| Message ID | 20240111085540.7740-2-pstanner@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | Regather scattered PCI-Code | expand |
On Thu, Jan 11, 2024 at 09:55:36AM +0100, Philipp Stanner wrote: > pci_iounmap() in lib/pci_iomap.c is supposed to check whether an address > is within ioport-range IF the config specifies that ioports exist. If > so, the port should be unmapped with ioport_unmap(). If not, it's a > generic MMIO address that has to be passed to iounmap(). > > The bugs are: > 1. ioport_unmap() is missing entirely, so this function will never > actually unmap a port. The preceding comment suggests that in this default implementation, the ioport does not need unmapping, and it wasn't something it was supposed to do but just failed to do: * NOTE! This default implementation assumes that if the architecture * support ioport mapping (HAS_IOPORT_MAP), the ioport mapping will * be fixed to the range [ PCI_IOBASE, PCI_IOBASE+IO_SPACE_LIMIT [, * and does not need unmapping with 'ioport_unmap()'. * * If you have different rules for your architecture, you need to * implement your own pci_iounmap() that knows the rules for where * and how IO vs MEM get mapped. Almost all ioport_unmap() implementations are empty, so in most cases it's a no-op (parisc is an exception). I'm happy to add the ioport_unmap() even just for symmetry, but if we do, I think we should update or remove that comment. > 2. the #ifdef for the ioport-ranges accidentally also guards > iounmap(), potentially compiling an empty function. This would > cause the mapping to be leaked. > > Implement the missing call to ioport_unmap(). > > Move the guard so that iounmap() will always be part of the function. I think we should fix this bug in a separate patch because the ioport_unmap() is much more subtle and doesn't need to be complicated with this fix. > CC: <stable@vger.kernel.org> # v5.15+ > Fixes: 316e8d79a095 ("pci_iounmap'2: Electric Boogaloo: try to make sense of it all") > Reported-by: Danilo Krummrich <dakr@redhat.com> Is there a URL we can include for Danilo's report? I found https://lore.kernel.org/all/a6ef92ae-0747-435b-822d-d0229da4683c@redhat.com/, but I'm not sure that's the right part of the conversation. > Suggested-by: Arnd Bergmann <arnd@kernel.org> > Signed-off-by: Philipp Stanner <pstanner@redhat.com> > Reviewed-by: Arnd Bergmann <arnd@arndb.de> > --- > lib/pci_iomap.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/lib/pci_iomap.c b/lib/pci_iomap.c > index ce39ce9f3526..6e144b017c48 100644 > --- a/lib/pci_iomap.c > +++ b/lib/pci_iomap.c > @@ -168,10 +168,12 @@ void pci_iounmap(struct pci_dev *dev, void __iomem *p) > uintptr_t start = (uintptr_t) PCI_IOBASE; > uintptr_t addr = (uintptr_t) p; > > - if (addr >= start && addr < start + IO_SPACE_LIMIT) > + if (addr >= start && addr < start + IO_SPACE_LIMIT) { > + ioport_unmap(p); > return; > - iounmap(p); > + } > #endif > + iounmap(p); > } > EXPORT_SYMBOL(pci_iounmap); > > -- > 2.43.0 >
On Tue, 2024-01-23 at 12:46 -0600, Bjorn Helgaas wrote: > On Thu, Jan 11, 2024 at 09:55:36AM +0100, Philipp Stanner wrote: > > pci_iounmap() in lib/pci_iomap.c is supposed to check whether an > > address > > is within ioport-range IF the config specifies that ioports exist. > > If > > so, the port should be unmapped with ioport_unmap(). If not, it's a > > generic MMIO address that has to be passed to iounmap(). > > > > The bugs are: > > 1. ioport_unmap() is missing entirely, so this function will > > never > > actually unmap a port. > > The preceding comment suggests that in this default implementation, > the ioport does not need unmapping, and it wasn't something it was > supposed to do but just failed to do: > > * NOTE! This default implementation assumes that if the architecture > * support ioport mapping (HAS_IOPORT_MAP), the ioport mapping will > * be fixed to the range [ PCI_IOBASE, PCI_IOBASE+IO_SPACE_LIMIT [, > * and does not need unmapping with 'ioport_unmap()'. > * > * If you have different rules for your architecture, you need to > * implement your