Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2226083/?format=api
{ "id": 2226083, "url": "http://patchwork.ozlabs.org/api/patches/2226083/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-ide/patch/20260422080322.1006592-1-dayou5941@163.com/", "project": { "id": 13, "url": "http://patchwork.ozlabs.org/api/projects/13/?format=api", "name": "Linux IDE development", "link_name": "linux-ide", "list_id": "linux-ide.vger.kernel.org", "list_email": "linux-ide@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260422080322.1006592-1-dayou5941@163.com>", "list_archive_url": null, "date": "2026-04-22T08:03:22", "name": "ata: libahci: fix panic when accessing ports beyond MMIO region", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "b8fbb8f50b80e12f6e1e4c058e62b9d65a517553", "submitter": { "id": 93214, "url": "http://patchwork.ozlabs.org/api/people/93214/?format=api", "name": null, "email": "dayou5941@163.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linux-ide/patch/20260422080322.1006592-1-dayou5941@163.com/mbox/", "series": [ { "id": 500939, "url": "http://patchwork.ozlabs.org/api/series/500939/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linux-ide/list/?series=500939", "date": "2026-04-22T08:03:22", "name": "ata: libahci: fix panic when accessing ports beyond MMIO region", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/500939/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2226083/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2226083/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <linux-ide+bounces-5505-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "linux-ide@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=163.com header.i=@163.com header.a=rsa-sha256\n header.s=s110527 header.b=R3Y7jc9H;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=linux-ide+bounces-5505-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=163.com header.i=@163.com\n header.b=\"R3Y7jc9H\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=220.197.31.3", "smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=163.com", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=163.com" ], "Received": [ "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0sPy0Tfkz1yD5\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 18:11:49 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id 95CE5300460C\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 08:03:49 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 0C35137BE98;\n\tWed, 22 Apr 2026 08:03:49 +0000 (UTC)", "from m16.mail.163.com (m16.mail.163.com [220.197.31.3])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id C88F037BE6F;\n\tWed, 22 Apr 2026 08:03:45 +0000 (UTC)", "from localhost.localdomain (unknown [])\n\tby gzsmtp4 (Coremail) with SMTP id PygvCgBHwy_MgOhpcBXyAw--.135S2;\n\tWed, 22 Apr 2026 16:03:27 +0800 (CST)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776845028; cv=none;\n b=ncT4LIzEsi4nJ6fKE3NlVAWotOqRS4PhUVfV7niv58/gZO8f/t/Cs6jGn9kNeLMlACvCxCty0XFxubNrNiAhWTAGGYgKDpK9UlbA0xV0Jc8ImEzP3fRSCccrQSBQLtFuTHZYqjMo4u47EjZjecu9Vp7AK2SdKK3+3AqITh+oNgo=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776845028; c=relaxed/simple;\n\tbh=urkZt31lbbLkpQNkQ/Fs6wvOVIIaHWPILqZE9IPJP4A=;\n\th=From:To:Cc:Subject:Date:Message-Id:MIME-Version;\n