Re: [PATCH v2 07/11] iommu/arm-smmu-v3: Disable PRI when no IRQ handler is registered

All of lore.kernel.org
 help / color / mirror / Atom feed

From: sashiko-bot@kernel.org
To: "Nicolin Chen" <nicolinc@nvidia.com>
Cc: linux-pci@vger.kernel.org
Subject: Re: [PATCH v2 07/11] iommu/arm-smmu-v3: Disable PRI when no IRQ handler is registered
Date: Thu, 28 May 2026 09:13:52 +0000	[thread overview]
Message-ID: <20260528091353.22C8F1F000E9@smtp.kernel.org> (raw)
In-Reply-To: <9b99c4ae66653e49b849dbca0ed2caee1cceb368.1779944354.git.nicolinc@nvidia.com>

Thank you for your contribution! Sashiko AI review found 4 potential issue(s) to consider:

New issues:
- [High] Updating multiple CR0 enable bits in a single write causes CONSTRAINED UNPREDICTABLE behavior.

Pre-existing issues:
- [High] The kdump kernel path forcibly disables the PRI queue in hardware but leaves the ARM_SMMU_FEAT_PRI software flag set.
- [High] Failure to enable IRQ generation in hardware bypasses the PRI disabling logic, leaving the PRI queue enabled without functioning interrupts.
- [High] SMMU interrupts (EVTQ and GERROR) are enabled in hardware even if the OS fails to register their IRQ handlers, leading to potential unhandled interrupts.
--

commit cbf6d221eefa894b802ea8dddcf53abb97fab008
Author: Nicolin Chen <nicolinc@nvidia.com>

iommu/arm-smmu-v3: Disable PRI when no IRQ handler is registered

This patch updates the SMMUv3 driver to clear the ARM_SMMU_FEAT_PRI flag
when PRI queue IRQ setup fails. It also ensures that the PRI queue is
disabled in the hardware CR0 register if the feature is no longer supported
after IRQ setup.

> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> index 371a8bbdf6756..72fd5caa27368 100644
> --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
> @@ -4738,11 +4738,14 @@ static void arm_smmu_setup_unique_irqs(struct arm_smmu_device *smmu)
>  							IRQF_ONESHOT,
>  							"arm-smmu-v3-priq",
>  							smmu);
> -			if (ret < 0)
> +			if (ret < 0) {
>  				dev_warn(smmu->dev,
>  					 "failed to enable priq irq\n");
> +				smmu->features &= ~ARM_SMMU_FEAT_PRI;
> +			}
>  		} else {
>  			dev_warn(smmu->dev, "no priq irq - PRI will be broken\n");
> +			smmu->features &= ~ARM_SMMU_FEAT_PRI;
>  		}
>  	}
>  }

[Severity: High]
This is a pre-existing issue, but EVTQ and GERROR interrupts are enabled in
the hardware IRQ_CTRL register even if their IRQ handlers fail to register
earlier in arm_smmu_setup_unique_irqs():

    irq = smmu->evtq.q.irq;
    if (irq) {
        ret = devm_request_threaded_irq(...);
        if (ret < 0)
            dev_warn(smmu->dev, "failed to enable evtq irq\n");

Does the unconditional propagation of EVTQ and GERROR enable bits to the
hardware trigger persistent unhandled IRQ storms if registration fails?

[ ... ]

> @@ -4771,8 +4774,10 @@ static int arm_smmu_setup_irqs(struct arm_smmu_device *smmu)
>  					arm_smmu_combined_irq_thread,
>  					IRQF_ONESHOT,
>  					"arm-smmu-v3-combined-irq", smmu);
> -		if (ret < 0)
> +		if (ret < 0) {
>  			dev_warn(smmu->dev, "failed to enable combined irq\n");
> +			smmu->features &= ~ARM_SMMU_FEAT_PRI;
> +		}
>  	} else
>  		arm_smmu_setup_unique_irqs(smmu);
>  

[Severity: High]
This is a pre-existing issue, but if arm_smmu_write_reg_sync() fails to enable
IRQ generation in hardware at the end of arm_smmu_setup_irqs(), the function
still returns 0:

    ret = arm_smmu_write_reg_sync(smmu, irqen_flags,
                                  ARM_SMMU_IRQ_CTRL, ARM_SMMU_IRQ_CTRLACK);
    if (ret)
        dev_warn(smmu->dev, "failed to enable irqs\n");
    
    return 0;

Does this silent fall-through bypass the PRI disabling logic in the caller
and leave the hardware PRI queues enabled without functioning interrupt
drainers, potentially causing unrecoverable PCIe bus stalls?

