From: sashiko-bot@kernel.org
To: "Daniel Machon" <daniel.machon@microchip.com>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH net-next v5 03/13] net: microchip: fdma: add PCIe ATU support
Date: Sat, 30 May 2026 00:44:36 +0000 [thread overview]
Message-ID: <20260530004436.4FB791F00898@smtp.kernel.org> (raw)
In-Reply-To: <20260520-lan966x-pci-fdma-v5-3-ca56197ae05b@microchip.com>
Thank you for your contribution! Sashiko AI review found 3 potential issue(s) to consider:
- [Medium] The ATU outbound window limit is statically configured to its maximum size instead of being tightly constrained to the allocated DMA buffer size.
- [Medium] Hardware ATU regions are not explicitly disabled during initialization, risking stray DMAs from stale configuration.
- [Low] The block comment detailing the ATU regions contains a mathematical error, contradicting the actual hardware configuration.
--
commit 474737a9138a576d895670ba7334d761b2fb9464
Author: Daniel Machon <daniel.machon@microchip.com>
net: microchip: fdma: add PCIe ATU support
When lan966x or lan969x operates as a PCIe endpoint, the internal FDMA
engine cannot directly access host memory. Instead, DMA addresses must
be translated through the PCIe Address Translation Unit (ATU), which
provides outbound windows mapping internal addresses to PCIe bus addresses.
> diff --git a/drivers/net/ethernet/microchip/fdma/fdma_pci.c b/drivers/net/ethernet/microchip/fdma/fdma_pci.c
> new file mode 100644
> index 0000000000000..1bd41eaa58a4b
> --- /dev/null
> +++ b/drivers/net/ethernet/microchip/fdma/fdma_pci.c
> @@ -0,0 +1,182 @@
[ ... ]
> + * +-------------+------------+------------+-----+------------+
> + * | Index | Region 0 | Region 1 | ... | Region 5 |
> + * +-------------+------------+------------+-----+------------+
> + * | Base addr | 0x10000000 | 0x12aa0000 | ... | 0x1d500000 |
[Severity: Low]
This isn't a bug, but there appears to be a mathematical error in the
comment. The computed region size is round_down((0x1fffffff - 0x10000000) /
6, BIT(16)) which equals 0x2aa0000. Using this size, Region 5's base address
would be 0x10000000 + (5 * 0x2aa0000) = 0x1d520000, not 0x1d500000.
> + * | Limit addr | 0x12a9ffff | 0x1553ffff | ... | 0x1ff9ffff |
> + * | Target addr | host dma | host dma | ... | host dma |
> + * +-------------+------------+------------+-----+------------+
[ ... ]
> +struct fdma_pci_atu_region *
> +fdma_pci_atu_region_map(struct fdma_pci_atu *atu, u64 target_addr, int size)
> +{
> + struct fdma_pci_atu_region *region;
> +
> + if (!atu)
> + return ERR_PTR(-EINVAL);
> +
> + if (size <= 0)
> + return ERR_PTR(-EINVAL);
> +
> + if (size > fdma_pci_atu_region_size())
> + return ERR_PTR(-E2BIG);
> +
> + region = fdma_pci_atu_region_get_free(atu);
> + if (IS_ERR(region))
> + return region;
> +
> + region->target_addr = target_addr;
> + region->in_use = true;
> +
> + /* Enable first, according to datasheet section 3.24.7.4.1 */
> + fdma_pci_atu_region_enable(region);
> + fdma_pci_atu_configure_translation(region);
> +
> + return region;
> +}
[Severity: Medium]
Could this dynamically program the limit_addr to base_addr + size - 1
to enforce strict DMA bounds, rather than using the statically
configured ~42MB limit?
Since the actual DMA buffer allocations are typically much smaller, the
current approach massively over-provisions the DMA window. Could a
hardware bug or malicious endpoint firmware exploit this to perform
out-of-bounds DMAs and silently corrupt adjacent host physical memory?