b=CWM8wGXAatRA/m+/DVAYoOgw/7Aso9NzMdACyWoqkUGYUREq0gHiyG5V0q3p4ikyBJootZ6s36f6eJ2Q0AUFOVgf1eh1uU9iAqmbXsvpCXgrCwYgE2tKv8H2GuhwnlMKIMPEWLFzM/M7WoOQwpXZcvjSp+wjL+LLLDdVNo1+Xps=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=none dis=none) header.from=163.com;\n spf=pass smtp.mailfrom=163.com;\n dkim=pass (1024-bit key) header.d=163.com header.i=@163.com\n header.b=R3Y7jc9H; arc=none smtp.client-ip=220.197.31.3", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;\n\ts=s110527; h=From:To:Subject:Date:Message-Id:MIME-Version; bh=dz\n\tUM66U/mmYOAhvCZdX3PhqgzKTSk0J60i999dBZQoM=; b=R3Y7jc9H2JG34YagoK\n\tFMZL4dJXP1451CeIuQa/4sMhycCTQNnBnBY7p2JSjE17mAtOFlI7Ey3wVZrfAN+3\n\thXmQcyxRqUROPEfFIR7BQ6XbbmSQU7mfvzKYl5FDMX0UmOufpUprPcSKIgVfHuRH\n\t/2tun59tQg04lIc3mckvOD8Uw=", "From": "dayou5941@163.com", "To": "dlemoal@kernel.org,\n\tcassel@kernel.org", "Cc": "linux-ide@vger.kernel.org,\n\tlinux-kernel@vger.kernel.org,\n\tliyouhong@kylinos.cn", "Subject": "[PATCH] ata: libahci: fix panic when accessing ports beyond MMIO\n region", "Date": "Wed, 22 Apr 2026 16:03:22 +0800", "Message-Id": "<20260422080322.1006592-1-dayou5941@163.com>", "X-Mailer": "git-send-email 2.25.1", "Precedence": "bulk", "X-Mailing-List": "linux-ide@vger.kernel.org", "List-Id": "<linux-ide.vger.kernel.org>", "List-Subscribe": "<mailto:linux-ide+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:linux-ide+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-CM-TRANSID": "PygvCgBHwy_MgOhpcBXyAw--.135S2", "X-Coremail-Antispam": "1Uf129KBjvJXoW3Jr1DAw47ur1kZr1kZr1UJrb_yoW3GFW5pF\n\tW5WryxGrWkXrWxXa18J34UtF13Aa98Aay7GrZFyw1aka1UC34qvryUtayYg3WUJw48JFy3\n\tKr1qqw1jkr1UJw7anT9S1TB71UUUUU7qnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2\n\t9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jFpB-UUUUU=", "X-CM-SenderInfo": "5gd103ivzuiqqrwthudrp/xtbC+Q-nlmnogM8CYgAA3p" }, "content": "From: liyouhong <liyouhong@kylinos.cn>\n\nCommit 18ee7c49f75b (\"ata: ahci: Introduce firmware-specific caps\ninitialization\") introduced a regression where the driver would\nattempt to access port registers beyond the mapped MMIO region when\nHOST_PORTS_IMPL and HOST_CAP contains invalid values.\n\nThis occurs in scenarios where:\n1. The AHCI controller is disabled by BIOS, causing registers to read\n as 0xFFFFFFFF.\n2. HOST_PORTS_IMPL indicates more ports than physically implemented.\n3. The actual MMIO region is smaller than needed for the indicated\nports.\n\nWhen the driver iterates through ports indicated in HOST_PORTS_IMPL and\naccesses PORT_CMD registers, it may calculate port offsets that exceed\nthe mapped MMIO region. On ARM64 systems, this causes a kernel panic.\nwhen attempting to read from the unmapped address.\n\nWhen mmio_size is 0x1000 and all ports need to be accessed.\nThe issue manifests as a panic in __raw_readl() when i=30, as the\ncalculated offset (0x1000) equals the typical MMIO region size (0x1000),\nplacing the access exactly at the boundary of the mapped region.