Re: [PATCH] mbigen: don't clear eventid when free_irq

[Chen Jianguo]

Hi Marc
On 2019/3/21 17:11, Marc Zyngier wrote:
On Sat, 16 Mar 2019 11:15:03 +0000
chenjianguo <chenjiang...@huawei.com> wrote:

From: Jianguo Chen <chenjiang...@huawei.com>

mbigen_write_msg clears eventid bits of a mbigen register
when free a interrupt, because msi_domain_deactivate memset
struct msg to zero. Then multiple mbigen pins with zero eventid
will report the same interrupt number.

The eventid clear call trace:
                free_irq
                __free_irq
                irq_shutdown
                irq_domain_deactivate_irq
                __irq_domain_deactivate_irq
                __irq_domain_deactivate_irq
                msi_domain_deactivate
                platform_msi_write_msg
                mbigen_write_msg

Signed-off-by: Jianguo Chen <chenjiang...@huawei.com>
---
  drivers/irqchip/irq-mbigen.c | 3 +++
  1 file changed, 3 insertions(+)

diff --git a/drivers/irqchip/irq-mbigen.c b/drivers/irqchip/irq-mbigen.c
index 567b29c..fad7291 100644
--- a/drivers/irqchip/irq-mbigen.c
+++ b/drivers/irqchip/irq-mbigen.c
@@ -161,6 +161,9 @@ static void mbigen_write_msg(struct msi_desc *desc,
struct msi_msg *msg)
        void __iomem *base = d->chip_data;
        u32 val;

+       if (!msg->address_lo && !msg->address_hi)
+               return;
+
        base += get_mbigen_vec_reg(d->hwirq);
        val = readl_relaxed(base);


For whatever reason, I couldn't apply this patch (even when fishing a
copy of this email from the archives). It seems to be corrupted is
various ways, so I had to write the patch from scratch, which is not the
most reliable way to work. Good thing this was something trivial, I
wouldn't do it for something more complicated.

In the future, please make sure to use 'git send-email' to send your
patches, as it is known to work correctly.

Thanks,

        M.


 Mbigen vector register and pin structure shows as below:

        event id       0      1     2          127
   vector register    reg0  reg1  reg2       reg127
                        |     |     |           |
          MBIGEN        pin0  pin1  pin2  ...  pin127
                        |-----|-----|-----|-----|
                        |     |     |     |     |
      device interrupt num0 num1  num2       num127

Suppose a device driver requested irq num0 and num1 at the beginning, 
and for some reason it freed irq num1, mbigen_write_msg will write reg1 
with event id 0. Then the pin1 probably mistakenly report interrupt num0 
to device driver if there is a signal on the pin.


        event id       0      0     2          127
   vector register    reg0  reg1  reg2       reg127
                        |     |     |           |
          MBIGEN        pin0  pin1  pin2  ...  pin127
                        |-----|-----|-----|-----|
                        |     |     |     |     |
        device interrup num0 num1  num2       num127            

Thanks,
        Jianguo Chen