Patchwork [1/1] AMD64_EDAC: Fix incorrect wrap arounds due to left shift beyond 32 bits.

login
register
mail settings
Submitter Aravind Gopalakrishnan
Date Aug. 20, 2013, 12:27 a.m.
Message ID <1376958472-2150-2-git-send-email-Aravind.Gopalakrishnan@amd.com>
Download mbox | patch
Permalink /patch/268328/
State Not Applicable
Headers show

Comments

Aravind Gopalakrishnan - Aug. 20, 2013, 12:27 a.m.
Link to the bug report:
http://marc.info/?l=linux-edac&m=137692201732220&w=2

dct_base and dct_limit obtain 32 bit register values when they read their
respective pci config space registers. A left shift beyond 32 bits will
cause them to wrap around. Similar case for chan_addr as can be seen from
the bug report. In the patch, we rectify this by casting chan_addr to u64
and by comparing dct_base and dct_limit against (sys_addr >> 27)

Tested on F15h, M30h with ECC turned on and works fine.

Signed-off-by: Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>
Borislav Petkov - Aug. 23, 2013, 9:37 p.m.
On Mon, Aug 19, 2013 at 07:27:52PM -0500, Aravind Gopalakrishnan wrote:
> Link to the bug report:
> http://marc.info/?l=linux-edac&m=137692201732220&w=2
> 
> dct_base and dct_limit obtain 32 bit register values when they read their
> respective pci config space registers. A left shift beyond 32 bits will
> cause them to wrap around. Similar case for chan_addr as can be seen from
> the bug report. In the patch, we rectify this by casting chan_addr to u64
> and by comparing dct_base and dct_limit against (sys_addr >> 27)
> 
> Tested on F15h, M30h with ECC turned on and works fine.
> 
> Signed-off-by: Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>
> 
> diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
> index b86228c..eb4793e 100644
> --- a/drivers/edac/amd64_edac.c
> +++ b/drivers/edac/amd64_edac.c
> @@ -1558,11 +1558,12 @@ static int f15_m30h_match_to_this_node(struct amd64_pvt *pvt, unsigned range,
>  	}
>  
>  	/* Verify sys_addr is within DCT Range. */
> -	dct_base = (dct_sel_baseaddr(pvt) << 27);
> -	dct_limit = (((dct_cont_limit_reg >> 11) & 0x1FFF) << 27) | 0x7FFFFFF;
> +	dct_base = dct_sel_baseaddr(pvt);

This can't be correct.

So the original patch takes the shifted dct_base while your change
doesn't anymore...

> +	dct_limit = (dct_cont_limit_reg >> 11) & 0x1FFF;
>  
>  	if (!(dct_cont_base_reg & BIT(0)) &&
> -	    !(dct_base <= sys_addr && dct_limit >= sys_addr))
> +	    !(dct_base <= (sys_addr >> 27) &&
> +	      dct_limit >= (sys_addr >> 27)))

... and while this comparison shifts sys_addr to use the proper bits,
the code does this assignment later:

	chan_offset = dct_base;

Now, chan_offset has the << 27 version of dct_base which makes the following
calculation wrong:

	chan_addr = sys_addr - chan_offset;

because sys_addr is the full 64-bit, unshifted value.

The right thing to do would be to do:

	chan_offset = dct_base << 27;

Or am I missing something?
Aravind Gopalakrishnan - Aug. 23, 2013, 11:07 p.m.
On 8/23/2013 4:37 PM, Borislav Petkov wrote:
> On Mon, Aug 19, 2013 at 07:27:52PM -0500, Aravind Gopalakrishnan wrote:
>> Link to the bug report:
>> http://marc.info/?l=linux-edac&m=137692201732220&w=2
>>
>> dct_base and dct_limit obtain 32 bit register values when they read their
>> respective pci config space registers. A left shift beyond 32 bits will
>> cause them to wrap around. Similar case for chan_addr as can be seen from
>> the bug report. In the patch, we rectify this by casting chan_addr to u64
>> and by comparing dct_base and dct_limit against (sys_addr >> 27)
>>
>> Tested on F15h, M30h with ECC turned on and works fine.
>>
>> Signed-off-by: Aravind Gopalakrishnan <Aravind.Gopalakrishnan@amd.com>
>>
>> diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
>> index b86228c..eb4793e 100644
>> --- a/drivers/edac/amd64_edac.c
>> +++ b/drivers/edac/amd64_edac.c
>> @@ -1558,11 +1558,12 @@ static int f15_m30h_match_to_this_node(struct amd64_pvt *pvt, unsigned range,
>>   	}
>>   
>>   	/* Verify sys_addr is within DCT Range. */
>> -	dct_base = (dct_sel_baseaddr(pvt) << 27);
>> -	dct_limit = (((dct_cont_limit_reg >> 11) & 0x1FFF) << 27) | 0x7FFFFFF;
>> +	dct_base = dct_sel_baseaddr(pvt);
> This can't be correct.
>
> So the original patch takes the shifted dct_base while your change
> doesn't anymore...
>
>> +	dct_limit = (dct_cont_limit_reg >> 11) & 0x1FFF;
>>   
>>   	if (!(dct_cont_base_reg & BIT(0)) &&
>> -	    !(dct_base <= sys_addr && dct_limit >= sys_addr))
>> +	    !(dct_base <= (sys_addr >> 27) &&
>> +	      dct_limit >= (sys_addr >> 27)))
> ... and while this comparison shifts sys_addr to use the proper bits,
> the code does this assignment later:
>
> 	chan_offset = dct_base;
>
> Now, chan_offset has the << 27 version of dct_base which makes the following
> calculation wrong:
>
> 	chan_addr = sys_addr - chan_offset;
Oops. my apologies.
> because sys_addr is the full 64-bit, unshifted value.
>
> The right thing to do would be to do:
>
> 	chan_offset = dct_base << 27;
>
> Or am I missing something?
>
No, you are right.

I am re-sending the patch.

Thanks,
-Aravind.


--
To unsubscribe from this list: send the line "unsubscribe linux-pci" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
index b86228c..eb4793e 100644
--- a/drivers/edac/amd64_edac.c
+++ b/drivers/edac/amd64_edac.c
@@ -1558,11 +1558,12 @@  static int f15_m30h_match_to_this_node(struct amd64_pvt *pvt, unsigned range,
 	}
 
 	/* Verify sys_addr is within DCT Range. */
-	dct_base = (dct_sel_baseaddr(pvt) << 27);
-	dct_limit = (((dct_cont_limit_reg >> 11) & 0x1FFF) << 27) | 0x7FFFFFF;
+	dct_base = dct_sel_baseaddr(pvt);
+	dct_limit = (dct_cont_limit_reg >> 11) & 0x1FFF;
 
 	if (!(dct_cont_base_reg & BIT(0)) &&
-	    !(dct_base <= sys_addr && dct_limit >= sys_addr))
+	    !(dct_base <= (sys_addr >> 27) &&
+	      dct_limit >= (sys_addr >> 27)))
 		return -EINVAL;
 
 	/* Verify number of dct's that participate in channel interleaving. */
@@ -1614,7 +1615,7 @@  static int f15_m30h_match_to_this_node(struct amd64_pvt *pvt, unsigned range,
 		amd64_read_pci_cfg(pvt->F1,
 				   DRAM_CONT_HIGH_OFF + (int) channel * 4,
 				   &tmp);
-		chan_addr +=  ((tmp >> 11) & 0xfff) << 27;
+		chan_addr +=  (u64) ((tmp >> 11) & 0xfff) << 27;
 	}
 
 	f15h_select_dct(pvt, channel);