\n\nThe log is as follows:\n[ 0.389751][ T1] Unable to handle kernel paging request at virtual address ffff800082916018\n[ 0.389752][ T1] Mem abort info:\n[ 0.389753][ T1] ESR = 0x0000000096000007\n[ 0.389754][ T1] EC = 0x25: D\nABT (current EL), IL = 32 bits\n[ 0.389756][ T1] SET = 0, FnV = 0\n[ 0.389757][ T1] EA = 0, S1PTW = 0\n[ 0.389758][ T1] FSC = 0x07: level 3 translation fault\n[ 0.389759][ T1] Data abort info:\n[ 0.389760][ T1] ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000\n[ 0.389761][ T1] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 0.389762][ T1] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 0.389764][ T1] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000e16b1000\n[ 0.389766][ T1] [ffff800082916018] pgd=10000000e264d003, p4d=10000000e264d003, pud=10000000e264e003, pmd=10000000e2653003, pte=0000000000000000\n[ 0.389772][ T1] Internal error: Oops: 0000000096000007 [#1] SMP\n[ 0.391912][ T1] Modules linked in:\n[ 0.397407][ T71] nvme nvme0: allocated 16 MiB host memory buffer (1 segment).\n[ 0.406067][ T71] nvme nvme0: 8/0/0 default/read/poll queues\n[ 0.426950][ T12] nvme0n1: p1 p2 p3 p4 p5 p6\n[ 0.427171][ T71] probe of 0000:01:00.0 returned 0 after 37797 usecs\n[ 0.428770][ T80] Freeing initrd memory: 39012K\n[ 12.823718][ T1] CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 7.0.0-dirty #3 PREEMPTLAZY \n[ 12.832490][ T1] Hardware name: ISOFTSTONE COMPUTER TianYaoW600 Series/EM_FC19M, BIOS KL4.2B.EM.D.R003.RTHF.260414.R 04/14/2026 16:26:14\n[ 12.844992][ T1] pstate: 00400009 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 12.852635][ T1] pc : ahci_init_one+0x6a8/0xf68\n[ 12.857417][ T1] lr : ahci_init_one+0x668/0xf68\n[ 12.862194][ T1] sp : ffff8000828aba20\n[ 12.866189][ T1] x29: ffff8000828aba20 x28: 000000000000001e x27: ffff800081742300\n[ 12.874007][ T1] x26: ffff0020289b8000 x25: 0000000000000001 x24: ffff002020f710d0\n[ 12.881823][ T1] x23: 0000000000000005 x22: ffff002026d9ee00 x21: ffff002026d9f280\n[ 12.889639][ T1] x20: ffff002020f71000 x19: 0000000000000000 x18: 00000000ffffffff\n[ 12.897456][ T1] x17: ffff002021c7c000 x16: ffff002020d6ee00 x15: ffff8000828ab850\n[ 12.905272][ T1] x14: ffff0020289ba42c x13: ffff0020289ba3f9 x12: 0101010101010101\n[ 12.913088][ T1] x11: 7f7f7f7f7f7f7f7f x10: 0000000000000078 x9 : ffff800080bdf1b0\n[ 12.920905][ T1] x8 : 0000000000000030 x7 : 0000000000000008 x6 : ffff800081271928\n[ 12.928721][ T1] x5 : 0000000000000030 x4 : 0000000000000030 x3 : 0000000000000000\n[ 12.936537][ T1] x2 : ffff002026d9f280 x1 : 0000000000001018 x0 : ffff800082916018\n[ 12.944354][ T1] Call trace:\n[ 12.947481][ T1] ahci_init_one+0x6a8/0xf68 (P)\n[ 12.952260][ T1] local_pci_probe+0x44/0xb0\n[ 12.956693][ T1] pci_device_probe+0xd4/0x268\n[ 12.961298][ T1] really_probe+0xc4/0x3e8\n[ 12.965557][ T1] __driver_probe_device+0xd4/0x188\n[ 12.970595][ T1] driver_probe_device+0x40/0x118\n[ 12.975460][ T1] __driver_attach+0xe8/0x218\n[ 12.979977][ T1] bus_for_each_dev+0x7c/0xe0\n[ 12.984494][ T1] driver_attach+0x28/0x38\n[ 12.988751][ T1] bus_add_driver+0x120/0x248\n[ 12.993269][ T1] driver_register+0x60/0x128\n[ 12.997787][ T1] __pci_register_driver+0x50/0x60\n[ 13.002739][ T1] ahci_pci_driver_init+0x28/0x38\n[ 13.007605][ T1] do_one_initcall+0x58/0x450\n[ 13.012124][ T1] kernel_init_freeable+0x1fc/0x560\n[ 13.017164][ T1] kernel_init+0x28/0x1f8\n[ 13.021337][ T1] ret_from_fork+0x10/0x20\n[ 13.025596][ T1] Code: 53196021 91046021 f9400840 8b010000 (b9400000) \n[ 13.032370][ T1] ---[ end trace 0000000000000000 ]---\n[ 13.037737][ T1] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n[ 13.046077][ T1] SMP: stopping secondary CPUs\n[ 13.050684][ T1] Kernel Offset: disabled\n[ 13.054852][ T1] CPU features: 0x0000000,000e0005,40230521,0401720b\n[ 13.061366][ T1] Memory Limit: none\n[ 13.065102][ T1] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---\n\nFix this by adding bounds checking in ahci_save_initial_config(). Before\naccessing each port's PORT_CMD register, verify that the port's register\nblock offset is within the mapped MMIO region. Skip any ports that would\nrequire accessing memory beyond the mapped region.\n\nFixes: 18ee7c49f75b (\"ata: ahci: Introduce firmware-specific caps initialization\")\nSigned-off-by: liyouhong <liyouhong@kylinos.cn>", "diff": "diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c\nindex 2d1ca9f2f546..69de3560aeec 100644\n--- a/drivers/ata/libahci.c\n+++ b/drivers/ata/libahci.c\n@@ -468,6 +468,8 @@ void ahci_save_initial_config(struct device *dev, struct ahci_host_priv *hpriv)\n \tvoid __iomem *port_mmio;\n \tunsigned long port_map;\n \tu32 cap, cap2, vers;\n+\tunsigned long long mmio_size = 0;\n+\tbool is_pci_dev = false;\n \tint i;\n \n \t/* make sure AHCI mode is enabled before accessing CAP */\n@@ -595,6 +597,13 @@ void ahci_save_initial_config(struct device *dev, struct ahci_host_priv *hpriv)\n \t\thpriv->saved_port_map = port_map;\n \t}\n \n+\tis_pci_dev = dev_is_pci(dev);\n+\tif (is_pci_dev) {\n+\t\tstruct pci_dev *pdev = to_pci_dev(dev);\n+\n+\t\tmmio_size = (unsigned long long)pci_resource_len(pdev, 5);\n+\t}\n+\n \t/*\n \t * Preserve the ports capabilities defined by the platform. Note there\n \t * is no need in storing the rest of the P#.CMD fields since they are\n@@ -605,6 +614,29 @@ void ahci_save_initial_config(struct device *dev, struct ahci_host_priv *hpriv)\n \t\t\tcontinue;\n \n \t\tport_mmio = __ahci_port_base(hpriv, i);\n+\n+\t\t/* Calculate offset from MMIO base */\n+\t\tunsigned long long port_offset = (unsigned long long)port_mmio -\n+\t\t\t\t\t\t (unsigned long long)mmio;\n+\t\t/* Check if port register block is within MMIO region */\n+\t\tif (is_pci_dev && port_offset >= mmio_size) {\n+\t\t\t/*\n+\t\t\t * Port registers exceed MMIO region boundary.\n+\t\t\t * Since ports are sequentially mapped (0x100 + i*0x80),\n+\t\t\t * all subsequent ports will also exceed the boundary.\n+\t\t\t *\n+\t\t\t * Update port_map to exclude this and all higher ports,\n+\t\t\t * then break out of the loop.\n+\t\t\t */\n+\t\t\tdev_warn(dev, \"Port %d (offset 0x%llx) exceeds MMIO region (0x%llx),\n+\t\t\t\t truncating port map at port %d\\n\",\n+\t\t\t\t i, port_offset, mmio_size, i-1);\n+\n+\t\t\tport_map = (1UL << i) - 1;\n+\t\t\thpriv->saved_port_map = port_map;\n+\t\t\tbreak;\n+\t\t}\n+\n \t\thpriv->saved_port_cap[i] =\n \t\t\treadl(port_mmio + PORT_CMD) & PORT_CMD_CAP;\n \t}\n", "prefixes": [] }