From 8dde152ea34860403c839598bdef3f07239eb25a Mon Sep 17 00:00:00 2001 From: Andrew Donnellan Date: Wed, 30 Sep 2015 11:58:05 +1000 Subject: cxl: fix leak of IRQ names in cxl_free_afu_irqs() cxl_free_afu_irqs() doesn't free IRQ names when it releases an AFU's IRQ ranges. The userspace API equivalent in afu_release_irqs() calls afu_irq_name_free() to release the IRQ names. Call afu_irq_name_free() in cxl_free_afu_irqs() to release the IRQ names. Make afu_irq_name_free() non-static to allow this. Reported-by: Matthew R. Ochs Fixes: 6f7f0b3df6d4 ("cxl: Add AFU virtual PHB and kernel API") Signed-off-by: Andrew Donnellan Signed-off-by: Ian Munsie Reviewed-by: Matthew R. Ochs Signed-off-by: Michael Ellerman --- drivers/misc/cxl/api.c | 1 + drivers/misc/cxl/cxl.h | 1 + drivers/misc/cxl/irq.c | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) (limited to 'drivers/misc') diff --git a/drivers/misc/cxl/api.c b/drivers/misc/cxl/api.c index 8af12c8..103baf0 100644 --- a/drivers/misc/cxl/api.c +++ b/drivers/misc/cxl/api.c @@ -105,6 +105,7 @@ EXPORT_SYMBOL_GPL(cxl_allocate_afu_irqs); void cxl_free_afu_irqs(struct cxl_context *ctx) { + afu_irq_name_free(ctx); cxl_release_irq_ranges(&ctx->irqs, ctx->afu->adapter); } EXPORT_SYMBOL_GPL(cxl_free_afu_irqs); diff --git a/drivers/misc/cxl/cxl.h b/drivers/misc/cxl/cxl.h index 1c30ef7..0cfb9c1 100644 --- a/drivers/misc/cxl/cxl.h +++ b/drivers/misc/cxl/cxl.h @@ -677,6 +677,7 @@ int cxl_register_serr_irq(struct cxl_afu *afu); void cxl_release_serr_irq(struct cxl_afu *afu); int afu_register_irqs(struct cxl_context *ctx, u32 count); void afu_release_irqs(struct cxl_context *ctx, void *cookie); +void afu_irq_name_free(struct cxl_context *ctx); irqreturn_t cxl_slice_irq_err(int irq, void *data); int cxl_debugfs_init(void); diff --git a/drivers/misc/cxl/irq.c b/drivers/misc/cxl/irq.c index 583b42a..38b57d6 100644 --- a/drivers/misc/cxl/irq.c +++ b/drivers/misc/cxl/irq.c @@ -414,7 +414,7 @@ void cxl_release_psl_irq(struct cxl_afu *afu) kfree(afu->psl_irq_name); } -static void afu_irq_name_free(struct cxl_context *ctx) +void afu_irq_name_free(struct cxl_context *ctx) { struct cxl_irq_name *irq_name, *tmp; -- cgit v1.1 From 52adee580d3c71a0dfabc3168597421981d68b86 Mon Sep 17 00:00:00 2001 From: Andrew Donnellan Date: Wed, 30 Sep 2015 11:58:06 +1000 Subject: cxl: fix leak of ctx->irq_bitmap when releasing context via kernel API At present, ctx->irq_bitmap is freed in afu_release_irqs(), which is called from afu_release() via cxl_context_detach(). Move the freeing of ctx->irq_bitmap from afu_release_irqs() to reclaim_ctx() (called through cxl_context_free()) so it's freed when releasing a context via the kernel API (cxl_release_context()) or the userspace API (afu_release()). Reported-by: Matthew R. Ochs Fixes: 6f7f0b3df6d4 ("cxl: Add AFU virtual PHB and kernel API") Signed-off-by: Andrew Donnellan Acked-by: Ian Munsie Reviewed-by: Matthew R. Ochs Signed-off-by: Michael Ellerman --- drivers/misc/cxl/context.c | 3 +++ drivers/misc/cxl/irq.c | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'drivers/misc') diff --git a/drivers/misc/cxl/context.c b/drivers/misc/cxl/context.c index e762f85..2faa127 