own pci_iounmap() that knows the rules for where > * and how IO vs MEM get mapped. > > Almost all ioport_unmap() implementations are empty, so in most cases > it's a no-op (parisc is an exception). That sounds correct. > > I'm happy to add the ioport_unmap() even just for symmetry, but if we > do, I think we should update or remove that comment. Yes, I think it's the right way: either all architectures should provide ioport_unmap(), empty or not, or all should use a centralized PCI function I can remove the wrong statement. > > > 2. the #ifdef for the ioport-ranges accidentally also guards > > iounmap(), potentially compiling an empty function. This would > > cause the mapping to be leaked. > > > > Implement the missing call to ioport_unmap(). > > > > Move the guard so that iounmap() will always be part of the > > function. > > I think we should fix this bug in a separate patch because the > ioport_unmap() is much more subtle and doesn't need to be complicated > with this fix. If we agree that one is a bug and the other isn't, then ACK, we should probably split it. > > > CC: <stable@vger.kernel.org> # v5.15+ > > Fixes: 316e8d79a095 ("pci_iounmap'2: Electric Boogaloo: try to make > > sense of it all") > > Reported-by: Danilo Krummrich <dakr@redhat.com> > > Is there a URL we can include for Danilo's report? I found > https://lore.kernel.org/all/a6ef92ae-0747-435b-822d-d0229da4683c@redhat.com/ > , > but I'm not sure that's the right part of the conversation. He pointed out it's a bug in an offlist conversation with me. The link you provided is his only public statement about the topic. The Reported-by served more acknowledging the contribution than issue- tracking P. > > > Suggested-by: Arnd Bergmann <arnd@kernel.org> > > Signed-off-by: Philipp Stanner <pstanner@redhat.com> > > Reviewed-by: Arnd Bergmann <arnd@arndb.de> > > --- > > lib/pci_iomap.c | 6 ++++-- > > 1 file changed, 4 insertions(+), 2 deletions(-) > > > > diff --git a/lib/pci_iomap.c b/lib/pci_iomap.c > > index ce39ce9f3526..6e144b017c48 100644 > > --- a/lib/pci_iomap.c > > +++ b/lib/pci_iomap.c > > @@ -168,10 +168,12 @@ void pci_iounmap(struct pci_dev *dev, void > > __iomem *p) > > uintptr_t start = (uintptr_t) PCI_IOBASE; > > uintptr_t addr = (uintptr_t) p; > > > > - if (addr >= start && addr < start + IO_SPACE_LIMIT) > > + if (addr >= start && addr < start + IO_SPACE_LIMIT) { > > + ioport_unmap(p); > > return; > > - iounmap(p); > > + } > > #endif > > + iounmap(p); > > } > > EXPORT_SYMBOL(pci_iounmap); > > > > -- > > 2.43.0 > > >
diff --git a/lib/pci_iomap.c b/lib/pci_iomap.c index ce39ce9f3526..6e144b017c48 100644 --- a/lib/pci_iomap.c +++ b/lib/pci_iomap.c @@ -168,10 +168,12 @@ void pci_iounmap(struct pci_dev *dev, void __iomem *p) uintptr_t start = (uintptr_t) PCI_IOBASE; uintptr_t addr = (uintptr_t) p; - if (addr >= start && addr < start + IO_SPACE_LIMIT) + if (addr >= start && addr < start + IO_SPACE_LIMIT) { + ioport_unmap(p); return; - iounmap(p); + } #endif + iounmap(p); } EXPORT_SYMBOL(pci_iounmap);
pci_iounmap() in lib/pci_iomap.c is supposed to check whether an address is within ioport-range IF the config specifies that ioports exist. If so, the port should be unmapped with ioport_unmap(). If not, it's a generic MMIO address that has to be passed to iounmap(). The bugs are: 1. ioport_unmap() is missing entirely, so this function will never actually unmap a port. 2. the #ifdef for the ioport-ranges accidentally also guards iounmap(), potentially compiling an empty function. This would cause the mapping to be leaked. Implement the missing call to ioport_unmap(). Move the guard so that iounmap() will always be part of the function. CC: <stable@vger.kernel.org> # v5.15+ Fixes: 316e8d79a095 ("pci_iounmap'2: Electric Boogaloo: try to make sense of it all") Reported-by: Danilo Krummrich <dakr@redhat.com> Suggested-by: Arnd Bergmann <arnd@kernel.org> Signed-off-by: Philipp Stanner <pstanner@redhat.com> Reviewed-by: Arnd Bergmann <arnd@arndb.de> --- lib/pci_iomap.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)