MIRRORS/linux-imx
1
0
Fork 0
mirror of https://github.com/nxp-imx/linux-imx.git synced 2026-01-27 12:35:36 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
6ed0fd23b8
linux-imx/drivers/staging
History
Vladimir Oltean e0f9e2afd4 staging: fsl_qbman: don't dereference portal affine to CPU when it's redirected 
When using a cmdline such as "bportals=s0 qportals=s0", Linux is given a
single QMan and a single BMan portal which is shared among all CPUs, and
accessed with locking.

This is only supported for the staging SDK QBMan driver and not for the
upstream variant.

In a strange twist of events, qman_create_affine_slave() also sets
affine_portals[] for CPUs which use the portal affine to a different CPU
(aka "slaves" here), and just have portal->sharing_redirect set to that
other portal.

But that panics the kernel hard, because these dummy portals, not
having been created by qman_create_portal(), have uninitialized struct
qm_portal :: addr, eqcr, dqrr, etc, but also portal->config. So any time
these are dereferenced, the kernel panics.

There are actually 2 code paths which are in this situation:

qman_enable_irqs()
-> qm_isr_status_clear()
   -> __qm_isr_write()
      -> __qm_out(&portal->addr, ...) // portal->addr uninitialized

qm_shutdown_fq()
-> qm_get_portal_for_channel()
   -> qman_p_get_portal_config()
      -> &p->config->public_cfg // p->config uninitialized

Both functions were actually copied over from the upstream QBMan driver
(for the purpose of kexec support), which does not support portal
sharing and thus the problem does not exist there.

Actually, we need to take into consideration in these code paths only
those affine portals created by qman_create_affine_portal(), and not the
fake ones with sharing_redirect. The qman_create_affine_portal() sets
the CPU in the &affine_mask retrievable through qman_affine_cpus().

This is also the way in which dpaa_eth_add_channel() from
drivers/net/ethernet/freescale/sdk_dpaa/dpaa_eth_common.c avoids the
fake channels, when dereferencing the affine_cpus[] array through the
qman_get_affine_portal() API method.

Fixes: a218c908c8 ("staging: fsl_qbman: account for pre-initialized BARs in case of kexec")
Fixes: 78ff3aa0713b ("staging: fsl_qbman: use correct portal for static dequeues in qm_shutdown_fq()")
Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com>
2024-11-20 01:01:49 +02:00
..
axis-fifo
board
emxx_udc
ethosu Fix checkpatch issues for commit 7ca0f0f180 2024-07-25 17:18:04 +08:00
fbtft
fieldbus
fsl_ppfe
fsl_qbman staging: fsl_qbman: don't dereference portal affine to CPU when it's redirected 2024-11-20 01:01:49 +02:00
fsl-dpaa2
gdm724x
greybus greybus: arche-ctrl: move device table to its right location 2024-06-12 11:12:17 +02:00
iio staging: iio: frequency: ad9834: Validate frequency parameter value 2024-09-12 11:11:40 +02:00
ks7010 staging: ks7010: disable bh on tx_dev_lock 2024-08-29 17:33:26 +02:00
media LF-12531: imx: pi: fix capture image bottom edge green line 2024-11-06 17:00:15 +08:00
most
neutron AIR-11882: neutron: Enable neutron memory cache to improve npu benchmark performance 2024-11-19 16:15:19 +08:00
nvec
octeon
olpc_dcon
pi433
qlge
rtl8192e
rtl8192u
rtl8712
rtl8723bs
rts5208
sm750fb
vc04_services staging: vc04_services: fix information leak in create_component() 2024-04-03 15:28:59 +02:00
vme_user
vt6655
vt6656
wlan-ng
Kconfig
Makefile