lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <867e47dc-9454-c00f-6d80-9718e5705480@linux.intel.com>
Date: Fri, 30 May 2025 17:48:32 +0300 (EEST)
From: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
To: Tudor Ambarus <tudor.ambarus@...aro.org>
cc: Bjorn Helgaas <bhelgaas@...gle.com>, linux-pci@...r.kernel.org, 
    Michał Winiarski <michal.winiarski@...el.com>, 
    Igor Mammedov <imammedo@...hat.com>, LKML <linux-kernel@...r.kernel.org>, 
    Mika Westerberg <mika.westerberg@...ux.intel.com>, 
    William McVicker <willmcvicker@...gle.com>
Subject: Re: [PATCH 24/25] PCI: Perform reset_resource() and build fail list
 in sync

On Fri, 30 May 2025, Ilpo Järvinen wrote:

> On Wed, 28 May 2025, Tudor Ambarus wrote:
> > On 5/6/25 4:53 PM, Ilpo Järvinen wrote:
> > > On Tue, 6 May 2025, Tudor Ambarus wrote:
> > >> On 12/16/24 5:56 PM, Ilpo Järvinen wrote:
> > >>> Resetting resource is problematic as it prevent attempting to allocate
> > >>> the resource later, unless something in between restores the resource.
> > >>> Similarly, if fail_head does not contain all resources that were reset,
> > >>> those resource cannot be restored later.
> > >>>
> > >>> The entire reset/restore cycle adds complexity and leaving resources
> > >>> into reseted state causes issues to other code such as for checks done
> > >>> in pci_enable_resources(). Take a small step towards not resetting
> > >>> resources by delaying reset until the end of resource assignment and
> > >>> build failure list (fail_head) in sync with the reset to avoid leaving
> > >>> behind resources that cannot be restored (for the case where the caller
> > >>> provides fail_head in the first place to allow restore somewhere in the
> > >>> callchain, as is not all callers pass non-NULL fail_head).
> > >>>
> > >>> The Expansion ROM check is temporarily left in place while building the
> > >>> failure list until the upcoming change which reworks optional resource
> > >>> handling.
> > >>>
> > >>> Ideally, whole resource reset could be removed but doing that in a big
> > >>> step would make the impact non-tractable due to complexity of all
> > >>> related code.
> > >>>
> > >>> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
> > >>
> > >> I'm hitting the BUG_ON(!list_empty(&add_list)); in
> > >> pci_assign_unassigned_bus_resources() [1] with 6.15-rc5 and the the
> > >> pixel6 downstream pcie driver.
> > >>
> > >> I saw the thread where "a34d74877c66 PCI: Restore assigned resources
> > >> fully after release" fixes things for some other cases, but it's not the
> > >> case here.
> > >>
> > >> Reverting the following patches fixes the problem:
> > >> a34d74877c66 PCI: Restore assigned resources fully after release
> > >> 2499f5348431 PCI: Rework optional resource handling
> > >> 96336ec70264 PCI: Perform reset_resource() and build fail list in sync
> > > 
> > > So it's confirmed that you needed to revert also this last commit 
> > > 96336ec70264, not just the rework change?
> > 
> > I needed to revert 96336ec70264 as well otherwise the build fails.
> 
> Hi again,
> 
