of/irq: Fix MSI map walk regression and NULL deref in of_msi…#1017
Closed
vijayanandjitta-oss wants to merge 0 commit intoqualcomm-linux:tech/mem/iommufrom
Closed
of/irq: Fix MSI map walk regression and NULL deref in of_msi…#1017vijayanandjitta-oss wants to merge 0 commit intoqualcomm-linux:tech/mem/iommufrom
vijayanandjitta-oss wants to merge 0 commit intoqualcomm-linux:tech/mem/iommufrom
Conversation
|
Please post the fix to upstream. |
vijayanandjitta-oss
force-pushed
the
msi-map-fix
branch
from
0daae7e to
848d19f
Compare
qcomlnxci
requested review from
a team and
quic-guptap
and removed request for
a team
vijayanandjitta-oss
changed the title
quic-guptap
force-pushed
the
tech/mem/iommu
branch
from
e31b170 to
1fa98cb
Compare
vijayanandjitta-oss
force-pushed
the
msi-map-fix
branch
from
33964b4 to
1fa98cb
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Commit a4503c1 ("FROMLIST: of: Factor arguments passed to of_map_id() into a struct") refactored of_map_id() to use an explicit filter_np parameter instead of the dual-purpose struct device_node **target pointer.
The old API distinguished three cases via the double pointer:
In of_msi_xlate(), the call was changed from passing &np (always a non-NULL pointer, with *np initially NULL) to passing *msi_np (the dereferenced value, initially NULL). This collapsed the "pointer-but-no-filter-yet" case into "no filter at all", causing of_map_id() to return 0 (pass-through) instead of -ENODEV when a node has no msi-map property.
Back in of_msi_xlate(), a return value of 0 triggers break, terminating the walk at the first node (e.g., a PCIe port or endpoint) before ever reaching the root complex node that has the msi-map. As a result, *msi_np remains NULL, irq_find_matching_host() returns NULL, and no MSI domain is associated with the device.
This affects all callers that start with *msi_np == NULL:
Additionally, fsl_mc_get_msi_id() passes msi_np == NULL directly to of_msi_xlate(), causing a NULL pointer dereference when the function tries to dereference *msi_np.
Fix both issues in of_msi_xlate():
Walk regression: after of_map_msi_id() returns 0, check msi_spec.np. A NULL np indicates a pass-through result (no msi-map on this node), so continue walking up the device hierarchy rather than breaking.
NULL msi_np: introduce a local fallback pointer using the __free(device_node) cleanup attribute (consistent with existing usage in this file). When msi_np is NULL, np points to local_np instead, allowing the walk to proceed safely. Any reference acquired is released automatically on function return.
This PR picks the v14 series which includes the fix for above issue.
CRs-Fixed: 4513046