On Thu, 2024-10-31 at 14:42 +0100, Takashi Iwai wrote:
> pcim_intx() tries to restore the INTx bit at removal via devres, but
> there is a chance that it restores a wrong value.
> Because the value to be restored is blindly assumed to be the
> negative
> of the enable argument, when a driver calls pcim_intx() unnecessarily
> for the already enabled state, it'll restore to the disabled state in
> turn. That is, the function assumes the case like:
>
> // INTx == 1
> pcim_intx(pdev, 0); // old INTx value assumed to be 1 -> correct
>
> but it might be like the following, too:
>
> // INTx == 0
> pcim_intx(pdev, 0); // old INTx value assumed to be 1 -> wrong
>
> Also, when a driver calls pcim_intx() multiple times with different
> enable argument values, the last one will win no matter what value it
> is. This can lead to inconsistency, e.g.
>
> // INTx == 1
> pcim_intx(pdev, 0); // OK
> ...
> pcim_intx(pdev, 1); // now old INTx wrongly assumed to be 0
>
> This patch addresses those inconsistencies by saving the original
> INTx state at the first pcim_intx() call. For that,
> get_or_create_intx_devres() is folded into pcim_intx() caller side;
> it allows us to simply check the already allocated devres and record
> the original INTx along with the devres_alloc() call.
>
> Fixes: 25216afc9db5 ("PCI: Add managed pcim_intx()")
> Cc: stable@xxxxxxxxxxxxxxx # 6.11+
> Link: https://lore.kernel.org/87v7xk2ps5.wl-tiwai@xxxxxxx
> Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
Reviewed-by: Philipp Stanner <pstanner@xxxxxxxxxx>
Nice!
> ---
> v1->v2: refactoring, fold get_or_create_intx_devres() into the caller
> instead of retrieving the original INTx there.
> Also add comments and improve the patch description.
>
> drivers/pci/devres.c | 34 +++++++++++++++++++---------------
> 1 file changed, 19 insertions(+), 15 deletions(-)
>
> diff --git a/drivers/pci/devres.c b/drivers/pci/devres.c
> index b133967faef8..c93d4d4499a0 100644
> --- a/drivers/pci/devres.c
> +++ b/drivers/pci/devres.c
> @@ -438,19 +438,12 @@ static void pcim_intx_restore(struct device
> *dev, void *data)
> __pcim_intx(pdev, res->orig_intx);
> }
>
> -static struct pcim_intx_devres *get_or_create_intx_devres(struct
> device *dev)
> +static void save_orig_intx(struct pci_dev *pdev, struct
> pcim_intx_devres *res)
> {
> - struct pcim_intx_devres *res;
> + u16 pci_command;
>
> - res = devres_find(dev, pcim_intx_restore, NULL, NULL);
> - if (res)
> - return res;
> -
> - res = devres_alloc(pcim_intx_restore, sizeof(*res),
> GFP_KERNEL);
> - if (res)
> - devres_add(dev, res);
> -
> - return res;
> + pci_read_config_word(pdev, PCI_COMMAND, &pci_command);
> + res->orig_intx = !(pci_command & PCI_COMMAND_INTX_DISABLE);
> }
>
> /**
> @@ -466,12 +459,23 @@ static struct pcim_intx_devres
> *get_or_create_intx_devres(struct device *dev)
> int pcim_intx(struct pci_dev *pdev, int enable)
> {
> struct pcim_intx_devres *res;
> + struct device *dev = &pdev->dev;
>
> - res = get_or_create_intx_devres(&pdev->dev);
> - if (!res)
> - return -ENOMEM;
> + /*
> + * pcim_intx() must only restore the INTx value that existed
> before the
> + * driver was loaded, i.e., before it called pcim_intx() for
> the
> + * first time.
> + */
> + res = devres_find(dev, pcim_intx_restore, NULL, NULL);
> + if (!res) {
> + res = devres_alloc(pcim_intx_restore, sizeof(*res),
> GFP_KERNEL);
> + if (!res)
> + return -ENOMEM;
> +
> + save_orig_intx(pdev, res);
> + devres_add(dev, res);
> + }
>
> - res->orig_intx = !enable;
> __pcim_intx(pdev, enable);
>
> return 0;