> That's news to me... I seem to have botched the resource assignment rework 
> series at some point when I reordered patches and dropped that helper as a 
> result. And it seems the intermediate build fail wasn't caught by LKP :-(. 
> (Pretty annoying as I intentionally separated these two to make them 
> bisectable but not it isn't without amends.)
> 
> The missing helper is basically this:
> 
> static bool pci_resource_is_disabled_rom(const struct pci_dev *dev, int resno)
> {
> 	const struct resource *res = pci_resource_n(dev, resno);
> 
> 	return resno == PCI_ROM_RESOURCE && !(res->flags & IORESOURCE_ROM_ENABLE)
> }
> 
> (I didn't build test that.)
> 
> Because of this, the actual culprit could be in 2499f5348431, not it 
> 96336ec70264 (which would make more sense as it does significant rework 
> on the assignment algorithm).
> 
> > >> In the working case the add_list list is empty throughout the entire
> > >> body of pci_assign_unassigned_bus_resources().
> > >>
> > >> In the failing case __pci_bus_size_bridges() leaves the add_list not
> > >> empty and __pci_bus_assign_resources() does not consume the list, thus
> > >> the BUG_ON. The failing case contains an extra print that's not shown
> > >> when reverting the blamed commits:
> > >> [   13.951185][ T1101] pcieport 0000:00:00.0: bridge window [mem
> > >> 0x00100000-0x001fffff] to [bus 01-ff] add_size 100000 add_align 100000
> > >>
> > >> I've added some prints trying to describe the code path, see
> > >> https://paste.ofcode.org/Aeu2YBpLztc49ZDw3uUJmd#
> > >>
> > >> Failing case:
> > >> [   13.944231][ T1101] pci 0000:01:00.0: [144d:a5a5] type 00 class
> > >> 0x000000 PCIe Endpoint
> > >> [   13.944412][ T1101] pci 0000:01:00.0: BAR 0 [mem
> > >> 0x00000000-0x000fffff 64bit]
> > >> [   13.944532][ T1101] pci 0000:01:00.0: ROM [mem 0x00000000-0x0000ffff
> > >> pref]
> > >> [   13.944649][ T1101] pci 0000:01:00.0: enabling Extended Tags
> > >> [   13.944844][ T1101] pci 0000:01:00.0: PME# supported from D0 D3hot D3cold
> > >> [   13.945015][ T1101] pci 0000:01:00.0: 15.752 Gb/s available PCIe
> > >> bandwidth, limited by 8.0 GT/s PCIe x2 link at 0000:00:00.0 (capable of
> > >> 31.506 Gb/s with 16.0 GT/s PCIe x2 link)
> > >> [   13.950616][ T1101] __pci_bus_size_bridges: before pbus_size_mem.
> > >> list empty? 1
> > >> [   13.950784][ T1101] pbus_size_mem: 2. list empty? 1
> > >> [   13.950886][ T1101] pbus_size_mem: 1 list empty? 0
> > >> [   13.950982][ T1101] pbus_size_mem: 3. list empty? 0
> > >> [   13.951082][ T1101] pbus_size_mem: 4. list empty? 0
> > >> [   13.951185][ T1101] pcieport 0000:00:00.0: bridge window [mem
> > >> 0x00100000-0x001fffff] to [bus 01-ff] add_size 100000 add_align 100000
> > >> [   13.951448][ T1101] __pci_bus_size_bridges: after pbus_size_mem. list
> > >> empty? 0
> > >> [   13.951643][ T1101] pci_assign_unassigned_bus_resources: before
> > >> __pci_bus_assign_resources -> list empty? 0
> > >> [   13.951924][ T1101] pcieport 0000:00:00.0: bridge window [mem
> > >> 0x40000000-0x401fffff]: assigned
> > >> [   13.952248][ T1101] pci_assign_unassigned_bus_resources: after
