From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8BEE835502A; Tue, 16 Dec 2025 11:52:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765885922; cv=none; b=ZfkpgkLqxmqodLwZRVIFAerCeU2eqRniqpYpZkuQojY+JY2ZjRU3WosLI9eLp+LR/hzRjBgBmgvVI2Uoc+Ey4v7NQI+Cp0NIgUe3tWRHOZ2kKOL+h4ZGW9nLqSRFj3km+cKh0DsX1sSHnTVIOeG6hJr8W2kAlHqx1NefZ1HGZvg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765885922; c=relaxed/simple; bh=9F9RUt/r6yGB28S5XSyovFMiHyL2IJCubp+zkczrLds=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=BUTIb1HLhkzDQoRhjUFAw2mZw/yNRWkD876O6W5zvHkAryvaknTvwkVlfli7KM64UydXmZNrr56Y3AKbDSXtzIh/ItraDLRddZK7ggLRoFtFZns1axX4dglNQdEQJuGl/xwvLEB1wAdsF9iIh/MpWla9CadAeDatzMguM9Z19fA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=ioNW8OTe; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="ioNW8OTe" Received: by smtp.kernel.org (Postfix) with ESMTPSA id ED2DAC4CEF1; Tue, 16 Dec 2025 11:52:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1765885922; bh=9F9RUt/r6yGB28S5XSyovFMiHyL2IJCubp+zkczrLds=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ioNW8OTegtP8lJ7jenA2FizG/kT+GyrpaNW44au8qNsNCvVem0RPa+ijOJ/6b+Dfh 2A1Ylp2CkFOCkxVWI3f6l137tLUj0Np5w+dqEq5AnLjTTDgttUzrwMPkWNnZ7SGpBx vw/2ykdLoUPJXfznywoYeN10R1dB02W2pYN7UMFc= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Simon Richter , =?UTF-8?q?Alex=20Benn=C3=A9e?= , =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= , Bjorn Helgaas , Sasha Levin Subject: [PATCH 6.17 241/507] PCI: Prevent resource tree corruption when BAR resize fails Date: Tue, 16 Dec 2025 12:11:22 +0100 Message-ID: <20251216111354.228894473@linuxfoundation.org> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251216111345.522190956@linuxfoundation.org> References: <20251216111345.522190956@linuxfoundation.org> User-Agent: quilt/0.69 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 6.17-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ilpo Järvinen [ Upstream commit 91c4c89db41499eea1b29c56655f79c3bae66e93 ] pbus_reassign_bridge_resources() saves bridge windows into the saved list before attempting to adjust resource assignments to perform a BAR resize operation. If resource adjustments cannot be completed fully, rollback is attempted by restoring the resource from the saved list. The rollback, however, does not check whether the resources it restores were assigned by the partial resize attempt. If restore changes addresses of the resource, it can result in corrupting the resource tree. An example of a corrupted resource tree with overlapping addresses: 6200000000000-6203fbfffffff : pciex@620c3c0000000 6200000000000-6203fbff0ffff : PCI Bus 0030:01 6200020000000-62000207fffff : 0030:01:00.0 6200000000000-6203fbff0ffff : PCI Bus 0030:02 A resource that are assigned into the resource tree must remain unchanged. Thus, release such a resource before attempting to restore and claim it back. For simplicity, always do the release and claim back for the resource even in the cases where it is restored to the same address range. Note: this fix may "break" some cases where devices "worked" because the resource tree corruption allowed address space double counting to fit more resource than what can now be assigned without double counting. The upcoming changes to BAR resizing should address those scenarios (to the extent possible). Fixes: 8bb705e3e79d ("PCI: Add pci_resize_resource() for resizing BARs") Reported-by: Simon Richter Link: https://lore.kernel.org/linux-pci/67840a16-99b4-4d8c-9b5c-4721ab0970a2@hogyros.de/ Reported-by: Alex Bennée Link: https://lore.kernel.org/linux-pci/874irqop6b.fsf@draig.linaro.org/ Signed-off-by: Ilpo Järvinen Signed-off-by: Bjorn Helgaas Tested-by: Alex Bennée # AVA, AMD GPU Link: https://patch.msgid.link/20251113162628.5946-2-ilpo.jarvinen@linux.intel.com Signed-off-by: Sasha Levin --- drivers/pci/setup-bus.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c index 77a566aeae601..bca00d7ce3ce0 100644 --- a/drivers/pci/setup-bus.c +++ b/drivers/pci/setup-bus.c @@ -2489,6 +2489,11 @@ int pci_reassign_bridge_resources(struct pci_dev *bridge, unsigned long type) bridge = dev_res->dev; i = pci_resource_num(bridge, res); + if (res->parent) { + release_child_resources(res); + pci_release_resource(bridge, i); + } + restore_dev_resource(dev_res); pci_claim_resource(bridge, i); -- 2.51.0