diff mbox series

[1/2] ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure

Message ID 20210421164317.1718831-2-maz@kernel.org (mailing list archive)
State Not Applicable, archived
Headers show
Series arm64: ACPI GTDT watchdog fixes | expand

Commit Message

Marc Zyngier April 21, 2021, 4:43 p.m. UTC
When failing the driver probe because of invalid firmware properties,
the GTDT driver unmaps the interrupt that it mapped earlier.

However, it never checks whether the mapping of the interrupt actially
succeeded. Even more, should the firmware report an illegal interrupt
number that overlaps with the GIC SGI range, this can result in an
IPI being unmapped, and subsequent fireworks (as reported by Dann
Frazier).

Rework the driver to have a slightly saner behaviour and actually
check whether the interrupt has been mapped before unmapping things.

Reported-by: dann frazier <dann.frazier@canonical.com>
Fixes: ca9ae5ec4ef0 ("acpi/arm64: Add SBSA Generic Watchdog support in GTDT driver")
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/YH87dtTfwYgavusz@xps13.dannf
Cc: stable@vgerlkernel.org
Cc: Fu Wei <wefu@redhat.com>
---
 drivers/acpi/arm64/gtdt.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

Comments

Sudeep Holla April 21, 2021, 5:14 p.m. UTC | #1
On Wed, Apr 21, 2021 at 05:43:16PM +0100, Marc Zyngier wrote:
> When failing the driver probe because of invalid firmware properties,
> the GTDT driver unmaps the interrupt that it mapped earlier.
> 
> However, it never checks whether the mapping of the interrupt actially
> succeeded. Even more, should the firmware report an illegal interrupt
> number that overlaps with the GIC SGI range, this can result in an
> IPI being unmapped, and subsequent fireworks (as reported by Dann
> Frazier).
> 
> Rework the driver to have a slightly saner behaviour and actually
> check whether the interrupt has been mapped before unmapping things.
>

Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
Sudeep Holla April 21, 2021, 5:20 p.m. UTC | #2
(with stable email fixed, but may need separate posting anyways)

On Wed, Apr 21, 2021 at 05:43:16PM +0100, Marc Zyngier wrote:
> When failing the driver probe because of invalid firmware properties,
> the GTDT driver unmaps the interrupt that it mapped earlier.
> 
> However, it never checks whether the mapping of the interrupt actially
> succeeded. Even more, should the firmware report an illegal interrupt
> number that overlaps with the GIC SGI range, this can result in an
> IPI being unmapped, and subsequent fireworks (as reported by Dann
> Frazier).
> 
> Rework the driver to have a slightly saner behaviour and actually
> check whether the interrupt has been mapped before unmapping things.
> 
> Reported-by: dann frazier <dann.frazier@canonical.com>
> Fixes: ca9ae5ec4ef0 ("acpi/arm64: Add SBSA Generic Watchdog support in GTDT driver")
> Signed-off-by: Marc Zyngier <maz@kernel.org>
> Link: https://lore.kernel.org/r/YH87dtTfwYgavusz@xps13.dannf
> Cc: stable@vgerlkernel.org
                ^^^

I thought I messed up while replying with my fat fingers, but here is the
culprit. I got mail delivery failure to my reply, thought I will let you
know as it may be difficult to notice this when using git send-email.
Marc Zyngier April 21, 2021, 5:57 p.m. UTC | #3
On Wed, 21 Apr 2021 18:20:56 +0100,
Sudeep Holla <sudeep.holla@arm.com> wrote:
> 
> (with stable email fixed, but may need separate posting anyways)
> 
> On Wed, Apr 21, 2021 at 05:43:16PM +0100, Marc Zyngier wrote:
> > When failing the driver probe because of invalid firmware properties,
> > the GTDT driver unmaps the interrupt that it mapped earlier.
> > 
> > However, it never checks whether the mapping of the interrupt actially
> > succeeded. Even more, should the firmware report an illegal interrupt
> > number that overlaps with the GIC SGI range, this can result in an
> > IPI being unmapped, and subsequent fireworks (as reported by Dann
> > Frazier).
> > 
> > Rework the driver to have a slightly saner behaviour and actually
> > check whether the interrupt has been mapped before unmapping things.
> > 
> > Reported-by: dann frazier <dann.frazier@canonical.com>
> > Fixes: ca9ae5ec4ef0 ("acpi/arm64: Add SBSA Generic Watchdog support in GTDT driver")
> > Signed-off-by: Marc Zyngier <maz@kernel.org>
> > Link: https://lore.kernel.org/r/YH87dtTfwYgavusz@xps13.dannf
> > Cc: stable@vgerlkernel.org
>                 ^^^
> 
> I thought I messed up while replying with my fat fingers, but here is the
> culprit. I got mail delivery failure to my reply, thought I will let you
> know as it may be difficult to notice this when using git send-email.

I'm definitely the one with very fat fingers. I'll fix the patch in my
tree.

Thanks for the heads up,

	M.
diff mbox series

Patch

diff --git a/drivers/acpi/arm64/gtdt.c b/drivers/acpi/arm64/gtdt.c
index f2d0e5915dab..0a0a982f9c28 100644
--- a/drivers/acpi/arm64/gtdt.c
+++ b/drivers/acpi/arm64/gtdt.c
@@ -329,7 +329,7 @@  static int __init gtdt_import_sbsa_gwdt(struct acpi_gtdt_watchdog *wd,
 					int index)
 {
 	struct platform_device *pdev;
-	int irq = map_gt_gsi(wd->timer_interrupt, wd->timer_flags);
+	int irq;
 
 	/*
 	 * According to SBSA specification the size of refresh and control
@@ -338,7 +338,7 @@  static int __init gtdt_import_sbsa_gwdt(struct acpi_gtdt_watchdog *wd,
 	struct resource res[] = {
 		DEFINE_RES_MEM(wd->control_frame_address, SZ_4K),
 		DEFINE_RES_MEM(wd->refresh_frame_address, SZ_4K),
-		DEFINE_RES_IRQ(irq),
+		{},
 	};
 	int nr_res = ARRAY_SIZE(res);
 
@@ -348,10 +348,11 @@  static int __init gtdt_import_sbsa_gwdt(struct acpi_gtdt_watchdog *wd,
 
 	if (!(wd->refresh_frame_address && wd->control_frame_address)) {
 		pr_err(FW_BUG "failed to get the Watchdog base address.\n");
-		acpi_unregister_gsi(wd->timer_interrupt);
 		return -EINVAL;
 	}
 
+	irq = map_gt_gsi(wd->timer_interrupt, wd->timer_flags);
+	res[2] = (struct resource)DEFINE_RES_IRQ(irq);
 	if (irq <= 0) {
 		pr_warn("failed to map the Watchdog interrupt.\n");
 		nr_res--;
@@ -364,7 +365,8 @@  static int __init gtdt_import_sbsa_gwdt(struct acpi_gtdt_watchdog *wd,
 	 */
 	pdev = platform_device_register_simple("sbsa-gwdt", index, res, nr_res);
 	if (IS_ERR(pdev)) {
-		acpi_unregister_gsi(wd->timer_interrupt);
+		if (irq > 0)
+			acpi_unregister_gsi(wd->timer_interrupt);
 		return PTR_ERR(pdev);
 	}