d1de05f20c
commit b1a504a6500df50e83b701b7946b34fce27ad8a3 upstream.
When a CPU is brought up, an IPI number is allocated and recorded
under the XIVE CPU structure. Invalid IPI numbers are tracked with
interrupt number 0x0.
On the PowerNV platform, the interrupt number space starts at 0x10 and
this works fine. However, on the sPAPR platform, it is possible to
allocate the interrupt number 0x0 and this raises an issue when CPU 0
is unplugged. The XIVE spapr driver tracks allocated interrupt numbers
in a bitmask and it is not correctly updated when interrupt number 0x0
is freed. It stays allocated and it is then impossible to reallocate.
Fix by using the XIVE_BAD_IRQ value instead of zero on both platforms.
Reported-by: David Gibson <david@gibson.dropbear.id.au>
Fixes: eac1e731b5 ("powerpc/xive: guest exploitation of the XIVE interrupt controller")
Cc: stable@vger.kernel.org # v4.14+
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200306150143.5551-2-clg@kaod.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
77 lines
2.2 KiB
C
77 lines
2.2 KiB
C
/*
|
|
* Copyright 2016,2017 IBM Corporation.
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
#ifndef __XIVE_INTERNAL_H
|
|
#define __XIVE_INTERNAL_H
|
|
|
|
/*
|
|
* A "disabled" interrupt should never fire, to catch problems
|
|
* we set its logical number to this
|
|
*/
|
|
#define XIVE_BAD_IRQ 0x7fffffff
|
|
#define XIVE_MAX_IRQ (XIVE_BAD_IRQ - 1)
|
|
|
|
/* Each CPU carry one of these with various per-CPU state */
|
|
struct xive_cpu {
|
|
#ifdef CONFIG_SMP
|
|
/* HW irq number and data of IPI */
|
|
u32 hw_ipi;
|
|
struct xive_irq_data ipi_data;
|
|
#endif /* CONFIG_SMP */
|
|
|
|
int chip_id;
|
|
|
|
/* Queue datas. Only one is populated */
|
|
#define XIVE_MAX_QUEUES 8
|
|
struct xive_q queue[XIVE_MAX_QUEUES];
|
|
|
|
/*
|
|
* Pending mask. Each bit corresponds to a priority that
|
|
* potentially has pending interrupts.
|
|
*/
|
|
u8 pending_prio;
|
|
|
|
/* Cache of HW CPPR */
|
|
u8 cppr;
|
|
};
|
|
|
|
/* Backend ops */
|
|
struct xive_ops {
|
|
int (*populate_irq_data)(u32 hw_irq, struct xive_irq_data *data);
|
|
int (*configure_irq)(u32 hw_irq, u32 target, u8 prio, u32 sw_irq);
|
|
int (*setup_queue)(unsigned int cpu, struct xive_cpu *xc, u8 prio);
|
|
void (*cleanup_queue)(unsigned int cpu, struct xive_cpu *xc, u8 prio);
|
|
void (*setup_cpu)(unsigned int cpu, struct xive_cpu *xc);
|
|
void (*teardown_cpu)(unsigned int cpu, struct xive_cpu *xc);
|
|
bool (*match)(struct device_node *np);
|
|
void (*shutdown)(void);
|
|
|
|
void (*update_pending)(struct xive_cpu *xc);
|
|
void (*eoi)(u32 hw_irq);
|
|
void (*sync_source)(u32 hw_irq);
|
|
u64 (*esb_rw)(u32 hw_irq, u32 offset, u64 data, bool write);
|
|
#ifdef CONFIG_SMP
|
|
int (*get_ipi)(unsigned int cpu, struct xive_cpu *xc);
|
|
void (*put_ipi)(unsigned int cpu, struct xive_cpu *xc);
|
|
#endif
|
|
const char *name;
|
|
};
|
|
|
|
bool xive_core_init(const struct xive_ops *ops, void __iomem *area, u32 offset,
|
|
u8 max_prio);
|
|
__be32 *xive_queue_page_alloc(unsigned int cpu, u32 queue_shift);
|
|
|
|
static inline u32 xive_alloc_order(u32 queue_shift)
|
|
{
|
|
return (queue_shift > PAGE_SHIFT) ? (queue_shift - PAGE_SHIFT) : 0;
|
|
}
|
|
|
|
extern bool xive_cmdline_disabled;
|
|
|
|
#endif /* __XIVE_INTERNAL_H */
|