From: sashiko-bot@kernel.org
To: "Dan Williams" <djbw@kernel.org>
Cc: linux-pci@vger.kernel.org
Subject: Re: [PATCH 15/15] PCI/TSM: Add relative MMIO offset support?
Date: Sun, 05 Jul 2026 22:25:04 +0000 [thread overview]
Message-ID: <20260705222504.6ACF01F00A3A@smtp.kernel.org> (raw)
In-Reply-To: <20260705220819.2472765-16-djbw@kernel.org>
Thank you for your contribution! Sashiko AI review found 2 potential issue(s) to consider:
Pre-existing issues:
- [High] The BAR mask calculation in `pci_tsm_mmio_alloc()` uses a 32-bit `unsigned long` for `mask` on 32-bit architectures, corrupting 64-bit `tsm_offset` calculations.
- [High] A 32-bit integer overflow when calculating `size` in `pci_tsm_mmio_alloc()` silently truncates MMIO ranges of 4GB or larger.
--
commit 39c72d1b357cb53c2cb3c0f7292c8909846cff30
Author: Dan Williams <djbw@kernel.org>
PCI/TSM: Add relative MMIO offset support?
The RMM specification documents the expectation that the MMIO_REPORTING_OFFSET
chosen for TDISP Interface Reports is always BAR aligned. This patch adds
support to ask the TSM drivers for the offset calculation scheme if it
deviates from this assumption.
Cc: Alexey Kardashevskiy <aik@amd.com>
Cc: Xu Yilun <yilun.xu@linux.intel.com>
Cc: "Aneesh Kumar K.V" <aneesh.kumar@kernel.org>
Signed-off-by: Dan Williams <djbw@kernel.org>
> diff --git a/drivers/pci/tsm/core.c b/drivers/pci/tsm/core.c
> index 9ac216ad896d9..19ad35f2da4a9 100644
> --- a/drivers/pci/tsm/core.c
> +++ b/drivers/pci/tsm/core.c
> @@ -643,13 +643,15 @@ struct pci_tsm_devif_report {
> /**
> * pci_tsm_mmio_alloc() - allocate encrypted MMIO range descriptor
> * @pdev: device owner of MMIO ranges
> + * @scheme: allow the low level TSM driver to hint the offset calc scheme
> *
> * Return: the encrypted MMIO range descriptor on success, NULL on failure
[Severity: High]
This is a pre-existing issue, but I noticed a potential 32-bit
multiplication overflow in this function.
When calculating the size in pci_tsm_mmio_alloc():
u64 size = __le32_to_cpu(mmio_data->nr_pfns) * SZ_4K;
Since both operands are 32-bit, will this overflow if nr_pfns is 1,048,576
(representing 4GB) or greater? The overflow would occur before being
promoted and assigned to the 64-bit size variable, causing MMIO ranges of
4GB or larger to be silently truncated.
> *
> * Assumes that this is called within the live lifetime of a PCI device's
> * association with a low level TSM.
> */
> -struct pci_tsm_mmio *pci_tsm_mmio_alloc(struct pci_dev *pdev)
> +struct pci_tsm_mmio *pci_tsm_mmio_alloc(struct pci_dev *pdev,
> + enum tdisp_offset_scheme scheme)
> {
[ ... ]
> @@ -712,10 +714,14 @@ struct pci_tsm_mmio *pci_tsm_mmio_alloc(struct pci_dev *pdev)
> last_bar = bar;
>
> /*
> - * Determine the obfuscated base of the BAR. BAR
> - * offsets are never obfuscated.
> + * Either the first range per bar always maps
> + * the start of the BAR, or the reporting_offset
> + * is BAR size aligned.
> */
> - reporting_bar_base = tsm_offset & ~mask;
> + if (scheme == TDISP_OFFSET_RELATIVE)
> + reporting_bar_base = tsm_offset;
> + else
> + reporting_bar_base = tsm_offset & ~mask;
[Severity: High]
This is a pre-existing issue, but could this bitwise AND corrupt 64-bit
calculations on 32-bit architectures?
Looking at the definition of mask earlier in pci_tsm_mmio_alloc():
unsigned long mask = pci_resource_len(pdev, bar) - 1;
Since pci_resource_len() returns a 64-bit resource_size_t on PAE systems,
it gets truncated to a 32-bit unsigned long mask on 32-bit architectures.
When ~mask is evaluated, it results in a 32-bit value.
Would applying bitwise AND with the 64-bit u64 tsm_offset here cause
zero-extension of ~mask, explicitly clearing all bits above 4GB in
tsm_offset?
> } else if (tsm_offset < last_reporting_end) {
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260705220819.2472765-1-djbw@kernel.org?part=15
next prev parent reply other threads:[~2026-07-05 22:25 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-05 22:08 [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Dan Williams
2026-07-05 22:08 ` [PATCH 01/15] netlink: specs: Introduce multi-message blobs for SPDM Dan Williams
2026-07-05 22:13 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 02/15] tools: ynl: Teach pyynl to handle blobs Dan Williams
2026-07-05 22:18 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 03/15] tools: ynl: Teach ynl_gen_c to validate and dump 'blob' attributes Dan Williams
2026-07-05 22:20 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 04/15] device core: Introduce "device evidence" over netlink Dan Williams
2026-07-05 22:20 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 05/15] device core: Add "device evidence" 'validate' command Dan Williams
2026-07-05 22:26 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 06/15] PCI/TSM: Add device evidence support Dan Williams
2026-07-05 22:16 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 07/15] modules: Document the global async_probe parameter Dan Williams
2026-07-05 22:15 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 08/15] device core: Initial device trust infrastructure Dan Williams
2026-07-05 22:17 ` sashiko-bot
2026-07-06 13:45 ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 09/15] PCI, device core: Move "untrusted" concept to DEVICE_TRUST_ADVERSARY Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-06 13:49 ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 10/15] PCI/TSM: Add device interface security LOCKED support Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 11/15] PCI/TSM: Add device interface security RUN support Dan Williams
2026-07-05 22:21 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 12/15] PCI/TSM: Add device interface security DMA enable/disable Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 13/15] PCI, device core: Add private memory access for DEVICE_TRUST_TCB Dan Williams
2026-07-05 22:28 ` sashiko-bot
2026-07-06 12:42 ` Aneesh Kumar K.V
2026-07-05 22:08 ` [PATCH 14/15] PCI/TSM: Create MMIO descriptors via TDISP Report Dan Williams
2026-07-05 22:24 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 15/15] PCI/TSM: Add relative MMIO offset support? Dan Williams
2026-07-05 22:25 ` sashiko-bot [this message]
2026-07-06 12:51 ` [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Jason Gunthorpe
2026-07-06 20:55 ` Dan Williams (nvidia)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260705222504.6ACF01F00A3A@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=djbw@kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox