From: Bjorn Helgaas <helgaas@kernel.org>
To: Andrea della Porta <andrea.porta@suse.com>
Cc: Michael Turquette <mturquette@baylibre.com>,
Stephen Boyd <sboyd@kernel.org>, Rob Herring <robh@kernel.org>,
Krzysztof Kozlowski <krzk+dt@kernel.org>,
Conor Dooley <conor+dt@kernel.org>,
Florian Fainelli <florian.fainelli@broadcom.com>,
Broadcom internal kernel review list
<bcm-kernel-feedback-list@broadcom.com>,
Linus Walleij <linus.walleij@linaro.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
Derek Kiernan <derek.kiernan@amd.com>,
Dragan Cvetic <dragan.cvetic@amd.com>,
Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Nicolas Ferre <nicolas.ferre@microchip.com>,
Claudiu Beznea <claudiu.beznea@tuxon.dev>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Saravana Kannan <saravanak@google.com>,
Bjorn Helgaas <bhelgaas@google.com>,
linux-clk@vger.kernel.org, devicetree@vger.kernel.org,
linux-rpi-kernel@lists.infradead.org,
linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, linux-gpio@vger.kernel.org,
netdev@vger.kernel.org, linux-pci@vger.kernel.org,
linux-arch@vger.kernel.org, Lee Jones <lee@kernel.org>,
Andrew Lunn <andrew@lunn.ch>, Stefan Wahren <wahrenst@gmx.net>
Subject: Re: [PATCH 03/11] PCI: of_property: Sanitize 32 bit PCI address parsed from DT
Date: Wed, 21 Aug 2024 10:24:41 -0500 [thread overview]
Message-ID: <20240821152441.GA222583@bhelgaas> (raw)
In-Reply-To: <8b4fa91380fc4754ea80f47330c613e4f6b6592c.1724159867.git.andrea.porta@suse.com>
On Tue, Aug 20, 2024 at 04:36:05PM +0200, Andrea della Porta wrote:
> The of_pci_set_address() function parse devicetree PCI range specifier
s/parse/parses/ ?
> assuming the address is 'sanitized' at the origin, i.e. without checking
> whether the incoming address is 32 or 64 bit has specified in the flags.
> In this way an address with no OF_PCI_ADDR_SPACE_MEM64 set in the flagss
s/flagss/flags/
> could leak through and the upper 32 bits of the address will be set too,
> and this violates the PCI specs stating that ion 32 bit address the upper
s/ion/in/
> bit should be zero.
I don't understand this code, so I'm probably missing something. It
looks like the interesting path here is:
of_pci_prop_ranges
res = &pdev->resource[...];
for (j = 0; j < num; j++) {
val64 = res[j].start;
of_pci_set_address(..., val64, 0, flags, false);
+ if (OF_PCI_ADDR_SPACE_MEM64)
+ prop[1] = upper_32_bits(val64);
+ else
+ prop[1] = 0;
OF_PCI_ADDR_SPACE_MEM64 tells us about the size of the PCI bus
address, but the address (val64) is a CPU physical address, not a PCI
bus address, so I don't understand why of_pci_set_address() should use
OF_PCI_ADDR_SPACE_MEM64 to clear part of the CPU address.
Add blank lines between paragraphs.
> This could cause mapping translation mismatch on PCI devices (e.g. RP1)
> that are expected to be addressed with a 64 bit address while advertising
> a 32 bit address in the PCI config region.
> Add a check in of_pci_set_address() to set upper 32 bits to zero in case
> the address has no 64 bit flag set.
Is this an indication of a DT error? Have you seen this cause a
problem? If so, what does it look like to a user? I.e., how could a
user find this patch if they saw a problem?
> Signed-off-by: Andrea della Porta <andrea.porta@suse.com>
> ---
> drivers/pci/of_property.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/pci/of_property.c b/drivers/pci/of_property.c
> index 5a0b98e69795..77865facdb4a 100644
> --- a/drivers/pci/of_property.c
> +++ b/drivers/pci/of_property.c
> @@ -60,7 +60,10 @@ static void of_pci_set_address(struct pci_dev *pdev, u32 *prop, u64 addr,
> prop[0] |= flags | reg_num;
> if (!reloc) {
> prop[0] |= OF_PCI_ADDR_FIELD_NONRELOC;
> - prop[1] = upper_32_bits(addr);
> + if (FIELD_GET(OF_PCI_ADDR_FIELD_SS, flags) == OF_PCI_ADDR_SPACE_MEM64)
> + prop[1] = upper_32_bits(addr);
> + else
> + prop[1] = 0;
> prop[2] = lower_32_bits(addr);
> }
> }
> --
> 2.35.3
>
next prev parent reply other threads:[~2024-08-21 15:24 UTC|newest]
Thread overview: 117+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-20 14:36 [PATCH 00/11] Add support for RaspberryPi RP1 PCI device using a DT overlay Andrea della Porta
2024-08-20 14:36 ` [PATCH 01/11] dt-bindings: clock: Add RaspberryPi RP1 clock bindings Andrea della Porta
2024-08-20 16:19 ` Conor Dooley
2024-08-20 18:25 ` Andrea della Porta
2024-08-21 11:46 ` Conor Dooley
2024-08-22 9:35 ` Andrea della Porta
2024-08-22 9:52 ` Krzysztof Kozlowski
2024-08-22 16:23 ` Conor Dooley
2024-08-23 18:21 ` Andrea della Porta
2024-08-20 14:36 ` [PATCH 02/11] dt-bindings: pinctrl: Add RaspberryPi RP1 gpio/pinctrl/pinmux bindings Andrea della Porta
2024-08-21 8:42 ` Krzysztof Kozlowski
2024-08-30 10:22 ` Andrea della Porta
2024-08-30 11:46 ` Krzysztof Kozlowski
2024-09-02 8:44 ` Andrea della Porta
2024-08-20 14:36 ` [PATCH 03/11] PCI: of_property: Sanitize 32 bit PCI address parsed from DT Andrea della Porta
2024-08-21 15:24 ` Bjorn Helgaas [this message]
2024-08-26 19:51 ` Andrea della Porta
2024-09-03 22:26 ` Bjorn Helgaas
2024-09-05 16:43 ` Andrea della Porta
2024-09-05 20:16 ` Bjorn Helgaas
2024-09-27 6:48 ` Andrea della Porta
2024-09-28 20:17 ` Bjorn Helgaas
2024-10-06 11:20 ` Andrea della Porta
2024-10-08 1:08 ` Bjorn Helgaas
2024-10-18 12:41 ` Andrea della Porta
2024-10-18 22:28 ` Bjorn Helgaas
2024-10-19 8:46 ` Andrea della Porta
2024-08-20 14:36 ` [PATCH 04/11] of: address: Preserve the flags portion on 1:1 dma-ranges mapping Andrea della Porta
2024-08-21 0:16 ` Rob Herring
2024-08-21 8:18 ` Andrea della Porta
2024-08-26 21:29 ` Rob Herring
2024-08-29 10:13 ` Andrea della Porta
2024-08-29 13:18 ` Rob Herring
2024-08-29 16:26 ` Andrea della Porta
2024-08-30 19:37 ` Rob Herring
2024-09-03 9:09 ` Herve Codina
2024-09-03 9:33 ` Andrea della Porta
2024-09-03 18:55 ` Rob Herring
2024-09-03 16:15 ` Andrea della Porta
2024-09-03 18:46 ` Rob Herring
2024-09-04 8:33 ` Andrea della Porta
2024-08-20 14:36 ` [PATCH 05/11] vmlinux.lds.h: Preserve DTB sections from being discarded after init Andrea della Porta
2024-08-30 19:46 ` Stephen Boyd
2024-09-03 12:29 ` Andrea della Porta
2024-09-21 20:47 ` Stephen Boyd
2024-09-22 8:14 ` Masahiro Yamada
2024-09-23 18:13 ` Stephen Boyd
2024-09-24 2:45 ` Masahiro Yamada
2024-08-20 14:36 ` [PATCH 06/11] clk: rp1: Add support for clocks provided by RP1 Andrea della Porta
2024-08-21 13:17 ` Simon Horman
2024-08-22 10:04 ` Andrea della Porta
2024-08-20 14:36 ` [PATCH 07/11] pinctrl: rp1: Implement RaspberryPi RP1 gpio support Andrea della Porta
2024-08-21 8:45 ` Krzysztof Kozlowski
2024-08-30 10:39 ` Andrea della Porta
2024-08-21 9:22 ` kernel test robot
2024-08-21 12:06 ` kernel test robot
2024-08-21 13:27 ` Simon Horman
2024-08-23 17:16 ` Andrea della Porta
2024-08-21 20:51 ` kernel test robot
