Commit Graph

914 Commits

Author SHA1 Message Date
kib
25d50802d0 Add more values for PCI capabilities, PCIe extended capabilities, and subclasses.
Taken from
https://pcisig.com/sites/default/files/files/PCI_Code-ID_r_1_11__v24_Jan_2019.pdf

Submitted by:	Dmitry Luhtionov <dmitryluhtionov@gmail.com>
MFC after:	1 week
2020-02-20 17:08:52 +00:00
kib
d87b53c407 Fix typo.
Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2020-02-17 13:26:36 +00:00
kaktus
5c0808c69b Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (5 of many)
r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly marked). Use it in
preparation for a general review of all nodes.
This is non-functional change that adds annotations to SYSCTL_NODE and
SYSCTL_PROC nodes using one of the soon-to-be-required flags.

Reviewed by:	imp, kib
Approved by:	kib (mentor)
Differential Revision:	https://reviews.freebsd.org/D23633
2020-02-16 17:11:54 +00:00
br
d3e265fd0b Add PCI Express driver for the ARM Neoverse N1 System Development
Platform (N1SDP).

Neoverse N1 is a high-performance ARM microarchitecture designed
by the ARM Holdings for the server market.

The PCI part on N1SDP was shipped untested and suffers from some
integration issues.

For instance accessing to not existing BDFs causes System Error
(SError) exception. To mitigate this, the firmware scans the bus,
catches SErrors and creates a table with valid BDFs. That allows
us to filter-out accesses to invalid BDFs in this driver.

Also the root complex config space (BDF == 0) has an unusual
location in memory map, so remapping accesses to it is required.

Finally, the config space is restricted to 32-bit accesses only.

This was tested on the ARM boxes kindly provided by the ARM Ltd
to the DARPA CHERI Project.

In collaboration with:	andrew
Reviewed by:	andrew
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D23349
2020-02-11 15:12:09 +00:00
br
796933a470 o Move the software context struct to a header file.
o Make the pci_host_generic_acpi_attach() globally visible.
o Declare a new driver class.

These will be used by a new PCI root complex driver.

Sponsored by:	DARPA, AFRL
2020-01-24 16:43:49 +00:00
br
408b11df09 Move the ECAM macroses to the header file.
These will be used by other PCI root complex drivers.

Sponsored by:	DARPA, AFRL
2020-01-24 16:08:06 +00:00
scottl
c079cbeddf Abstract the locking for PCIe hotplug. It still uses Giant so there's
no functional change yet.
2019-12-26 21:00:06 +00:00
mp
7a5c21bd05 Remove VMware MSI-X from the PCI blacklist.
First reported against ESXi 5.0, PCI passthrough was not working due to
MSI-X issues. However, this issue was fixed via patch releases against
ESXi 5.5 and 6.0 in 2016. Given ESXi 5.5 and earlier have been EOL, this
patch removes the VMware MSI-X blacklist entries in the quirk table.

PR:	203874
Reviewed by:	imp, jhb
MFC after:	1 month
Sponsored by:	VMware
Differential Revision: https://reviews.freebsd.org/D22819
2019-12-18 23:00:56 +00:00
scottl
0f7b14322b Add accessors for the Vendor Specific Extended Capability (VSEC)
Parse out the VSEC.  If the user invokes a second -c command line option,
do a hex dump of the vendor data.

Reviewed by:	imp
MFC after:	3 days
Sponsored by:	Intel
Differential Revision:	http://reviews.freebsd.org/D22808
2019-12-13 23:46:59 +00:00
se
eab295d4b9 Remove "All rights reserved" phrase from copyright notes.
With the ratification of the Berne Convention in 2000, it became obsolete.

I have removed that phrase and the "(c)" only from files without copyright
claims by other parties. There are 2 files (pci.c, pci_private.h) that are
also claimed by Michael Smith <msmith@freebsd.org> and by BSDi, which have
therefore not been included in this commit.

When all member nations of the Buenos Aires Convention adopted the Berne
Convention, the phrase "All rights reserved" became unnecessary to assert
copyright. Remove it from files under my copyright.

There are 2 files (pci.c, pci_private.h) that) that do also bear msmith's
and BSDi's copyright. I have left them unchanged for now, since I do not
know whether they (or the legal successor in case of BSDi) would agree.
2019-12-04 08:03:33 +00:00
imp
b3cba7ef11 Hoist locking giant back up into the ioctl handler
Move the locking back into the ioctl handler. This "fixes" the race where we hve
a hot plug event just after the dropping of Giant in pci_find_dbsf, assuming the
driver doesn't then call anything that drops and picks up Giant again... It's a
little safer since don't think it doesn't, but we lack the tools to know for
sure.
2019-11-24 15:37:14 +00:00
imp
76e7001719 Push Giant down one layer
The /dev/pci device doesn't need GIANT, per se. However, one routine
that it calls, pci_find_dbsf implicitly does. It walks a list that can
change when PCI scans a new bus. With hotplug, this means we could
have a race with that scanning. To prevent that, take out Giant around
scanning the list.

