From: Greg Kroah-Hartman Date: Mon, 19 Mar 2018 14:11:22 +0000 (+0100) Subject: 4.14-stable patches X-Git-Tag: v4.15.12~18 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fc01ffbd1f3264a64e7ff6d45ed4a7e7fb9fb0cc;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: irqchip-gic-v3-its-ensure-nr_ites-nr_lpis.patch --- diff --git a/queue-4.14/irqchip-gic-v3-its-ensure-nr_ites-nr_lpis.patch b/queue-4.14/irqchip-gic-v3-its-ensure-nr_ites-nr_lpis.patch new file mode 100644 index 00000000000..cab573cc06a --- /dev/null +++ b/queue-4.14/irqchip-gic-v3-its-ensure-nr_ites-nr_lpis.patch @@ -0,0 +1,66 @@ +From 4f2c7583e33eb08dc09dd2e25574b80175ba7d93 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Tue, 6 Mar 2018 15:51:32 +0000 +Subject: irqchip/gic-v3-its: Ensure nr_ites >= nr_lpis + +From: Ard Biesheuvel + +commit 4f2c7583e33eb08dc09dd2e25574b80175ba7d93 upstream. + +When struct its_device instances are created, the nr_ites member +will be set to a power of 2 that equals or exceeds the requested +number of MSIs passed to the msi_prepare() callback. At the same +time, the LPI map is allocated to be some multiple of 32 in size, +where the allocated size may be less than the requested size +depending on whether a contiguous range of sufficient size is +available in the global LPI bitmap. + +This may result in the situation where the nr_ites < nr_lpis, and +since nr_ites is what we program into the hardware when we map the +device, the additional LPIs will be non-functional. + +For bog standard hardware, this does not really matter. However, +in cases where ITS device IDs are shared between different PCIe +devices, we may end up allocating these additional LPIs without +taking into account that they don't actually work. + +So let's make nr_ites at least 32. This ensures that all allocated +LPIs are 'live', and that its_alloc_device_irq() will fail when +attempts are made to allocate MSIs beyond what was allocated in +the first place. + +Signed-off-by: Ard Biesheuvel +[maz: updated comment] +Signed-off-by: Marc Zyngier +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/irqchip/irq-gic-v3-its.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +--- a/drivers/irqchip/irq-gic-v3-its.c ++++ b/drivers/irqchip/irq-gic-v3-its.c +@@ -1310,7 +1310,7 @@ static struct irq_chip its_irq_chip = { + * This gives us (((1UL << id_bits) - 8192) >> 5) possible allocations. + */ + #define IRQS_PER_CHUNK_SHIFT 5 +-#define IRQS_PER_CHUNK (1 << IRQS_PER_CHUNK_SHIFT) ++#define IRQS_PER_CHUNK (1UL << IRQS_PER_CHUNK_SHIFT) + #define ITS_MAX_LPI_NRBITS 16 /* 64K LPIs */ + + static unsigned long *lpi_bitmap; +@@ -2026,11 +2026,10 @@ static struct its_device *its_create_dev + + dev = kzalloc(sizeof(*dev), GFP_KERNEL); + /* +- * At least one bit of EventID is being used, hence a minimum +- * of two entries. No, the architecture doesn't let you +- * express an ITT with a single entry. ++ * We allocate at least one chunk worth of LPIs bet device, ++ * and thus that many ITEs. The device may require less though. + */ +- nr_ites = max(2UL, roundup_pow_of_two(nvecs)); ++ nr_ites = max(IRQS_PER_CHUNK, roundup_pow_of_two(nvecs)); + sz = nr_ites * its->ite_size; + sz = max(sz, ITS_ITT_ALIGN) + ITS_ITT_ALIGN - 1; + itt = kzalloc(sz, GFP_KERNEL); diff --git a/queue-4.14/series b/queue-4.14/series index 67c037cbb19..0895b2d84d5 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -26,3 +26,4 @@ lock_parent-needs-to-recheck-if-dentry-got-__dentry_kill-ed-under-it.patch fs-aio-add-explicit-rcu-grace-period-when-freeing-kioctx.patch fs-aio-use-rcu-accessors-for-kioctx_table-table.patch rdmavt-fix-synchronization-around-percpu_ref.patch +irqchip-gic-v3-its-ensure-nr_ites-nr_lpis.patch