From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Niklas Cassel <niklas.cassel@axis.com>,
Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>,
Kishon Vijay Abraham I <kishon@ti.com>,
Mathieu Poirier <mathieu.poirier@linaro.org>
Subject: [PATCH 4.14 09/21] PCI: designware-ep: Fix find_first_zero_bit() usage
Date: Fri, 13 Sep 2019 14:07:02 +0100 [thread overview]
Message-ID: <20190913130504.516843119@linuxfoundation.org> (raw)
In-Reply-To: <20190913130501.285837292@linuxfoundation.org>
From: Niklas Cassel <niklas.cassel@axis.com>
commit ad4a5becc689c3f32bbbc2b37eff89efe19dc2f9 upstream.
find_first_zero_bit()'s parameter 'size' is defined in bits,
not in bytes.
find_first_zero_bit() is called with size in bytes rather than bits,
which thus defines a too low upper limit, causing
dw_pcie_ep_inbound_atu() to assign iatu index #4 to both bar 4
and bar 5, which makes bar 5 overwrite the settings set by bar 4.
Since the sizes of the bitmaps are known, dynamically allocate the
bitmaps, and use the correct size when calling find_first_zero_bit().
Additionally, make sure that ep->num_ob_windows and ep->num_ib_windows,
which are obtained from device tree, are smaller than the maximum number
of iATUs (MAX_IATU_IN/MAX_IATU_OUT).
Fixes: f8aed6ec624f ("PCI: dwc: designware: Add EP mode support")
Signed-off-by: Niklas Cassel <niklas.cassel@axis.com>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Acked-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/dwc/pcie-designware-ep.c | 34 ++++++++++++++++++++++++++--------
drivers/pci/dwc/pcie-designware.h | 8 ++++++--
2 files changed, 32 insertions(+), 10 deletions(-)
--- a/drivers/pci/dwc/pcie-designware-ep.c
+++ b/drivers/pci/dwc/pcie-designware-ep.c
@@ -74,8 +74,7 @@ static int dw_pcie_ep_inbound_atu(struct
u32 free_win;
struct dw_pcie *pci = to_dw_pcie_from_ep(ep);
- free_win = find_first_zero_bit(&ep->ib_window_map,
- sizeof(ep->ib_window_map));
+ free_win = find_first_zero_bit(ep->ib_window_map, ep->num_ib_windows);
if (free_win >= ep->num_ib_windows) {
dev_err(pci->dev, "no free inbound window\n");
return -EINVAL;
@@ -89,7 +88,7 @@ static int dw_pcie_ep_inbound_atu(struct
}
ep->bar_to_atu[bar] = free_win;
- set_bit(free_win, &ep->ib_window_map);
+ set_bit(free_win, ep->ib_window_map);
return 0;
}
@@ -100,8 +99,7 @@ static int dw_pcie_ep_outbound_atu(struc
u32 free_win;
struct dw_pcie *pci = to_dw_pcie_from_ep(ep);
- free_win = find_first_zero_bit(&ep->ob_window_map,
- sizeof(ep->ob_window_map));
+ free_win = find_first_zero_bit(ep->ob_window_map, ep->num_ob_windows);
if (free_win >= ep->num_ob_windows) {
dev_err(pci->dev, "no free outbound window\n");
return -EINVAL;
@@ -110,7 +108,7 @@ static int dw_pcie_ep_outbound_atu(struc
dw_pcie_prog_outbound_atu(pci, free_win, PCIE_ATU_TYPE_MEM,
phys_addr, pci_addr, size);
- set_bit(free_win, &ep->ob_window_map);
+ set_bit(free_win, ep->ob_window_map);
ep->outbound_addr[free_win] = phys_addr;
return 0;
@@ -125,7 +123,7 @@ static void dw_pcie_ep_clear_bar(struct
dw_pcie_ep_reset_bar(pci, bar);
dw_pcie_disable_atu(pci, atu_index, DW_PCIE_REGION_INBOUND);
- clear_bit(atu_index, &ep->ib_window_map);
+ clear_bit(atu_index, ep->ib_window_map);
}
static int dw_pcie_ep_set_bar(struct pci_epc *epc, enum pci_barno bar,
@@ -181,7 +179,7 @@ static void dw_pcie_ep_unmap_addr(struct
return;
dw_pcie_disable_atu(pci, atu_index, DW_PCIE_REGION_OUTBOUND);
- clear_bit(atu_index, &ep->ob_window_map);
+ clear_bit(atu_index, ep->ob_window_map);
}
static int dw_pcie_ep_map_addr(struct pci_epc *epc, phys_addr_t addr,
@@ -302,12 +300,32 @@ int dw_pcie_ep_init(struct dw_pcie_ep *e
dev_err(dev, "unable to read *num-ib-windows* property\n");
return ret;
}
+ if (ep->num_ib_windows > MAX_IATU_IN) {
+ dev_err(dev, "invalid *num-ib-windows*\n");
+ return -EINVAL;
+ }
ret = of_property_read_u32(np, "num-ob-windows", &ep->num_ob_windows);
if (ret < 0) {
dev_err(dev, "unable to read *num-ob-windows* property\n");
return ret;
}
+ if (ep->num_ob_windows > MAX_IATU_OUT) {
