From patchwork Thu Mar 14 16:55:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: John Garry X-Patchwork-Id: 160364 Delivered-To: patch@linaro.org Received: by 2002:a02:5cc1:0:0:0:0:0 with SMTP id w62csp15737732jad; Thu, 14 Mar 2019 09:55:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqxcQY/VLpHEOM8qJ2DdJJgZWx62BlF4ITpbQk6D9oRZjjqqfAZUp0LfbH7erC6S9ifxpi3f X-Received: by 2002:a62:4684:: with SMTP id o4mr50122250pfi.254.1552582537685; Thu, 14 Mar 2019 09:55:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1552582537; cv=none; d=google.com; s=arc-20160816; b=bliow7h6xreLZomrmQKOVmT1p1KLuJeIwrjvCGnCnio6RnuvDrISPgi6Qp+f9qTz3e wSoZcLzsAfHwJ85fNeexXcSJXLw8d/PrMD/fwBrPZltS6+JG/44o6z+E2l8aJpxuCukO MepdHNf3hGEiHn3949r5W4zFHU51bt9eu9rRwVPXkvJiI2zHb5HgxFlZABgKt2G1K7aC vdPqTHCHbULruMDPWkj74r/4Qpe79kBmn1Cd8biuPfr7OOYbDvewSWcBwycKPNkzFtS7 eVfDrzuqfaASOaINAn6/3XzlQH4Su08Qm//Yd1p7mkRSsnFSWdM/PMs4XMh8uAkkCJX0 mKhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=hGw9EPsCEa4qTyV5Okqg2r+4V8Le9hS00j4r1vo0JcA=; b=cVBLhMAfk/05zKuo5VU0zZV4e8MAVN2v9LKrLAmvnHvF1+EIZ+mGwZGFxa4ETs3Rn9 SOkLxYIMlOaRSIX66s/DeASV4+ggFNSgheytZENBI1px6KN4CSD6cwdp/V7dl8lLfss1 ozp8op03a2hukgIBfdBirxcMBsnqjED23mmZ9NujqtBqLv/bSmVMzi7hUVWKNCvg5/L0 mTSjHoKhl0a9euNb32ljLKJNIAJeLtjPlygbc5zkBadZ7iJk5YHiBdUQAvOB7lxHpkfA 6y0mnfGStQtaCUYkZjOAhun4YIDWuUZH3Xc3YOE+NVlXUQAphlkZ1xcJs/7xCvhg49Me UdTw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 70si14372218pla.128.2019.03.14.09.55.37; Thu, 14 Mar 2019 09:55:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727637AbfCNQzb (ORCPT + 31 others); Thu, 14 Mar 2019 12:55:31 -0400 Received: from szxga05-in.huawei.com ([45.249.212.191]:5249 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727131AbfCNQza (ORCPT ); Thu, 14 Mar 2019 12:55:30 -0400 Received: from DGGEMS402-HUB.china.huawei.com (unknown [172.30.72.58]) by Forcepoint Email with ESMTP id B7D42B9A83B449BFEF63; Fri, 15 Mar 2019 00:55:22 +0800 (CST) Received: from localhost.localdomain (10.67.212.75) by DGGEMS402-HUB.china.huawei.com (10.3.19.202) with Microsoft SMTP Server id 14.3.408.0; Fri, 15 Mar 2019 00:55:14 +0800 From: John Garry To: , , , , , , CC: , , , , , John Garry Subject: [RFC PATCH 1/2] resource: Request IO port regions from children of ioport_resource Date: Fri, 15 Mar 2019 00:55:15 +0800 Message-ID: <1552582516-70855-2-git-send-email-john.garry@huawei.com> X-Mailer: git-send-email 2.8.1 In-Reply-To: <1552582516-70855-1-git-send-email-john.garry@huawei.com> References: <1552582516-70855-1-git-send-email-john.garry@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.67.212.75] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently when we request an IO port region, the request is made directly to the top resource, ioport_resource. There is an issue here, in that drivers may request an IO port region even if the IO port region has not even been mapped in (in pci_remap_iospace()). This may lead to crashes when the PCI host has not enumerated prior to accessing the IO port region, as below: root@(none)$ insmod f71805f.ko [ 32.264016] Unable to handle kernel paging request at virtual address ffff7dfffee0002e [ 32.279936] Mem abort info: [ 32.285536] ESR = 0x96000046 [ 32.291657] Exception class = DABT (current EL), IL = 32 bits [ 32.303542] SET = 0, FnV = 0 [ 32.309661] EA = 0, S1PTW = 0 [ 32.315957] Data abort info: [ 32.321728] ISV = 0, ISS = 0x00000046 [ 32.329420] CM = 0, WnR = 1 [ 32.335367] swapper pgtable: 4k pages, 48-bit VAs, pgdp = (____ptrval____) [ 32.349174] [ffff7dfffee0002e] pgd=0000000001392003, pud=0000000001393003, pmd=0000000000000000 [ 32.366652] Internal error: Oops: 96000046 [#1] PREEMPT SMP [ 32.377835] Modules linked in: f71805f(+) [ 32.385876] CPU: 4 PID: 2681 Comm: insmod Not tainted 5.0.0-00003-ga6247cc0f8f2 #52 [ 32.401252] Hardware name: Huawei Taishan 2280 /D05, BIOS Hisilicon D05 IT21 Nemo 2.0 RC0 04/18/2018 [ 32.419597] pstate: 80000005 (Nzcv daif -PAN -UAO) [ 32.429213] pc : logic_outb+0x54/0xb8 [ 32.436556] lr : f71805f_find+0x2c/0x1b8 [f71805f] [ 32.446167] sp : ffff0000256bba90 [ 32.452808] x29: ffff0000256bba90 x28: ffff000008b544d0 [ 32.463468] x27: ffff0000256bbdf0 x26: 0000000000000100 [ 32.474127] x25: 000000000000002c x24: ffff000011396000 [ 32.484787] x23: ffff0000256bbb3e x22: ffff0000256bbb40 [ 32.495446] x21: ffff000008b591b8 x20: 0000000000000087 [ 32.506106] x19: 000000000000002e x18: ffffffffffffffff [ 32.516765] x17: 0000000000000000 x16: 0000000000000000 [ 32.527424] x15: 0000000000000400 x14: 0000000000000400 [ 32.538084] x13: 0000000000001832 x12: 0000000000000000 [ 32.548743] x11: ffff801ffbf08ac0 x10: 0000801fead02000 [ 32.559403] x9 : ffff801ffbffe840 x8 : 0000000000000001 [ 32.570062] x7 : 0000000000210d00 x6 : 0000000000000000 [ 32.580721] x5 : ffff801fb3eac380 x4 : ffff801ffbef4b20 [ 32.591381] x3 : 0000000000ffbffe x2 : ffff0000256bbb40 [ 32.602040] x1 : ffff7dfffee0002e x0 : ffff7dfffee00000 [ 32.612701] Process insmod (pid: 2681, stack limit = 0x(____ptrval____)) [ 32.626155] Call trace: [ 32.631050] logic_outb+0x54/0xb8 [ 32.637693] f71805f_find+0x2c/0x1b8 [f71805f] [ 32.646607] f71805f_init+0x38/0xe48 [f71805f] [ 32.655521] do_one_initcall+0x5c/0x178 [ 32.663212] do_init_module+0x58/0x1b0 [ 32.670728] load_module+0x1dc8/0x2178 [ 32.678243] __se_sys_init_module+0x14c/0x1e8 [ 32.686981] __arm64_sys_init_module+0x18/0x20 [ 32.695894] el0_svc_common+0x60/0x100 [ 32.703409] el0_svc_handler+0x2c/0x80 [ 32.710924] el0_svc+0x8/0xc [ 32.716693] Code: d2bfdc00 f2cfbfe0 f2ffffe0 8b000021 (39000034) [ 32.728925] ---[ end trace ddb5e493ee686685 ]--- Segmentation fault root@(none)$ This issue was originally reported in [1]. This patch changes the functionality of request_region() to request a region of the direct children of the top ioport_resource. In this, if the IO port region has not been mapped for a particular IO region, a suitable child region will not exist, and, as such, request_region() calls will fail. A side note: there are many drivers in the kernel which fail to even call request_region() prior to IO port accesses, and they also need to be fixed (to call request_region() as appropriate). [1] https://www.spinics.net/lists/linux-pci/msg49821.html Signed-off-by: John Garry --- include/linux/ioport.h | 6 +++++- kernel/resource.c | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) -- 2.17.1 diff --git a/include/linux/ioport.h b/include/linux/ioport.h index da0ebaec25f0..cf40e1ed8211 100644 --- a/include/linux/ioport.h +++ b/include/linux/ioport.h @@ -217,7 +217,7 @@ static inline bool resource_contains(struct resource *r1, struct resource *r2) /* Convenience shorthand with allocation */ -#define request_region(start,n,name) __request_region(&ioport_resource, (start), (n), (name), 0) +#define request_region(start,n,name) __request_region_from_children(&ioport_resource, (start), (n), (name), 0) #define request_muxed_region(start,n,name) __request_region(&ioport_resource, (start), (n), (name), IORESOURCE_MUXED) #define __request_mem_region(start,n,name, excl) __request_region(&iomem_resource, (start), (n), (name), excl) #define request_mem_region(start,n,name) __request_region(&iomem_resource, (start), (n), (name), 0) @@ -230,6 +230,10 @@ extern struct resource * __request_region(struct resource *, resource_size_t n, const char *name, int flags); +extern struct resource * __request_region_from_children(struct resource *, + resource_size_t start, + resource_size_t n, + const char *name, int flags); /* Compatibility cruft */ #define release_region(start,n) __release_region(&ioport_resource, (start), (n)) #define release_mem_region(start,n) __release_region(&iomem_resource, (start), (n)) diff --git a/kernel/resource.c b/kernel/resource.c index 915c02e8e5dd..4a4656bd6051 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -1098,6 +1098,25 @@ resource_size_t resource_alignment(struct resource *res) static DECLARE_WAIT_QUEUE_HEAD(muxed_resource_wait); +struct resource * __request_region_from_children(struct resource *parent, + resource_size_t start, + resource_size_t n, + const char *name, int flags) +{ + struct resource *child; + + /* TODO - add locking */ + for (child = parent->child; child; child = child->sibling) { + struct resource *res = __request_region(child, start, n, name, flags); + + if (res) + return res; + } + + return NULL; +} +EXPORT_SYMBOL(__request_region_from_children); + /** * __request_region - create a new busy resource region * @parent: parent resource descriptor