Linux PCI subsystem development
 help / color / mirror / Atom feed
From: sashiko-bot@kernel.org
To: "Jose Ignacio Tornos Martinez" <jtornosm@redhat.com>
Cc: linux-pci@vger.kernel.org
Subject: Re: [PATCH v12] PCI: Add device-specific reset for Qualcomm devices
Date: Tue, 30 Jun 2026 07:09:13 +0000	[thread overview]
Message-ID: <20260630070914.3B5E61F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260630065815.199693-1-jtornosm@redhat.com>

Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
- [Medium] The polling loop for PCIe link recovery lacks a final condition check, making it vulnerable to spurious timeouts if the executing thread is delayed or preempted.
- [Medium] Read-modify-write operation on the SoC global reset register does not handle `0xFFFFFFFF` (PCI_ERROR_RESPONSE), potentially writing an invalid state to the device.
--

commit 6f0f5be433a0e989c17f01ae046c3574dc1fbf77
Author: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>

PCI: Add device-specific reset for Qualcomm devices

This commit adds device-specific hardware reset methods via BAR0 for 
specific Qualcomm PCIe devices (WCN6855/WCN7850 WLAN cards and SDX62/SDX65 
modems). These resets are intended to fix issues during VFIO passthrough 
scenarios where the devices lack a working FLR or standard reset mechanism.

> diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
> index b09f27f7846fc..6d465f6d43054 100644
> --- a/drivers/pci/quirks.c
> +++ b/drivers/pci/quirks.c

[ ... ]

> +static int reset_qualcomm_wlan(struct pci_dev *pdev, bool probe)
> +{
> +	bool link_recovered = false;
> +	unsigned long timeout;
> +	void __iomem *bar;
> +	u32 val;
> +	u16 cmd;
> +
> +	if (probe)
> +		return 0;
> +
> +	if (pdev->current_state != PCI_D0)
> +		return -EINVAL;
> +
> +	pci_read_config_word(pdev, PCI_COMMAND, &cmd);
> +	pci_write_config_word(pdev, PCI_COMMAND, cmd | PCI_COMMAND_MEMORY);
> +
> +	bar = pci_iomap(pdev, 0, 0);
> +	if (!bar) {
> +		pci_write_config_word(pdev, PCI_COMMAND, cmd);
> +		return -ENODEV;
> +	}
> +
> +	val = ioread32(bar + QUALCOMM_WLAN_PCIE_SOC_GLOBAL_RESET);
> +	val |= QUALCOMM_WLAN_PCIE_SOC_GLOBAL_RESET_V;
> +	iowrite32(val, bar + QUALCOMM_WLAN_PCIE_SOC_GLOBAL_RESET);

[Severity: Medium]
If the device is hung or the link is temporarily unresponsive, could the
initial ioread32() return PCI_ERROR_RESPONSE (0xFFFFFFFF)?

If it does, this read-modify-write operation would write 0xFFFFFFFF (and
later 0xFFFFFFFE) back to the device. Could writing these values trigger
unintended resets across the SoC or leave the hardware in an invalid state?

Would it be safer to verify !PCI_POSSIBLE_ERROR(val) before modifying
and writing it back?

> +	ioread32(bar + QUALCOMM_WLAN_PCIE_SOC_GLOBAL_RESET);
> +
> +	msleep(10);
> +
> +	val &= ~QUALCOMM_WLAN_PCIE_SOC_GLOBAL_RESET_V;
> +	iowrite32(val, bar + QUALCOMM_WLAN_PCIE_SOC_GLOBAL_RESET);
> +	ioread32(bar + QUALCOMM_WLAN_PCIE_SOC_GLOBAL_RESET);
> +
> +	msleep(10);
> +
> +	timeout = jiffies + msecs_to_jiffies(5000);
> +	while (time_before(jiffies, timeout)) {
> +		val = ioread32(bar + QUALCOMM_WLAN_PCIE_SOC_GLOBAL_RESET);
> +		if (!PCI_POSSIBLE_ERROR(val)) {
> +			link_recovered = true;
> +			break;
> +		}
> +		msleep(20);
> +	}

[Severity: Medium]
Is this polling loop vulnerable to false timeouts due to scheduling delays?

If the thread is preempted during msleep(20) and delayed for more than 5
seconds, time_before(jiffies, timeout) will evaluate to false upon waking
up. The loop will exit without a final check of the register, returning
-ETIMEDOUT even if the link successfully recovered during the delay.

Should there be a final condition check after the loop, or perhaps use
read_poll_timeout() instead to handle preemption robustly?

> +
> +	if (!link_recovered) {
> +		pci_err(pdev, "PCIe link failed to recover after reset\n");
> +		goto out_restore;
> +	}
> +
> +	/* After SOC_GLOBAL_RESET, MHISTATUS may still have SYSERR bit set
> +	 * and thus need to set MHICTRL_RESET to clear SYSERR.
> +	 */

[ ... ]

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260630065815.199693-1-jtornosm@redhat.com?part=1

      reply	other threads:[~2026-06-30  7:09 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-30  6:58 [PATCH v12] PCI: Add device-specific reset for Qualcomm devices Jose Ignacio Tornos Martinez
2026-06-30  7:09 ` sashiko-bot [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260630070914.3B5E61F000E9@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=jtornosm@redhat.com \
    --cc=linux-pci@vger.kernel.org \
    --cc=sashiko-reviews@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox