From b3aa20ba2ba8072b73bd799605b8c98927b7056c Mon Sep 17 00:00:00 2001 From: Vaibhav Jain Date: Fri, 2 Jun 2017 22:26:48 +0530 Subject: cxl: Avoid double free_irq() for psl,slice interrupts During an eeh call to cxl_remove can result in double free_irq of psl,slice interrupts. This can happen if perst_reloads_same_image == 1 and call to cxl_configure_adapter() fails during slot_reset callback. In such a case we see a kernel oops with following back-trace: Oops: Kernel access of bad area, sig: 11 [#1] Call Trace: free_irq+0x88/0xd0 (unreliable) cxl_unmap_irq+0x20/0x40 [cxl] cxl_native_release_psl_irq+0x78/0xd8 [cxl] pci_deconfigure_afu+0xac/0x110 [cxl] cxl_remove+0x104/0x210 [cxl] pci_device_remove+0x6c/0x110 device_release_driver_internal+0x204/0x2e0 pci_stop_bus_device+0xa0/0xd0 pci_stop_and_remove_bus_device+0x28/0x40 pci_hp_remove_devices+0xb0/0x150 pci_hp_remove_devices+0x68/0x150 eeh_handle_normal_event+0x140/0x580 eeh_handle_event+0x174/0x360 eeh_event_handler+0x1e8/0x1f0 This patch fixes the issue of double free_irq by checking that variables that hold the virqs (err_hwirq, serr_hwirq, psl_virq) are not '0' before un-mapping and resetting these variables to '0' when they are un-mapped. Cc: stable@vger.kernel.org Signed-off-by: Vaibhav Jain Reviewed-by: Andrew Donnellan Acked-by: Frederic Barrat Signed-off-by: Michael Ellerman --- drivers/misc/cxl/native.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'drivers/misc/cxl') diff --git a/drivers/misc/cxl/native.c b/drivers/misc/cxl/native.c index 871a2f09c718..8d6ea9712dbd 100644 --- a/drivers/misc/cxl/native.c +++ b/drivers/misc/cxl/native.c @@ -1302,13 +1302,16 @@ int cxl_native_register_psl_err_irq(struct cxl *adapter) void cxl_native_release_psl_err_irq(struct cxl *adapter) { - if (adapter->native->err_virq != irq_find_mapping(NULL, adapter->native->err_hwirq)) + if (adapter->native->err_virq == 0 || + adapter->native->err_virq != + irq_find_mapping(NULL, adapter->native->err_hwirq)) return; cxl_p1_write(adapter, CXL_PSL_ErrIVTE, 0x0000000000000000); cxl_unmap_irq(adapter->native->err_virq, adapter); cxl_ops->release_one_irq(adapter, adapter->native->err_hwirq); kfree(adapter->irq_name); + adapter->native->err_virq = 0; } int cxl_native_register_serr_irq(struct cxl_afu *afu) @@ -1346,13 +1349,15 @@ int cxl_native_register_serr_irq(struct cxl_afu *afu) void cxl_native_release_serr_irq(struct cxl_afu *afu) { - if (afu->serr_virq != irq_find_mapping(NULL, afu->serr_hwirq)) + if (afu->serr_virq == 0 || + afu->serr_virq != irq_find_mapping(NULL, afu->serr_hwirq)) return; cxl_p1n_write(afu, CXL_PSL_SERR_An, 0x0000000000000000); cxl_unmap_irq(afu->serr_virq, afu); cxl_ops->release_one_irq(afu->adapter, afu->serr_hwirq); kfree(afu->err_irq_name); + afu->serr_virq = 0; } int cxl_native_register_psl_irq(struct cxl_afu *afu) @@ -1375,12 +1380,15 @@ int cxl_native_register_psl_irq(struct cxl_afu *afu) void cxl_native_release_psl_irq(struct cxl_afu *afu) { - if (afu->native->psl_virq != irq_find_mapping(NULL, afu->native->psl_hwirq)) + if (afu->native->psl_virq == 0 || + afu->native->psl_virq != + irq_find_mapping(NULL, afu->native->psl_hwirq)) return; cxl_unmap_irq(afu->native->psl_virq, afu); cxl_ops->release_one_irq(afu->adapter, afu->native->psl_hwirq); kfree(afu->psl_irq_name); + afu->native->psl_virq = 0; } static void recover_psl_err(struct cxl_afu *afu, u64 errstat) -- cgit v1.2.3 From cec422c11caeeccae709e9942058b6b644ce434c Mon Sep 17 00:00:00 2001 From: Frederic Barrat Date: Tue, 6 Jun 2017 11:43:41 +0200 Subject: cxl: Fix error path on bad ioctl Fix error path if we can't copy user structure on CXL_IOCTL_START_WORK ioctl. We shouldn't unlock the context status mutex as it was not locked (yet). Fixes: 0712dc7e73e5 ("cxl: Fix issues when unmapping contexts") Cc: stable@vger.kernel.org # v3.19+ Signed-off-by: Frederic Barrat Reviewed-by: Vaibhav Jain Reviewed-by: Andrew Donnellan Signed-off-by: Michael Ellerman --- drivers/misc/cxl/file.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'drivers/misc/cxl') diff --git a/drivers/misc/cxl/file.c b/drivers/misc/cxl/file.c index 17b433f1ce23..0761271d68c5 100644 --- a/drivers/misc/cxl/file.c +++ b/drivers/misc/cxl/file.c @@ -159,11 +159,8 @@ static long afu_ioctl_start_work(struct cxl_context *ctx, /* Do this outside the status_mutex to avoid a circular dependency with * the locking in cxl_mmap_fault() */ - if (copy_from_user(&work, uwork, - sizeof(struct cxl_ioctl_start_work))) { - rc = -EFAULT; - goto out; - } + if (copy_from_user(&work, uwork, sizeof(work))) + return -EFAULT; mutex_lock(&ctx->status_mutex); if (ctx->status != OPENED) { -- cgit v1.2.3 From 797625deaedd9a0621376817db2813244b3246e3 Mon Sep 17 00:00:00 2001 From: Christophe Lombard Date: Tue, 13 Jun 2017 17:41:05 +0200 Subject: cxl: Fixes for Coherent Accelerator Interface Architecture 2.0 A previous set of patches "cxl: Add support for Coherent Accelerator Interface Architecture 2.0" has introduced a new support for the CAPI cards. These patches have been tested on Simulation environment and quite a bit of them have been tested on real hardware. This patch brings new fixes after a series of tests carried out on new equipment: - Add POWER9 definition. - Re-enable any masked interrupts when the AFU is not activated after resetting the AFU. - Remove the api cxl_is_psl8/9 which is no longer useful. - Do not dump CAPI1 registers. - Rewrite cxl_is_page_fault() function. - Do not register slb callack on P9. Fixes: f24be42aab37 ("cxl: Add psl9 specific code") Signed-off-by: Christophe Lombard Acked-by: Frederic Barrat Signed-off-by: Michael Ellerman --- drivers/misc/cxl/context.c | 6 +++--- drivers/misc/cxl/cxl.h | 18 +++++------------- drivers/misc/cxl/fault.c | 23 +++++++++++++++-------- drivers/misc/cxl/main.c | 17 +++++++++++++---- drivers/misc/cxl/native.c | 29 +++++++++++++++++------------ drivers/misc/cxl/pci.c | 11 ++++------- 6 files changed, 57 insertions(+), 47 deletions(-) (limited to 'drivers/misc/cxl') diff --git a/drivers/misc/cxl/context.c b/drivers/misc/cxl/context.c index 4472ce11f98d..8c32040b9c09 100644 --- a/drivers/misc/cxl/context.c +++ b/drivers/misc/cxl/context.c @@ -45,7 +45,7 @@ int cxl_context_init(struct cxl_context *ctx, struct cxl_afu *afu, bool master) mutex_init(&ctx->mapping_lock); ctx->mapping = NULL; - if (cxl_is_psl8(afu)) { + if (cxl_is_power8()) { spin_lock_init(&ctx->sste_lock); /* @@ -189,7 +189,7 @@ int cxl_context_iomap(struct cxl_context *ctx, struct vm_area_struct *vma) if (start + len > ctx->afu->adapter->ps_size) return -EINVAL; - if (cxl_is_psl9(ctx->afu)) { + if (cxl_is_power9()) { /* * Make sure there is a valid problem state * area space for this AFU. @@ -324,7 +324,7 @@ static void reclaim_ctx(struct rcu_head *rcu) { struct cxl_context *ctx = container_of(rcu, struct cxl_context, rcu); - if (cxl_is_psl8(ctx->afu)) + if (cxl_is_power8()) free_page((u64)ctx->sstp); if (ctx->ff_page) __free_page(ctx->ff_page); diff --git a/drivers/misc/cxl/cxl.h b/drivers/misc/cxl/cxl.h index c8568ea7c518..a03f8e7535e5 100644 --- a/drivers/misc/cxl/cxl.h +++ b/drivers/misc/cxl/cxl.h @@ -357,6 +357,7 @@ static const cxl_p2n_reg_t CXL_PSL_WED_An = {0x0A0}; #define CXL_PSL9_DSISR_An_PF_RGP 0x0000000000000090ULL /* PTE not found (Radix Guest (parent)) 0b10010000 */ #define CXL_PSL9_DSISR_An_PF_HRH 0x0000000000000094ULL /* PTE not found (HPT/Radix Host) 0b10010100 */ #define CXL_PSL9_DSISR_An_PF_STEG 0x000000000000009CULL /* PTE not found (STEG VA) 0b10011100 */ +#define CXL_PSL9_DSISR_An_URTCH 0x00000000000000B4ULL /* Unsupported Radix Tree Configuration 0b10110100 */ /****** CXL_PSL_TFC_An ******************************************************/ #define CXL_PSL_TFC_An_A (1ull << (63-28)) /* Acknowledge non-translation fault */ @@ -844,24 +845,15 @@ static inline bool cxl_is_power8(void) static inline bool cxl_is_power9(void) { - /* intermediate solution */ - if (!cxl_is_power8() && - (cpu_has_feature(CPU_FTRS_POWER9) || - cpu_has_feature(CPU_FTR_POWER9_DD1))) + if (pvr_version_is(PVR_POWER9)) return true; return false; } -static inline bool cxl_is_psl8(struct cxl_afu *afu) +static inline bool cxl_is_power9_dd1(void) { - if (afu->adapter->caia_major == 1) - return true; - return false; -} - -static inline bool cxl_is_psl9(struct cxl_afu *afu) -{ - if (afu->adapter->caia_major == 2) + if ((pvr_version_is(PVR_POWER9)) && + cpu_has_feature(CPU_FTR_POWER9_DD1)) return true; return false; } diff --git a/drivers/misc/cxl/fault.c b/drivers/misc/cxl/fault.c index 5344448f514e..c79e39bad7a4 100644 --- a/drivers/misc/cxl/fault.c +++ b/drivers/misc/cxl/fault.c @@ -187,7 +187,7 @@ static struct mm_struct *get_mem_context(struct cxl_context *ctx) static bool cxl_is_segment_miss(struct cxl_context *ctx, u64 dsisr) { - if ((cxl_is_psl8(ctx->afu)) && (dsisr & CXL_PSL_DSISR_An_DS)) + if ((cxl_is_power8() && (dsisr & CXL_PSL_DSISR_An_DS))) return true; return false; @@ -195,16 +195,23 @@ static bool cxl_is_segment_miss(struct cxl_context *ctx, u64 dsisr) static bool cxl_is_page_fault(struct cxl_context *ctx, u64 dsisr) { - if ((cxl_is_psl8(ctx->afu)) && (dsisr & CXL_PSL_DSISR_An_DM)) - return true; + u64 crs; /* Translation Checkout Response Status */ - if ((cxl_is_psl9(ctx->afu)) && - ((dsisr & CXL_PSL9_DSISR_An_CO_MASK) & - (CXL_PSL9_DSISR_An_PF_SLR | CXL_PSL9_DSISR_An_PF_RGC | - CXL_PSL9_DSISR_An_PF_RGP | CXL_PSL9_DSISR_An_PF_HRH | - CXL_PSL9_DSISR_An_PF_STEG))) + if ((cxl_is_power8()) && (dsisr & CXL_PSL_DSISR_An_DM)) return true; + if (cxl_is_power9()) { + crs = (dsisr & CXL_PSL9_DSISR_An_CO_MASK); + if ((crs == CXL_PSL9_DSISR_An_PF_SLR) || + (crs == CXL_PSL9_DSISR_An_PF_RGC) || + (crs == CXL_PSL9_DSISR_An_PF_RGP) || + (crs == CXL_PSL9_DSISR_An_PF_HRH) || + (crs == CXL_PSL9_DSISR_An_PF_STEG) || + (crs == CXL_PSL9_DSISR_An_URTCH)) { + return true; + } + } + return false; } diff --git a/drivers/misc/cxl/main.c b/drivers/misc/cxl/main.c index 1703655072b1..c1ba0d42cbc8 100644 --- a/drivers/misc/cxl/main.c +++ b/drivers/misc/cxl/main.c @@ -329,8 +329,15 @@ static int __init init_cxl(void) cxl_debugfs_init(); - if ((rc = register_cxl_calls(&cxl_calls))) - goto err; + /* + * we don't register the callback on P9. slb callack is only + * used for the PSL8 MMU and CX4. + */ + if (cxl_is_power8()) { + rc = register_cxl_calls(&cxl_calls); + if (rc) + goto err; + } if (cpu_has_feature(CPU_FTR_HVMODE)) { cxl_ops = &cxl_native_ops; @@ -347,7 +354,8 @@ static int __init init_cxl(void) return 0; err1: - unregister_cxl_calls(&cxl_calls); + if (cxl_is_power8()) + unregister_cxl_calls(&cxl_calls); err: cxl_debugfs_exit(); cxl_file_exit(); @@ -366,7 +374,8 @@ static void exit_cxl(void) cxl_debugfs_exit(); cxl_file_exit(); - unregister_cxl_calls(&cxl_calls); + if (cxl_is_power8()) + unregister_cxl_calls(&cxl_calls); idr_destroy(&cxl_adapter_idr); } diff --git a/drivers/misc/cxl/native.c b/drivers/misc/cxl/native.c index 8d6ea9712dbd..2b2f8894149d 100644 --- a/drivers/misc/cxl/native.c +++ b/drivers/misc/cxl/native.c @@ -105,11 +105,16 @@ static int native_afu_reset(struct cxl_afu *afu) CXL_AFU_Cntl_An_RS_MASK | CXL_AFU_Cntl_An_ES_MASK, false); - /* Re-enable any masked interrupts */ - serr = cxl_p1n_read(afu, CXL_PSL_SERR_An); - serr &= ~CXL_PSL_SERR_An_IRQ_MASKS; - cxl_p1n_write(afu, CXL_PSL_SERR_An, serr); - + /* + * Re-enable any masked interrupts when the AFU is not + * activated to avoid side effects after attaching a process + * in dedicated mode. + */ + if (afu->current_mode == 0) { + serr = cxl_p1n_read(afu, CXL_PSL_SERR_An); + serr &= ~CXL_PSL_SERR_An_IRQ_MASKS; + cxl_p1n_write(afu, CXL_PSL_SERR_An, serr); + } return rc; } @@ -139,9 +144,9 @@ int cxl_psl_purge(struct cxl_afu *afu) pr_devel("PSL purge request\n"); - if (cxl_is_psl8(afu)) + if (cxl_is_power8()) trans_fault = CXL_PSL_DSISR_TRANS; - if (cxl_is_psl9(afu)) + if (cxl_is_power9()) trans_fault = CXL_PSL9_DSISR_An_TF; if (!cxl_ops->link_ok(afu->adapter, afu)) { @@ -603,7 +608,7 @@ static u64 calculate_sr(struct cxl_context *ctx) if (!test_tsk_thread_flag(current, TIF_32BIT)) sr |= CXL_PSL_SR_An_SF; } - if (cxl_is_psl9(ctx->afu)) { + if (cxl_is_power9()) { if (radix_enabled()) sr |= CXL_PSL_SR_An_XLAT_ror; else @@ -1117,10 +1122,10 @@ static irqreturn_t native_handle_psl_slice_error(struct cxl_context *ctx, static bool cxl_is_translation_fault(struct cxl_afu *afu, u64 dsisr) { - if ((cxl_is_psl8(afu)) && (dsisr & CXL_PSL_DSISR_TRANS)) + if ((cxl_is_power8()) && (dsisr & CXL_PSL_DSISR_TRANS)) return true; - if ((cxl_is_psl9(afu)) && (dsisr & CXL_PSL9_DSISR_An_TF)) + if ((cxl_is_power9()) && (dsisr & CXL_PSL9_DSISR_An_TF)) return true; return false; @@ -1194,10 +1199,10 @@ static void native_irq_wait(struct cxl_context *ctx) if (ph != ctx->pe) return; dsisr = cxl_p2n_read(ctx->afu, CXL_PSL_DSISR_An); - if (cxl_is_psl8(ctx->afu) && + if (cxl_is_power8() && ((dsisr & CXL_PSL_DSISR_PENDING) == 0)) return; - if (cxl_is_psl9(ctx->afu) && + if (cxl_is_power9() && ((dsisr & CXL_PSL9_DSISR_PENDING) == 0)) return; /* diff --git a/drivers/misc/cxl/pci.c b/drivers/misc/cxl/pci.c index 6dc1ee5b92c9..1eb9859809bf 100644 --- a/drivers/misc/cxl/pci.c +++ b/drivers/misc/cxl/pci.c @@ -436,7 +436,7 @@ static int init_implementation_adapter_regs_psl9(struct cxl *adapter, struct pci /* nMMU_ID Defaults to: b’000001001’*/ xsl_dsnctl |= ((u64)0x09 << (63-28)); - if (cxl_is_power9() && !cpu_has_feature(CPU_FTR_POWER9_DD1)) { + if (!(cxl_is_power9_dd1())) { /* * Used to identify CAPI packets which should be sorted into * the Non-Blocking queues by the PHB. This field should match @@ -491,7 +491,7 @@ static int init_implementation_adapter_regs_psl9(struct cxl *adapter, struct pci cxl_p1_write(adapter, CXL_PSL9_APCDEDTYPE, 0x40000003FFFF0000ULL); /* Disable vc dd1 fix */ - if ((cxl_is_power9() && cpu_has_feature(CPU_FTR_POWER9_DD1))) + if (cxl_is_power9_dd1()) cxl_p1_write(adapter, CXL_PSL9_GP_CT, 0x0400000000000001ULL); return 0; @@ -1439,8 +1439,7 @@ int cxl_pci_reset(struct cxl *adapter) * The adapter is about to be reset, so ignore errors. * Not supported on P9 DD1 */ - if ((cxl_is_power8()) || - ((cxl_is_power9() && !cpu_has_feature(CPU_FTR_POWER9_DD1)))) + if ((cxl_is_power8()) || (!(cxl_is_power9_dd1()))) cxl_data_cache_flush(adapter); /* pcie_warm_reset requests a fundamental pci reset which includes a @@ -1750,7 +1749,6 @@ static const struct cxl_service_layer_ops psl9_ops = { .debugfs_add_adapter_regs = cxl_debugfs_add_adapter_regs_psl9, .debugfs_add_afu_regs = cxl_debugfs_add_afu_regs_psl9, .psl_irq_dump_registers = cxl_native_irq_dump_regs_psl9, - .err_irq_dump_registers = cxl_native_err_irq_dump_regs, .debugfs_stop_trace = cxl_stop_trace_psl9, .write_timebase_ctrl = write_timebase_ctrl_psl9, .timebase_read = timebase_read_psl9, @@ -1889,8 +1887,7 @@ static void cxl_pci_remove_adapter(struct cxl *adapter) * Flush adapter datacache as its about to be removed. * Not supported on P9 DD1. */ - if ((cxl_is_power8()) || - ((cxl_is_power9() && !cpu_has_feature(CPU_FTR_POWER9_DD1)))) + if ((cxl_is_power8()) || (!(cxl_is_power9_dd1()))) cxl_data_cache_flush(adapter); cxl_deconfigure_adapter(adapter); -- cgit v1.2.3