> > >> __pci_bus_assign_resources -> list empty? 0
> > >> [   13.952634][ T1101] ------------[ cut here ]------------
> > >> [   13.952818][ T1101] kernel BUG at drivers/pci/setup-bus.c:2514!
> > >> [   13.953045][ T1101] Internal error: Oops - BUG: 00000000f2000800 [#1]
> > >>  SMP
> > >> ...
> > >> [   13.976086][ T1101] Call trace:
> > >> [   13.976206][ T1101]  pci_assign_unassigned_bus_resources+0x110/0x114 (P)
> > >> [   13.976462][ T1101]  pci_rescan_bus+0x28/0x48
> > >> [   13.976628][ T1101]  exynos_pcie_rc_poweron
> > >>
> > >> Working case:
> > >> [   13.786961][ T1120] pci 0000:01:00.0: [144d:a5a5] type 00 class
> > >> 0x000000 PCIe Endpoint
> > >> [   13.787136][ T1120] pci 0000:01:00.0: BAR 0 [mem
> > >> 0x00000000-0x000fffff 64bit]
> > >> [   13.787280][ T1120] pci 0000:01:00.0: ROM [mem 0x00000000-0x0000ffff
> > >> pref]
> > >> [   13.787541][ T1120] pci 0000:01:00.0: enabling Extended Tags
> > >> [   13.787808][ T1120] pci 0000:01:00.0: PME# supported from D0 D3hot D3cold
> > >> [   13.787988][ T1120] pci 0000:01:00.0: 15.752 Gb/s available PCIe
> > >> bandwidth, limited by 8.0 GT/s PCIe x2 link at 0000:00:00.0 (capable of
> > >> 31.506 Gb/s with 16.0 GT/s PCIe x2 link)
> > >> [   13.795279][ T1120] __pci_bus_size_bridges: before pbus_size_mem.
> > >> list empty? 1
> > >> [   13.795408][ T1120] pbus_size_mem: 2. list empty? 1
> > >> [   13.795495][ T1120] pbus_size_mem: 2. list empty? 1
> > >> [   13.795577][ T1120] __pci_bus_size_bridges: after pbus_size_mem. list
> > >> empty? 1
> > >> [   13.795692][ T1120] pci_assign_unassigned_bus_resources: before
> > >> __pci_bus_assign_resources -> list empty? 1
> > >> [   13.795849][ T1120] pcieport 0000:00:00.0: bridge window [mem
> > >> 0x40000000-0x401fffff]: assigned
> > >> [   13.796072][ T1120] pci_assign_unassigned_bus_resources: after
> > >> __pci_bus_assign_resources -> list empty? 1
> > >> [   13.796662][ T1120] cpif: s5100_poweron_pcie: DBG: MSI sfr not set
> > >> up, yet(s5100_pdev is NULL)
> > >> [   13.796666][ T1120] cpif: register_pcie: s51xx_pcie_init start
> > >>
> > >>
> > >> Any hints are welcomed. Thanks,
> > >> ta
> > > 
> > > Hi and thanks for the report.
> > 
> > Hi! Thanks for the help. I've been out of office for the last 2 weeks,
> > sorry for the delayed reply.
> 
> Np.
> 
> > > The interesting part occurs inside reassign_resources_sorted() where most 
> > > items are eliminated from realloc_head by the list_del().
> > > 
> > > My guess is that somehow, the change in 96336ec70264 from !res->flags
> > > to the more complicated check somehow causes this. If the new check 
> > > doesn't match and subsequently, no match is found from the head list, the 
> > > loop will do continue and not remove the entry from realloc_head.
> > 
> > I added a print right there and it seems it's something else. See below.
> > > 
> > > But it's hard to confirm without knowing what that resources realloc_head 
> > > contains. Perhaps if you print the resources that are processed around 
> > > that part of the code in reassign_resources_sorted(), comparing the log 
> > > from the reverted code with the non-working case might help to understand 
> > > what is different there and why. To understand better what is in the head 
> > > list, it would be also useful to know from which device the resources were 
> > > added into the head list in pdev_sort_resources().
> > > 
> > 
> > I added the suggested prints
> > (https://paste.ofcode.org/DgmZGGgS6D36nWEzmfCqMm) on top of v6.15 with
> > the downstream PCIe pixel driver and I obtain the following. Note that
> > all added prints contain "tudor" for differentiation.
> > 
> > [   15.211179][ T1107] pci 0001:01:00.0: [144d:a5a5] type 00 class
> > 0x000000 PCIe Endpoint
> > [   15.212248][ T1107] pci 0001:01:00.0: BAR 0 [mem
> > 0x00000000-0x000fffff 64bit]
> > [   15.212775][ T1107] pci 0001:01:00.0: ROM [mem 0x00000000-0x0000ffff
> > pref]
> > [   15.213195][ T1107] pci 0001:01:00.0: enabling Extended Tags
> > [   15.213720][ T1107] pci 0001:01:00.0: PME# supported from D0 D3hot
> > D3cold
> > [   15.214035][ T1107] pci 0001:01:00.0: 15.752 Gb/s available PCIe
> > bandwidth, limited by 8.0 GT/s PCIe x2 link at 0001:00:00.0 (capable of
> > 31.506 Gb/s with 16.0 GT/s PCIe x2 link)
> > [   15.222286][ T1107] pci 0001:01:00.0: tudor: 1: pbus_size_mem: BAR 0
> > [mem 0x00000000-0x000fffff 64bit] list empty? 1
> > [   15.222813][ T1107] pci 0001:01:00.0: tudor: 1: pbus_size_mem: ROM
> > [mem 0x00000000-0x0000ffff pref] list empty? 1
> > [   15.224429][ T1107] pci 0001:01:00.0: tudor: 2: pbus_size_mem: ROM
> > [mem 0x00000000-0x0000ffff pref] list empty? 0
> > [   15.224750][ T1107] pcieport 0001:00:00.0: bridge window [mem
> > 0x00100000-0x001fffff] to [bus 01-ff] add_size 100000 add_align 100000
> > 
> > [   15.225393][ T1107] tudor : pci_assign_unassigned_bus_resources:
> > before __pci_bus_assign_resources -> list empty? 0
> > [   15.225594][ T1107] pcieport 0001:00:00.0: tudor:
> > pdev_sort_resources: bridge window [mem 0x00100000-0x001fffff] resource
> > added in head list
> > [   15.226078][ T1107] pcieport 0001:00:00.0: bridge window [mem
> > 0x40000000-0x401fffff]: assigned
> 
> So here it ends up assigning the resource here I think.
> 
> 
> That print isn't one of yours in reassign_resources_sorted() so the 
> assignment must have been made in assign_requested_resources_sorted(). But 
> then nothing is printed out from reassign_resources_sorted() so I suspect 
> __assign_resources_sorted() has short-circuited.
> 
> We know that realloc_head is not empty, so that leaves the goto out from 
> if (list_empty(&local_fail_head)), which kind of makes sense, all 
> entries on the head list were assigned. But the code there tries to remove 
> all head list resources from realloc_head so why it doesn't get removed is 
> still a mystery. assign_requested_resources_sorted() doesn't seem to 
> remove anything from the head list so that resource should still be on the 
> head list AFAICT so it should call that remove_from_list(realloc_head, 
> dev_res->res) for it.
> 
> So can you see if that theory holds water and it short-circuits without 
> removing the entry from realloc_head?