100644 --- a/drivers/misc/cxl/context.c +++ b/drivers/misc/cxl/context.c @@ -275,6 +275,9 @@ static void reclaim_ctx(struct rcu_head *rcu) if (ctx->kernelapi) kfree(ctx->mapping); + if (ctx->irq_bitmap) + kfree(ctx->irq_bitmap); + kfree(ctx); } diff --git a/drivers/misc/cxl/irq.c b/drivers/misc/cxl/irq.c index 38b57d6..09a4060 100644 --- a/drivers/misc/cxl/irq.c +++ b/drivers/misc/cxl/irq.c @@ -524,7 +524,5 @@ void afu_release_irqs(struct cxl_context *ctx, void *cookie) afu_irq_name_free(ctx); cxl_release_irq_ranges(&ctx->irqs, ctx->afu->adapter); - kfree(ctx->irq_bitmap); - ctx->irq_bitmap = NULL; ctx->irq_count = 0; } -- cgit v1.1 From 5f81b95fe2a2de4ec51d46ffd04fa40dfc0cb26a Mon Sep 17 00:00:00 2001 From: Andrew Donnellan Date: Wed, 30 Sep 2015 11:58:07 +1000 Subject: cxl: fix leak of ctx->mapping when releasing kernel API contexts When a context is created via the kernel API, ctx->mapping is allocated within the kernel and thus needs to be freed when the context is freed. reclaim_ctx() attempts to do this for contexts with the ctx->kernelapi flag set, but afu_release() (which can be called from the kernel API through cxl_fd_release()) sets ctx->mapping to NULL before calling cxl_context_free() to free the context. Add a check to afu_release() so that the mappings in contexts created via the kernel API are left alone so reclaim_ctx() can free them. Reported-by: Matthew R. Ochs Fixes: 6f7f0b3df6d4 ("cxl: Add AFU virtual PHB and kernel API") Signed-off-by: Andrew Donnellan Acked-by: Ian Munsie Reviewed-by: Matthew R. Ochs Signed-off-by: Michael Ellerman --- drivers/misc/cxl/file.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'drivers/misc') diff --git a/drivers/misc/cxl/file.c b/drivers/misc/cxl/file.c index a30bf28..7ccd299 100644 --- a/drivers/misc/cxl/file.c +++ b/drivers/misc/cxl/file.c @@ -120,9 +120,16 @@ int afu_release(struct inode *inode, struct file *file) __func__, ctx->pe); cxl_context_detach(ctx); - mutex_lock(&ctx->mapping_lock); - ctx->mapping = NULL; - mutex_unlock(&ctx->mapping_lock); + + /* + * Delete the context's mapping pointer, unless it's created by the + * kernel API, in which case leave it so it can be freed by reclaim_ctx() + */ + if (!ctx->kernelapi) { + mutex_lock(&ctx->mapping_lock); + ctx->mapping = NULL; + mutex_unlock(&ctx->mapping_lock); + } put_device(&ctx->afu->dev); -- cgit v1.1 From d79e6801b1868ff65f4c956d782946c6221a4c1d Mon Sep 17 00:00:00 2001 From: Philippe Bergheaud Date: Fri, 2 Oct 2015 15:23:33 +1000 Subject: cxl: Workaround malformed pcie packets on some cards This works around a pcie host bridge defect on some cards, that can cause malformed Transaction Layer Packet (TLP) errors to be erroneously reported. The upper nibble of the vendor section PSL revision is used to distinguish between different cards. The affected ones have it set to 0. Signed-off-by: Philippe Bergheaud Acked-by: Ian Munsie Signed-off-by: Michael Ellerman --- drivers/misc/cxl/pci.