` Jason Gunthorpe
2014-03-11 20:15 ` Jason Gunthorpe
2014-03-12 3:37 ` Tim Harvey
2014-03-12 3:37 ` Tim Harvey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140311201533.GF31835@obsidianresearch.com \
--to=jgunthorpe-epgobjl8dl3ta4ec/59zmfatqe2ktcn/@public.gmane.org \
--cc=arnd-r2nGTMty4D4@public.gmane.org \
--cc=ben-linux-elnMNo+KYs3YtjvyW6yDsg@public.gmane.org \
--cc=bhelgaas-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
--cc=grant.likely-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=horms-/R6kz+dDXgpPR4JQBCEnsQ@public.gmane.org \
--cc=jg1.han-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org \
--cc=kernel-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org \
--cc=kgene.kim-Sze3O3UU22JBDgjK7y7TUQ@public.gmane.org \
--cc=l.stach-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org \
--cc=linux-arm-kernel-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org \
--cc=linux-pci-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-samsung-soc-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-tegra-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mark.rutland-5wv7dgnIgG8@public.gmane.org \
--cc=r65037-KZfg59tc24xl57MIdRCFDg@public.gmane.org \
--cc=shawn.guo-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org \
--cc=swarren-3lzwWm7+Weoh9ZMKESR00Q@public.gmane.org \
--cc=tharvey-UMMOYl/HMS+akBO8gow8eQ@public.gmane.org \
--cc=thierry.reding-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.