+ dev_err(dev, "invalid *num-ob-windows*\n");
+ return -EINVAL;
+ }
+
+ ep->ib_window_map = devm_kzalloc(dev, sizeof(long) *
+ BITS_TO_LONGS(ep->num_ib_windows),
+ GFP_KERNEL);
+ if (!ep->ib_window_map)
+ return -ENOMEM;
+
+ ep->ob_window_map = devm_kzalloc(dev, sizeof(long) *
+ BITS_TO_LONGS(ep->num_ob_windows),
+ GFP_KERNEL);
+ if (!ep->ob_window_map)
+ return -ENOMEM;
addr = devm_kzalloc(dev, sizeof(phys_addr_t) * ep->num_ob_windows,
GFP_KERNEL);
--- a/drivers/pci/dwc/pcie-designware.h
+++ b/drivers/pci/dwc/pcie-designware.h
@@ -114,6 +114,10 @@
#define MAX_MSI_IRQS 32
#define MAX_MSI_CTRLS (MAX_MSI_IRQS / 32)
+/* Maximum number of inbound/outbound iATUs */
+#define MAX_IATU_IN 256
+#define MAX_IATU_OUT 256
+
struct pcie_port;
struct dw_pcie;
struct dw_pcie_ep;
@@ -193,8 +197,8 @@ struct dw_pcie_ep {
size_t page_size;
u8 bar_to_atu[6];
phys_addr_t *outbound_addr;
- unsigned long ib_window_map;
- unsigned long ob_window_map;
+ unsigned long *ib_window_map;
+ unsigned long *ob_window_map;
u32 num_ib_windows;
u32 num_ob_windows;
};
next prev parent reply other threads:[~2019-09-13 13:33 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-13 13:06 [PATCH 4.14 00/21] 4.14.144-stable review Greg Kroah-Hartman
2019-09-13 13:06 ` [PATCH 4.14 01/21] ALSA: hda - Fix potential endless loop at applying quirks Greg Kroah-Hartman
2019-09-13 13:06 ` [PATCH 4.14 02/21] ALSA: hda/realtek - Fix overridden device-specific initialization Greg Kroah-Hartman
2019-09-13 13:06 ` [PATCH 4.14 03/21] ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre Greg Kroah-Hartman
2019-09-13 13:06 ` [PATCH 4.14 04/21] sched/fair: Dont assign runtime for throttled cfs_rq Greg Kroah-Hartman
2019-09-13 13:06 ` [PATCH 4.14 05/21] drm/vmwgfx: Fix double free in vmw_recv_msg() Greg Kroah-Hartman
2019-09-13 13:06 ` [PATCH 4.14 06/21] powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction Greg Kroah-Hartman
2019-09-13 13:07 ` [PATCH 4.14 07/21] xfrm: clean up xfrm protocol checks Greg Kroah-Hartman
2019-09-13 13:07 ` [PATCH 4.14 08/21] ip6: fix skb leak in ip6frag_expire_frag_queue() Greg Kroah-Hartman
2019-09-13 13:07 ` Greg Kroah-Hartman [this message]
2019-09-13 13:07 ` [PATCH 4.14 10/21] PCI: dra7xx: Fix legacy INTD IRQ handling Greg Kroah-Hartman
2019-09-13 13:07 ` [PATCH 4.14 11/21] vhost/test: fix build for vhost test Greg Kroah-Hartman
2019-09-13 13:07 ` [PATCH 4.14 12/21] batman-adv: fix uninit-value in batadv_netlink_get_ifindex() Greg Kroah-Hartman
2019-09-13 13:07 ` [PATCH 4.14 13/21] batman-adv: Only read OGM tvlv_len after buffer len check Greg Kroah-Hartman
2019-09-13 13:07 ` [PATCH 4.14 14/21] hv_sock: Fix hang when a connection is closed Greg Kroah-Hartman
2019-09-13 13:07 ` [PATCH 4.14 15/21] powerpc/64: mark start_here_multiplatform as __ref Greg Kroah-Hartman
2019-09-13 13:07 ` [PATCH 4.14 16/21] arm64: dts: rockchip: enable usb-host regulators at boot on rk3328-rock64 Greg Kroah-Hartman
2019-09-13 13:07 ` [PATCH 4.14 17/21] scripts/decode_stacktrace: match basepath using shell prefix operator, not regex Greg Kroah-Hartman
2019-09-13 13:07 ` [PATCH 4.14 18/21] clk: s2mps11: Add used attribute to s2mps11_dt_match Greg Kroah-Hartman
2019-09-13 13:07 ` [PATCH 4.14 19/21] kernel/module: Fix mem leak in module_add_modinfo_attrs Greg Kroah-Hartman
2019-09-13 13:07 ` [PATCH 4.14 20/21] vhost: block speculation of translated descriptors Greg Kroah-Hartman
2019-09-13 13:07 ` [PATCH 4.14 21/21] vhost: make sure log_num < in_num Greg Kroah-Hartman
2019-09-13 19:59 ` [PATCH 4.14 00/21] 4.14.144-stable review kernelci.org bot
2019-09-14 4:03 ` Naresh Kamboju
2019-09-14 14:06 ` Guenter Roeck
2019-09-15 13:35 ` Greg Kroah-Hartman
2019-09-16 10:55 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190913130504.516843119@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=kishon@ti.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lorenzo.pieralisi@arm.com \
--cc=mathieu.poirier@linaro.org \
--cc=niklas.cassel@axis.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).