[PATCH 4.19 017/114] powerpc/powernv/ioda: Fix race in TCE level allocation

From: Greg Kroah-Hartman
Date: Thu Oct 10 2019 - 04:59:02 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.19 010/114] nbd: fix max number of supported devs"
Previous message: Greg Kroah-Hartman: "[PATCH 4.19 020/114] tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file"
In reply to: Greg Kroah-Hartman: "[PATCH 4.19 020/114] tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.19 010/114] nbd: fix max number of supported devs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexey Kardashevskiy <aik@xxxxxxxxx>

commit 56090a3902c80c296e822d11acdb6a101b322c52 upstream.

pnv_tce() returns a pointer to a TCE entry and originally a TCE table
would be pre-allocated. For the default case of 2GB window the table
needs only a single level and that is fine. However if more levels are
requested, it is possible to get a race when 2 threads want a pointer
to a TCE entry from the same page of TCEs.

This adds cmpxchg to handle the race. Note that once TCE is non-zero,
it cannot become zero again.

Fixes: a68bd1267b72 ("powerpc/powernv/ioda: Allocate indirect TCE levels on demand")
CC: stable@xxxxxxxxxxxxxxx # v4.19+
Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxxxx>
Signed-off-by: Michael Ellerman <mpe@xxxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/20190718051139.74787-2-aik@xxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
arch/powerpc/platforms/powernv/pci-ioda-tce.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)

--- a/arch/powerpc/platforms/powernv/pci-ioda-tce.c
+++ b/arch/powerpc/platforms/powernv/pci-ioda-tce.c
@@ -49,6 +49,9 @@ static __be64 *pnv_alloc_tce_level(int n
return addr;
}

+static void pnv_pci_ioda2_table_do_free_pages(__be64 *addr,
+ unsigned long size, unsigned int levels);
+
static __be64 *pnv_tce(struct iommu_table *tbl, bool user, long idx, bool alloc)
{
__be64 *tmp = user ? tbl->it_userspace : (__be64 *) tbl->it_base;
@@ -58,9 +61,9 @@ static __be64 *pnv_tce(struct iommu_tabl

while (level) {
int n = (idx & mask) >> (level * shift);
- unsigned long tce;
+ unsigned long oldtce, tce = be64_to_cpu(READ_ONCE(tmp[n]));

- if (tmp[n] == 0) {
+ if (!tce) {
__be64 *tmp2;

if (!alloc)
@@ -71,10 +74,15 @@ static __be64 *pnv_tce(struct iommu_tabl
if (!tmp2)
return NULL;

- tmp[n] = cpu_to_be64(__pa(tmp2) |
- TCE_PCI_READ | TCE_PCI_WRITE);
+ tce = __pa(tmp2) | TCE_PCI_READ | TCE_PCI_WRITE;
+ oldtce = be64_to_cpu(cmpxchg(&tmp[n], 0,
+ cpu_to_be64(tce)));
+ if (oldtce) {
+ pnv_pci_ioda2_table_do_free_pages(tmp2,
+ ilog2(tbl->it_level_size) + 3, 1);
+ tce = oldtce;
+ }
}
- tce = be64_to_cpu(tmp[n]);

tmp = __va(tce & ~(TCE_PCI_READ | TCE_PCI_WRITE));
idx &= ~mask;

Next message: Greg Kroah-Hartman: "[PATCH 4.19 010/114] nbd: fix max number of supported devs"
Previous message: Greg Kroah-Hartman: "[PATCH 4.19 020/114] tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file"
In reply to: Greg Kroah-Hartman: "[PATCH 4.19 020/114] tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.19 010/114] nbd: fix max number of supported devs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]