I think I figured out more about the reason. It's not related to that 
bridge window resource.

pbus_size_mem() will add also that ROM resource into realloc_head 
as it is considered (intentionally) optional after the optional change
(as per "tudor: 2:" line). And that resource is never assigned because 
pdev_sort_resources() didn't pick it up into the head list. The next 
question is why the ROM resource isn't in the head list.


While it is not necessarily related to issue, I think the bridge sizing 
functions too should consider pdev_resources_assignable() so that it
won't ever add resources from such devices onto the realloc_head. This is 
yet another small inconsistency within all this fitting/assignment logic.

pbus_size_mem() seems to consider IORESOURCE_PCI_FIXED so that cannot 
explain it as the ROM resource wouldn't be on the realloc_head list in 
that case.


Just wanted to let you know early even if I don't fully understand 
everything so you can hopefully avoid unnecessary debugging.

> > [   15.226419][ T1107] tudor : pci_assign_unassigned_bus_resources:
> > after __pci_bus_assign_resources -> list empty? 0
> > [   15.226442][ T1107] ------------[ cut here ]------------
> > [   15.227587][ T1107] kernel BUG at drivers/pci/setup-bus.c:2522!
> > [   15.227813][ T1107] Internal error: Oops - BUG: 00000000f2000800 [#1]
> >  SMP
> > ...
> > [   15.251570][ T1107] Call trace:
> > [   15.251690][ T1107]  pci_assign_unassigned_bus_resources+0x110/0x114 (P)
> > [   15.251945][ T1107]  pci_rescan_bus+0x28/0x48
> > 
> > I obtain the following output when using the same prints adapted
> > (https://paste.ofcode.org/37w7RnKkPaCxyNhi5yhZPbZ) and with the blamed
> > commits reverted:
> > a34d74877c66 PCI: Restore assigned resources fully after release
> > 2499f5348431 PCI: Rework optional resource handling
> > 96336ec70264 PCI: Perform reset_resource() and build fail list in sync
> > 
> > [   15.200456][ T1102] pci 0000:01:00.0: [144d:a5a5] type 00 class
> > 0x000000 PCIe Endpoint
> > [   15.200632][ T1102] pci 0000:01:00.0: BAR 0 [mem
> > 0x00000000-0x000fffff 64bit]
> > [   15.200755][ T1102] pci 0000:01:00.0: ROM [mem 0x00000000-0x0000ffff
> > pref]
> > [   15.200876][ T1102] pci 0000:01:00.0: enabling Extended Tags
> > [   15.201075][ T1102] pci 0000:01:00.0: PME# supported from D0 D3hot D3cold
> > [   15.201254][ T1102] pci 0000:01:00.0: 15.752 Gb/s available PCIe
> > bandwidth, limited by 8.0 GT/s PCIe x2 link at 0000:00:00.0 (capable of
> > 31.506 Gb/s with 16.0 GT/s PCIe x2 link)
> > [   15.206555][ T1102] pci 0000:01:00.0: tudor: 1: pbus_size_mem: BAR 0
> > [mem 0x00000000-0x000fffff 64bit] list empty? 1
> > [   15.206737][ T1102] pci 0000:01:00.0: tudor: 1: pbus_size_mem: ROM
> > [mem 0x00000000-0x0000ffff pref] list empty? 1
> > [   15.206901][ T1102] tudor : pci_assign_unassigned_bus_resources:
> > before __pci_bus_assign_resources -> list empty? 1
> > [   15.207072][ T1102] pcieport 0000:00:00.0: tudor:
> > pdev_sort_resources: bridge window [mem 0x00100000-0x002fffff] resource
> > added in head list
> > [   15.207396][ T1102] pcieport 0000:00:00.0: bridge window [mem
> > 0x40000000-0x401fffff]: assigned
> > [   15.208165][ T1102] tudor : pci_assign_unassigned_bus_resources:
> > after __pci_bus_assign_resources -> list empty? 1
> > [   15.208783][ T1102] cpif: s5100_poweron_pcie: DBG: MSI sfr not set
> > up, yet(s5100_pdev is NULL)
> > [   15.208786][ T1102] cpif: register_pcie: s51xx_pcie_init start
> > 
> > > In any case, that BUG_ON() seems a bit drastic action for what might be 
> > > just a single resource allocation failure so it should be downgraded to:
> > > 
> > > if (WARN_ON(!list_empty(&add_list))
> > > 	free_list(&add_list);
> > > 	
> > > ... or WARN_ON_ONCE().
> > 
> > I saw your patch doing this, the phone now boots, but obviously I still
> > see the WARN, so maybe there's still something to be fixed.
> 
> Yes, I don't expect BUG_ON() -> WARN "fix" anything, it just downgrades 
> the severity so that the system can still try to boot, which can often 
> succeed as this tends to be non-critical failure in many cases so it's 
> useful change to have regardless despite the splat.
> 
> Now that it boots, can you please check if /proc/iomem is the same both in 
> the non-working and working config. If that resource got assigned 
> successfully, it might well be there is no actual differences in the 
> assigned resources (which again doesn't mean there wouldn't be a bug in 
> the logic as discussed above).
> 
> 
> 

-- 
 i.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