On Maandag 31 Januar 2005 22:35, Brian King wrote:
> Matthew Wilcox wrote:
> > Basically, ppc64's config ops are broken and need to check the offset
> > being read. Here's i386:
> >
> > static int pci_conf1_write (int seg, int bus, int devfn, int reg, int len,
> > u32 v
> > alue)
> > {
> > unsigned long flags;
> >
> > if ((bus > 255) || (devfn > 255) || (reg > 255))
> > return -EINVAL;
>
> Here is a pure ppc64 implementation that does this.
Actually, it doesn't:
> +static int config_access_valid(struct device_node *dn, int where)
> +{
> + struct device_node *hose_dn = dn->phb->arch_data;
> +
> + if (where < 256 || hose_dn->pci_ext_config_space)
> + return 1;
This needs a check for (where < 4096) in case of PCIe or PCI-X.
> @@ -62,6 +72,8 @@ static int rtas_read_config(struct devic
> return PCIBIOS_DEVICE_NOT_FOUND;
> if (where & (size - 1))
> return PCIBIOS_BAD_REGISTER_NUMBER;
> + if (!config_access_valid(dn, where))
> + return PCIBIOS_BAD_REGISTER_NUMBER;
>
> addr = (dn->busno << 16) | (dn->devfn << 8) | where;
addr is still wrong, see my previous mail.
> @@ -110,6 +122,8 @@ static int rtas_write_config(struct devi
> return PCIBIOS_DEVICE_NOT_FOUND;
> if (where & (size - 1))
> return PCIBIOS_BAD_REGISTER_NUMBER;
> + if (!config_access_valid(dn, where))
> + return PCIBIOS_BAD_REGISTER_NUMBER;
>
> addr = (dn->busno << 16) | (dn->devfn << 8) | where;
same here
> @@ -285,6 +309,7 @@ static int __devinit setup_phb(struct de
> phb->arch_data = dev;
> phb->ops = &rtas_pci_ops;
> phb->buid = get_phb_buid(dev);
> + get_phb_config_space_type(dev);
>
> return 0;
> }
Isn't the config space size a property of the PCI device instead of the
host bridge? For a PCI device behind a PCIe host bridge, this could
still lead to an incorrect config space accesses.
Arnd <><
PS: I got a permanent fatal error from <[EMAIL PROTECTED]>, does
that list actually exist?
pgpiwTKnAFNtl.pgp
Description: signature