[ ... ]
> +void fdma_pci_atu_init(struct fdma_pci_atu *atu, void __iomem *addr)
> +{
> + struct fdma_pci_atu_region *regions = atu->regions;
> + u32 region_size = fdma_pci_atu_region_size();
> +
> + atu->addr = addr;
> +
> + for (int i = 0; i < FDMA_PCI_ATU_REGION_MAX; i++) {
> + regions[i].base_addr =
> + FDMA_PCI_ATU_OB_START + (i * region_size);
> + regions[i].limit_addr =
> + regions[i].base_addr + region_size - 1;
> + regions[i].idx = i;
> + regions[i].atu = atu;
> + }
> +}
[Severity: Medium]
Should the initialization explicitly disable all hardware ATU regions by
clearing their enable bits?
Because the PCIe endpoint controller cannot be hard-reset by the driver
without dropping the PCIe link to the host, the ATU registers might
retain state from the bootloader or a previous kernel crash. Could
stray DMAs to host memory occur before the kernel explicitly reclaims
and reconfigures these regions if they are left enabled?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260520-lan966x-pci-fdma-v5-0-ca56197ae05b@microchip.com?part=3
next prev parent reply other threads:[~2026-05-30 0:44 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-20 8:12 [PATCH net-next v5 00/13] net: lan966x: add support for PCIe FDMA Daniel Machon
2026-05-20 8:12 ` [PATCH net-next v5 01/13] MAINTAINERS: add FDMA library to Sparx5 SoC entry Daniel Machon
2026-05-20 8:12 ` [PATCH net-next v5 02/13] net: microchip: fdma: rename contiguous dataptr helpers Daniel Machon
2026-05-20 8:12 ` [PATCH net-next v5 03/13] net: microchip: fdma: add PCIe ATU support Daniel Machon
2026-05-30 0:44 ` sashiko-bot [this message]
2026-05-20 8:12 ` [PATCH net-next v5 04/13] net: lan966x: add FDMA LLP register write helper Daniel Machon
2026-05-30 0:44 ` sashiko-bot
2026-05-20 8:12 ` [PATCH net-next v5 05/13] net: lan966x: export FDMA helpers for reuse Daniel Machon
2026-05-30 0:44 ` sashiko-bot
2026-05-20 8:12 ` [PATCH net-next v5 06/13] net: lan966x: add FDMA ops dispatch for PCIe support Daniel Machon
2026-05-30 0:44 ` sashiko-bot
2026-05-20 8:12 ` [PATCH net-next v5 07/13] net: lan966x: clear FDMA interrupt stickies after switch reset Daniel Machon
2026-05-20 8:12 ` [PATCH net-next v5 08/13] net: lan966x: add shutdown callback to stop FDMA on reboot Daniel Machon
2026-05-23 1:45 ` Jakub Kicinski
2026-05-30 0:44 ` sashiko-bot
2026-05-20 8:12 ` [PATCH net-next v5 09/13] net: lan966x: add PCIe FDMA support Daniel Machon
2026-05-23 1:56 ` Jakub Kicinski
2026-05-30 0:44 ` sashiko-bot
2026-05-20 8:12 ` [PATCH net-next v5 10/13] net: lan966x: add PCIe FDMA MTU change support Daniel Machon
2026-05-30 0:44 ` sashiko-bot
2026-05-20 8:12 ` [PATCH net-next v5 11/13] net: lan966x: add PCIe FDMA XDP support Daniel Machon
2026-05-23 2:01 ` Jakub Kicinski
2026-05-20 8:12 ` [PATCH net-next v5 12/13] misc: lan966x-pci: dts: extend cpu reg to cover PCIE DBI space Daniel Machon
2026-05-23 2:01 ` Jakub Kicinski
2026-05-20 8:12 ` [PATCH net-next v5 13/13] misc: lan966x-pci: dts: add fdma interrupt to overlay Daniel Machon
2026-05-21 14:12 ` [PATCH net-next v5 00/13] net: lan966x: add support for PCIe FDMA Daniel Machon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260530004436.4FB791F00898@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel.machon@microchip.com \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.