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'drivers/misc') diff --git a/drivers/misc/cxl/pci.c b/drivers/misc/cxl/pci.c index a5e9771..85761d7 100644 --- a/drivers/misc/cxl/pci.c +++ b/drivers/misc/cxl/pci.c @@ -1035,6 +1035,32 @@ static int cxl_read_vsec(struct cxl *adapter, struct pci_dev *dev) return 0; } +/* + * Workaround a PCIe Host Bridge defect on some cards, that can cause + * malformed Transaction Layer Packet (TLP) errors to be erroneously + * reported. Mask this error in the Uncorrectable Error Mask Register. + * + * The upper nibble of the PSL revision is used to distinguish between + * different cards. The affected ones have it set to 0. + */ +static void cxl_fixup_malformed_tlp(struct cxl *adapter, struct pci_dev *dev) +{ + int aer; + u32 data; + + if (adapter->psl_rev & 0xf000) + return; + if (!(aer = pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ERR))) + return; + pci_read_config_dword(dev, aer + PCI_ERR_UNCOR_MASK, &data); + if (data & PCI_ERR_UNC_MALF_TLP) + if (data & PCI_ERR_UNC_INTN) + return; + data |= PCI_ERR_UNC_MALF_TLP; + data |= PCI_ERR_UNC_INTN; + pci_write_config_dword(dev, aer + PCI_ERR_UNCOR_MASK, data); +} + static int cxl_vsec_looks_ok(struct cxl *adapter, struct pci_dev *dev) { if (adapter->vsec_status & CXL_STATUS_SECOND_PORT) @@ -1134,6 +1160,8 @@ static int cxl_configure_adapter(struct cxl *adapter, struct pci_dev *dev) if ((rc = cxl_vsec_looks_ok(adapter, dev))) return rc; + cxl_fixup_malformed_tlp(adapter, dev); + if ((rc = setup_cxl_bars(dev))) return rc; -- cgit v1.1 From 4108efb02daa09cbb5db048ada55a5b021b5183d Mon Sep 17 00:00:00 2001 From: Christophe Lombard Date: Wed, 7 Oct 2015 16:07:40 +1100 Subject: cxl: Fix number of allocated pages in SPA The scheduled process area is currently allocated before assigning the correct maximum processes to the AFU, which will mean we only ever allocate a fixed number of pages for the scheduled process area. This will limit us to 958 processes with 2 x 64K pages. If we try to use more processes than that we'd probably overrun the buffer and corrupt memory or crash. AFUs that require three or more interrupts per process will not be affected as they are already limited to less processes than that, but we could hit it on an AFU that requires 0, 1 or 2 interrupts per process, or when using 4K pages. This patch moves the initialisation of the num_procs to before the SPA allocation so that enough pages will be allocated for the number of processes that the AFU supports. Signed-off-by: Christophe Lombard Signed-off-by: Ian Munsie Cc: # 3.18+ Signed-off-by: Michael Ellerman --- drivers/misc/cxl/native.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/misc') diff --git a/drivers/misc/cxl/native.c b/drivers/misc/cxl/native.c index b37f2e8..d2e75c8 100644 --- a/drivers/misc/cxl/native.c +++ b/drivers/misc/cxl/native.c @@ -457,6 +457,7 @@ static int activate_afu_directed(struct cxl_afu *afu) dev_info(&afu->dev, "Activating AFU directed mode\n"); + afu->num_procs = afu->max_procs_virtualised; if (afu->spa == NULL) { if (cxl_alloc_spa(afu)) return -ENOMEM; @@ -468,7 +469,6 @@ static int activate_afu_directed(struct cxl_afu *afu) cxl_p1n_write(afu, CXL_PSL_ID_An, CXL_PSL_ID_An_F | CXL_PSL_ID_An_L); afu->current_mode = CXL_MODE_DIRECTED; - afu->num_procs = afu->max_procs_virtualised; if ((rc = cxl_chardev_m_afu_add(afu))) return rc; -- cgit v1.1