From: Drew Fustini <fustini@kernel.org>
To: sashiko-reviews@lists.linux.dev
Cc: linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org
Subject: Re: [PATCH v3 4/8] riscv_cbqri: Add capacity controller probe and allocation device ops
Date: Tue, 30 Jun 2026 17:24:57 -0700 [thread overview]
Message-ID: <akReWcXqVmmIxPmM@thelio> (raw)
In-Reply-To: <20260628212810.05F6D1F00A3A@smtp.kernel.org>
On Sun, Jun 28, 2026 at 09:28:09PM +0000, sashiko-bot@kernel.org wrote:
> Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
> - [Medium] Unspecified evaluation order in `cbqri_readq` causes a torn read during hardware polling, leading to false AT capability detection.
> --
>
> commit a52377aec62b1aa81e5439ad733c3839af6693c6
> Author: Drew Fustini <fustini@kernel.org>
>
> riscv_cbqri: Add capacity controller probe and allocation device ops
>
> Add support for the RISC-V CBQRI capacity controller. A platform driver
> passes a cbqri_controller_info descriptor together with the cache level
> to riscv_cbqri_register_cc_dt(), which probes the controller and adds it
> to the controller list.
>
> > diff --git a/drivers/resctrl/cbqri_devices.c b/drivers/resctrl/cbqri_devices.c
> > new file mode 100644
> > index 0000000000000..69df46e07df17
> > --- /dev/null
> > +++ b/drivers/resctrl/cbqri_devices.c
> [ ... ]
> > +static u64 cbqri_readq(void __iomem *addr)
> > +{
> > + return (u64)readl(addr) | ((u64)readl(addr + 4) << 32);
> > +}
>
> [Severity: Medium]
> Could the unspecified evaluation order here cause a torn read during hardware
> polling?
>
> Since the C standard does not specify the evaluation order of the operands
> to the bitwise OR operator, the compiler may emit the lower 32-bit read
> before the upper 32-bit read.
>
> During the polling loop, if the final iteration reads the lower 32 bits
> while the busy flag is still set, and then the hardware completes the
> operation and clears the busy flag before the upper 32-bit read executes,
> the loop will terminate and return this torn value.
A tear is theoretically possible, but it is harmless here because the
two halves carry independent fields. BUSY and STATUS both live in the
high word, so a single readl(addr + 4) reads both at once. AT lives in
the low word, which the poll never inspects. The poll consumes only BUSY
and STATUS, so a tear cannot change when it ends or the STATUS it
returns.
> [ ... ]
> > +static int cbqri_probe_feature(struct cbqri_controller *ctrl, int reg_offset,
> > + int operation, int *status, bool *access_type_supported)
> > +{
> [ ... ]
> > + writel(lower_32_bits(reg), ctrl->base + reg_offset);
> > + if (cbqri_wait_busy_flag(ctrl, reg_offset, ®) < 0) {
> > + pr_err("BUSY timeout setting AT field\n");
> > + return -EIO;
> > + }
> > +
> > + /*
> > + * If the AT field value has been reset to zero,
> > + * then the AT support is not present
> > + */
> > + at = FIELD_GET(CBQRI_CONTROL_REGISTERS_AT_MASK, reg);
> > + if (at == CBQRI_CONTROL_REGISTERS_AT_CODE)
> > + *access_type_supported = true;
>
> [Severity: Medium]
> Does the torn read from cbqri_readq() result in misdetecting capability
> support here?
>
> If cbqri_wait_busy_flag() returns a torn value with a stale lower half, the
> driver may incorrectly detect Access Type support on hardware that does not
> support it.
>
> This could break cache allocation isolation guarantees, as the driver will
> split capacity blocks into CODE and DATA masks, but the hardware will silently
> treat them as a single pool.
No. The AT read back is the result of the drivers's own AT=CODE write,
not a live hardware status. A tear cannot catch it mid-change. Per the
CBQRI spec, a controller without AT support makes AT read-only zero. The
write is dropped and AT reads 0, never transiently CODE. On hardware
that does support AT, the write takes effect and AT reads back CODE, so
that direction is correct too.
-Drew
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2026-07-01 0:25 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-28 21:18 [PATCH v3 0/8] riscv: Add Ssqosid and initial CBQRI resctrl support Drew Fustini
2026-06-28 21:18 ` [PATCH v3 1/8] dt-bindings: riscv: Add Ssqosid extension description Drew Fustini
2026-06-28 21:18 ` [PATCH v3 2/8] riscv: Detect the Ssqosid extension Drew Fustini
2026-06-28 21:18 ` [PATCH v3 3/8] riscv: Add support for srmcfg CSR from " Drew Fustini
[not found] ` <20260628212820.D0DD51F000E9@smtp.kernel.org>
2026-06-29 22:46 ` Drew Fustini
2026-06-28 21:18 ` [PATCH v3 4/8] riscv_cbqri: Add capacity controller probe and allocation device ops Drew Fustini
[not found] ` <20260628212810.05F6D1F00A3A@smtp.kernel.org>
2026-07-01 0:24 ` Drew Fustini [this message]
2026-06-28 21:18 ` [PATCH v3 5/8] riscv_cbqri: resctrl: Add cache allocation via capacity block mask Drew Fustini
2026-07-01 20:18 ` Fenghua Yu
2026-07-03 8:00 ` Drew Fustini
2026-06-28 21:18 ` [PATCH v3 6/8] riscv: Enable resctrl filesystem for Ssqosid Drew Fustini
2026-06-28 21:18 ` [PATCH v3 7/8] dt-bindings: riscv: Add binding for CBQRI controllers Drew Fustini
2026-06-29 15:32 ` Conor Dooley
2026-06-28 21:18 ` [PATCH v3 8/8] riscv_cbqri: Add CBQRI capacity allocation platform driver Drew Fustini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=akReWcXqVmmIxPmM@thelio \
--to=fustini@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox