From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4DA0825C80D; Tue, 16 Dec 2025 12:20:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765887625; cv=none; b=GuK8eEOg3wvj2IJh3LiT0uFu4C3ljp6Q95tfUw/ZzES1Sq/4YV7vJkFfTRjXKQ11GoJOjVDvOC3Gc+rBO9nV/eZs+1lafWGvViRMbocjwrJhRetFTjfCu0UBlnwwjHK8j6A7rY39gJm76dVa3cL14XembhXqecyiLFNejyhoaKw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765887625; c=relaxed/simple; bh=assF2pLgz5df4xs7IzpSSMqVsTgpjue3q4vgkHdSgVk=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=MHST/8s58Stq4ZShyxFBGmlq+6ojz6yPjQqZrSBn7iYBYFekW9QunS3FctSJ98P4pCehNLNip7LVwUId5JazqA54m3IeiET0fqdvPYOnrKgCJPwzSibSbBuIn5M9aI2I+bGQYmSTrLaOavqP9WGwakYm811TO5mUEyGdS2mXH4U= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=M0CwuseM; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="M0CwuseM" Received: by smtp.kernel.org (Postfix) with ESMTPSA id C9D06C4CEF5; Tue, 16 Dec 2025 12:20:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1765887625; bh=assF2pLgz5df4xs7IzpSSMqVsTgpjue3q4vgkHdSgVk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=M0CwuseMhl+lx2UjaplGWU1/SYJGB5wumzQthQsthC32hB2m4cE2V/ecNdv/rjopq rGZlr3k7A/hop077yUxyEgGySXjzWxwj1wF1PoBoTiu0rs3GI/9SNV1QbeSFkPmbxP aH4U8r1jkiRxWTalWXp3/mtytQDDwKPGHTkQT7Lk= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Simon Richter , =?UTF-8?q?Alex=20Benn=C3=A9e?= , =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= , Bjorn Helgaas , Sasha Levin Subject: [PATCH 6.18 289/614] PCI: Prevent resource tree corruption when BAR resize fails Date: Tue, 16 Dec 2025 12:10:56 +0100 Message-ID: <20251216111411.841358743@linuxfoundation.org> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251216111401.280873349@linuxfoundation.org> References: <20251216111401.280873349@linuxfoundation.org> User-Agent: quilt/0.69 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 6.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ilpo Järvinen [ Upstream commit 91c4c89db41499eea1b29c56655f79c3bae66e93 ] pbus_reassign_bridge_resources() saves bridge windows into the saved list before attempting to adjust resource assignments to perform a BAR resize operation. If resource adjustments cannot be completed fully, rollback is attempted by restoring the resource from the saved list. The rollback, however, does not check whether the resources it restores were assigned by the partial resize attempt. If restore changes addresses of the resource, it can result in corrupting the resource tree. An example of a corrupted resource tree with overlapping addresses: 6200000000000-6203fbfffffff : pciex@620c3c0000000 6200000000000-6203fbff0ffff : PCI Bus 0030:01 6200020000000-62000207fffff : 0030:01:00.0 6200000000000-6203fbff0ffff : PCI Bus 0030:02 A resource that are assigned into the resource tree must remain unchanged. Thus, release such a resource before attempting to restore and claim it back. For simplicity, always do the release and claim back for the resource even in the cases where it is restored to the same address range. Note: this fix may "break" some cases where devices "worked" because the resource tree corruption allowed address space double counting to fit more resource than what can now be assigned without double counting. The upcoming changes to BAR resizing should address those scenarios (to the extent possible). Fixes: 8bb705e3e79d ("PCI: Add pci_resize_resource() for resizing BARs") Reported-by: Simon Richter Link: https://lore.kernel.org/linux-pci/67840a16-99b4-4d8c-9b5c-4721ab0970a2@hogyros.de/ Reported-by: Alex Bennée Link: https://lore.kernel.org/linux-pci/874irqop6b.fsf@draig.linaro.org/ Signed-off-by: Ilpo Järvinen Signed-off-by: Bjorn Helgaas Tested-by: Alex Bennée # AVA, AMD GPU Link: https://patch.msgid.link/20251113162628.5946-2-ilpo.jarvinen@linux.intel.com Signed-off-by: Sasha Levin --- drivers/pci/setup-bus.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c index 3645f392a9fd3..5ba878f15db35 100644 --- a/drivers/pci/setup-bus.c +++ b/drivers/pci/setup-bus.c @@ -2504,6 +2504,11 @@ int pbus_reassign_bridge_resources(struct pci_bus *bus, struct resource *res) bridge = dev_res->dev; i = pci_resource_num(bridge, res); + if (res->parent) { + release_child_resources(res); + pci_release_resource(bridge, i); + } + restore_dev_resource(dev_res); pci_claim_resource(bridge, i); -- 2.51.0