Re: [PATCH] mbigen: don't clear eventid when free_irq

From: Chen Jianguo
Date: Thu Mar 21 2019 - 09:21:54 EST



Hi Marc
On 2019/3/21 17:11, Marc Zyngier wrote:
On Sat, 16 Mar 2019 11:15:03 +0000
chenjianguo <chenjianguo3@xxxxxxxxxx> wrote:

From: Jianguo Chen <chenjianguo3@xxxxxxxxxx>

mbigen_write_msg clears eventid bits of a mbigen register
when free a interrupt, because msi_domain_deactivate memset
struct msg to zero. Then multiple mbigen pins with zero eventid
will report the same interrupt number.

The eventid clear call trace:
free_irq
__free_irq
irq_shutdown
irq_domain_deactivate_irq
__irq_domain_deactivate_irq
__irq_domain_deactivate_irq
msi_domain_deactivate
platform_msi_write_msg
mbigen_write_msg

Signed-off-by: Jianguo Chen <chenjianguo3@xxxxxxxxxx>
---
drivers/irqchip/irq-mbigen.c | 3 +++
1 file changed, 3 insertions(+)

diff --git a/drivers/irqchip/irq-mbigen.c b/drivers/irqchip/irq-mbigen.c
index 567b29c..fad7291 100644
--- a/drivers/irqchip/irq-mbigen.c
+++ b/drivers/irqchip/irq-mbigen.c
@@ -161,6 +161,9 @@ static void mbigen_write_msg(struct msi_desc *desc,
struct msi_msg *msg)
void __iomem *base = d->chip_data;
u32 val;

+ if (!msg->address_lo && !msg->address_hi)
+ return;
+
base += get_mbigen_vec_reg(d->hwirq);
val = readl_relaxed(base);


For whatever reason, I couldn't apply this patch (even when fishing a
copy of this email from the archives). It seems to be corrupted is
various ways, so I had to write the patch from scratch, which is not the
most reliable way to work. Good thing this was something trivial, I
wouldn't do it for something more complicated.

In the future, please make sure to use 'git send-email' to send your
patches, as it is known to work correctly.

Thanks,

M.


Mbigen vector register and pin structure shows as below:

event id 0 1 2 127
vector register reg0 reg1 reg2 reg127
| | | |
MBIGEN pin0 pin1 pin2 ... pin127
|-----|-----|-----|-----|
| | | | |
device interrupt num0 num1 num2 num127

Suppose a device driver requested irq num0 and num1 at the beginning, and for some reason it freed irq num1, mbigen_write_msg will write reg1 with event id 0. Then the pin1 probably mistakenly report interrupt num0 to device driver if there is a signal on the pin.


event id 0 0 2 127
vector register reg0 reg1 reg2 reg127
| | | |
MBIGEN pin0 pin1 pin2 ... pin127
|-----|-----|-----|-----|
| | | | |
device interrup num0 num1 num2 num127

Thanks,
Jianguo Chen