2024-08-26 8:59 ` Linus Walleij
2024-08-28 15:24 ` Andrea della Porta
2024-09-02 8:31 ` Linus Walleij
2024-08-20 14:36 ` [PATCH 08/11] misc: rp1: RaspberryPi RP1 misc driver Andrea della Porta
2024-08-21 8:38 ` Krzysztof Kozlowski
2024-08-21 14:20 ` Krzysztof Kozlowski
2024-08-22 14:33 ` Andrea della Porta
2024-08-22 14:46 ` Krzysztof Kozlowski
2024-08-30 13:49 ` Andrea della Porta
2024-08-30 14:21 ` Andrew Lunn
2024-09-03 14:56 ` Andrea della Porta
2024-08-30 16:52 ` Krzysztof Kozlowski
2024-09-03 15:15 ` Andrea della Porta
2024-09-03 18:27 ` Krzysztof Kozlowski
2024-09-05 16:33 ` Andrea della Porta
2024-09-05 16:52 ` Krzysztof Kozlowski
2024-09-05 18:54 ` Andrea della Porta
2024-09-05 21:20 ` Krzysztof Kozlowski
2024-08-21 13:07 ` kernel test robot
2024-08-21 13:49 ` kernel test robot
2024-08-21 16:20 ` Stefan Wahren
2024-08-23 9:44 ` Andrea della Porta
2024-08-23 10:23 ` Stefan Wahren
2024-08-23 16:31 ` Andrea della Porta
2024-08-30 18:27 ` Rob Herring
2024-09-02 9:34 ` Andrea della Porta
2024-08-21 16:55 ` Bjorn Helgaas
2024-08-23 10:21 ` Andrea della Porta
2024-08-21 17:56 ` kernel test robot
2024-08-24 1:53 ` Greg Kroah-Hartman
2024-08-26 9:07 ` Andrea della Porta
2024-08-26 9:18 ` Greg Kroah-Hartman
2024-08-20 14:36 ` [PATCH 09/11] arm64: defconfig: Enable RP1 misc/clock/gpio drivers as built-in Andrea della Porta
2024-08-21 8:47 ` Krzysztof Kozlowski
2024-08-30 22:24 ` Andrea della Porta
2024-08-20 14:36 ` [PATCH 10/11] net: macb: Add support for RP1's MACB variant Andrea della Porta
2024-08-20 15:13 ` Andrew Lunn
2024-08-20 18:31 ` Andrea della Porta
2024-08-21 8:49 ` Krzysztof Kozlowski
2024-08-30 22:32 ` Andrea della Porta
2024-08-21 17:01 ` Florian Fainelli
2024-08-26 20:03 ` Andrea della Porta
2024-08-20 14:36 ` [PATCH 11/11] arm64: dts: rp1: Add support for MACB contained in RP1 Andrea della Porta
2024-08-21 8:43 ` Krzysztof Kozlowski
2024-08-30 22:33 ` Andrea della Porta
2024-08-21 17:02 ` Florian Fainelli
2024-08-26 20:18 ` Andrea della Porta
2024-08-21 13:42 ` [PATCH 00/11] Add support for RaspberryPi RP1 PCI device using a DT overlay Krzysztof Kozlowski
2024-08-22 9:05 ` Andrea della Porta
2024-08-22 9:50 ` Krzysztof Kozlowski
2024-08-29 13:11 ` Andrea della Porta
2024-08-22 13:04 ` Andrew Lunn
2024-08-29 12:01 ` Andrea della Porta
2024-08-29 13:04 ` Andrew Lunn
2024-08-29 13:13 ` Andrea della Porta
2024-08-30 5:21 ` Andrea della Porta
2024-08-30 14:10 ` Andrew Lunn
2024-09-02 9:21 ` Andrea della Porta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240821152441.GA222583@bhelgaas \
--to=helgaas@kernel.org \
--cc=andrea.porta@suse.com \
--cc=andrew@lunn.ch \
--cc=arnd@arndb.de \
--cc=bcm-kernel-feedback-list@broadcom.com \
--cc=bhelgaas@google.com \
--cc=catalin.marinas@arm.com \
--cc=claudiu.beznea@tuxon.dev \
--cc=conor+dt@kernel.org \
--cc=davem@davemloft.net \
--cc=derek.kiernan@amd.com \
--cc=devicetree@vger.kernel.org \
--cc=dragan.cvetic@amd.com \
--cc=edumazet@google.com \
--cc=florian.fainelli@broadcom.com \
--cc=gregkh@linuxfoundation.org \
--cc=krzk+dt@kernel.org \
--cc=kuba@kernel.org \
--cc=lee@kernel.org \
--cc=linus.walleij@linaro.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-clk@vger.kernel.org \
--cc=linux-gpio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linux-rpi-kernel@lists.infradead.org \
--cc=mturquette@baylibre.com \
--cc=netdev@vger.kernel.org \
--cc=nicolas.ferre@microchip.com \
--cc=pabeni@redhat.com \
--cc=robh@kernel.org \
--cc=saravanak@google.com \
--cc=sboyd@kernel.org \
--cc=wahrenst@gmx.net \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).