[ ... ]

> @@ -4931,6 +4936,10 @@ static int arm_smmu_device_reset(struct arm_smmu_device *smmu)
>  		return ret;
>  	}
>  
> +	/* arm_smmu_setup_irqs() might have unset the ARM_SMMU_FEAT_PRI */
> +	if (!(smmu->features & ARM_SMMU_FEAT_PRI))
> +		enables &= ~CR0_PRIQEN;
> +
>  	if (is_kdump_kernel())
>  		enables &= ~(CR0_EVTQEN | CR0_PRIQEN);

[Severity: High]
This isn't a bug introduced by this patch, but the kdump kernel path forcibly
disables the PRI queue in hardware here while leaving the ARM_SMMU_FEAT_PRI
software flag set.

Does bypassing the clearance of ARM_SMMU_FEAT_PRI force active endpoint
capabilities against disabled hardware queues, causing permanent SMMU aborts?

[Severity: High]
Further down in arm_smmu_device_reset(), the SMMU interface is enabled using
the updated enables mask:

    enables |= CR0_SMMUEN;
    ret = arm_smmu_write_reg_sync(smmu, enables, ARM_SMMU_CR0,
                                  ARM_SMMU_CR0ACK);

Does updating multiple CR0 enable bits in a single write cause CONSTRAINED
UNPREDICTABLE behavior?

By clearing CR0_PRIQEN above and setting CR0_SMMUEN simultaneously here,
might this trigger an unpredictable hardware state? Would sequenced
write-and-ACK patterns for each enable bit resolve this synchronization flaw?

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/cover.1779944354.git.nicolinc@nvidia.com?part=7

next prev parent reply	other threads:[~2026-05-28  9:13 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-28  7:59 [PATCH v2 00/11] iommu/arm-smmu-v3: Add PRI support Nicolin Chen
2026-05-28  7:59 ` [PATCH v2 01/11] iommu/arm-smmu-v3: Add arm_smmu_attach_release() Nicolin Chen
2026-05-28  7:59 ` [PATCH v2 02/11] iommu/arm-smmu-v3: Factor out __queue_empty() and __queue_consumed() Nicolin Chen
2026-05-28  7:59 ` [PATCH v2 03/11] iommu/arm-smmu-v3: Add arm_smmu_drain_queue_for_iopf() helper Nicolin Chen
2026-05-28  8:43   ` sashiko-bot
2026-05-28  7:59 ` [PATCH v2 04/11] iommu/arm-smmu-v3: Drain in-flight fault handlers Nicolin Chen
2026-05-28 11:45   ` sashiko-bot
2026-05-28  7:59 ` [PATCH v2 05/11] iommu/arm-smmu-v3: Submit CMDQ_OP_PRI_RESP for IOPF event Nicolin Chen
2026-05-28  7:59 ` [PATCH v2 06/11] iommu/arm-smmu-v3: Support PRI Page Request in arm_smmu_handle_ppr() Nicolin Chen
2026-05-30  4:59   ` sashiko-bot
2026-05-28  7:59 ` [PATCH v2 07/11] iommu/arm-smmu-v3: Disable PRI when no IRQ handler is registered Nicolin Chen
2026-05-28  9:13   ` sashiko-bot [this message]
2026-05-28  7:59 ` [PATCH v2 08/11] iommu/arm-smmu-v3: Allocate IOPF queue for ARM_SMMU_FEAT_PRI Nicolin Chen
2026-05-28  8:59   ` sashiko-bot
2026-05-28  7:59 ` [PATCH v2 09/11] PCI/ATS: Add PRI stubs Nicolin Chen
2026-05-28  7:59 ` [PATCH v2 10/11] PCI/ATS: Export pci_enable_pri() and pci_reset_pri() Nicolin Chen
2026-05-28  7:59 ` [PATCH v2 11/11] iommu/arm-smmu-v3: Enable PRI for PCI device in arm_smmu_probe_device() Nicolin Chen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260528091353.22C8F1F000E9@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=linux-pci@vger.kernel.org \
    --cc=nicolinc@nvidia.com \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.