However, given that we have places in the tree that drop giant, if
held when we call into them, the whole use of Giant to protect newbus
may be less effective that we desire, so add a comment about why we're
talking it out, and we'll address the issue when we lock newbus with
something other than Giant.
2019-11-23 23:43:52 +00:00
mmel
0af3eff0eb Add driver for DesignWare PCIE core, and its Armada 8K specific attachement.
MFC after:	3 weeks
2019-10-20 11:11:32 +00:00
jhb
df7b71835a Export pci_attach() and pci_detach().
Reviewed by:	imp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D21948
2019-10-15 18:58:01 +00:00
emaste
7cca4f4463 pcie: return an error if a matching resource is not found
Submitted by:	markj
Reviewed by:	manu
Event:		vBSDCon FreeBSD hackathon
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D20884
2019-09-05 15:45:21 +00:00
mav
08f942b31a Don't consider PCIe hot-plug command timeout fatal.
According to my tests and errata to several generations of Intel CPUs,
PCIe hot-plug command completion reporting is not very reliable thing.
At least on my Supermicro X11DPi-NT board I never saw it reported.
Before this change timeout code detached devices and tried to disable
the slot, that in my case resulted in hot-plugged device being detached
just a second after it was successfully detected and attached.  This
change removes that, so in case of timeout it just prints the error and
continue operation.  Linux does the same.

MFC after:	1 week
Sponsored by:	iXsystems, Inc.
2019-08-26 17:27:36 +00:00
jhibbits
a6f6670e0b Fix the build after r350570.
Signed char cannot compare to values above 0x7f.  Use unsigned instead.
2019-08-04 19:47:02 +00:00
jhibbits
1153a377f7 Add necessary bits for Linux KPI to work correctly on powerpc
PowerPC, and possibly other architectures, use different address ranges for
PCI space vs physical address space, which is only mapped at resource
activation time, when the BAR gets written.  The DRM kernel modules do not
activate the rman resources, soas not to waste KVA, instead only mapping
parts of the PCI memory at a time.  This introduces a
BUS_TRANSLATE_RESOURCE() method, implemented in the Open Firmware/FDT PCI
driver, to perform this necessary translation without activating the
resource.

In addition to system KPI changes, LinuxKPI is updated to handle a
big-endian host, by adding proper endian swaps to the I/O functions.

Submitted by:	mmacy
Reported by:	hselasky
Differential Revision:	https://reviews.freebsd.org/D21096
2019-08-04 19:28:10 +00:00
imp
85531b7acc Work around devices which return all zeros for reads of existing MSI-X
table VCTRL registers.

Unconditionally program the MSI-X vector control Mask field for MSI-X
table entries without regarud for Mask's previous value. Some devices
return all zeros on reads of the VCTRL registers, which would cause us
to skip disabling interrupts. This fixes the Samsung SM961/PM961 SSDs
which are return zero starting from offset 0x3084 within the memory
region specified by BAR0, even when they are active MSI-X vectors.

The Illumos kernel writes these unconditionally to 0 or 1. However,
section 6.8.2.9 of the PCI Local Bus 3.0 spec (dated Feb 3, 2004)
states for bits 31::01:
	After reset, the state of these bits must be 0. However, for
	potential future use, software must preserve the value of
	these reserved bits when modifying the value of other Vector
	Control bits. If software modifies the value of these reserved
	bits, the result is undefined."
so we always set or clear the Mask bit, but otherwise preserves the
old value.

PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211713
Reviewed By: imp, jhb
Submitted by: Ka Ho Ng
MFC After: 1 week
Differential Revision: https://reviews.freebsd.org/D20873
2019-07-08 19:38:49 +00:00
hselasky
74cb5132c6 Need to apply the PCIM_BAR_MEM_BASE mask to the physical memory
address before returning it to the user. Some of the least significant
bits have special meaning and should be masked away.

Discussed with:	kib@
MFC after:	3 days
Sponsored by:	Mellanox Technologies
2019-06-28 22:28:51 +00:00
cperciva
db106e7939 Only respond to the PCIe Attention Button if a device is already plugged in.
Prior to this commit, if PCIEM_SLOT_STA_ABP and PCIEM_SLOT_STA_PDC are
asserted simultaneously, FreeBSD sets a 5 second "hardware going away" timer
and then processes the "presence detect" change. In the (physically
challenging) case that someone presses the "attention button" and inserts
a new PCIe device at exactly the same moment, this results in FreeBSD
recognizing that the device is present, attaching it, and then detaching it
5 seconds later.

On EC2 "bare metal" hardware this is the precise sequence of events which
takes place when a new EBS volume is attached; virtual machines have no
difficulty effecting physically implausible simultaneity.

This patch changes the handling of PCIEM_SLOT_STA_ABP to only detach a
device if the presence of a device was detected *before* the interrupt
which reports the Attention Button push.

Reported by:	Matt Wilson
Reviewed by:	jhb
MFC after:	1 week
Sponsored by:	https://www.patreon.com/cperciva
Differential Revision:	https://reviews.freebsd.org/D20499
2019-06-05 04:58:42 +00:00
br
6107ef92b1 Pass pci_base address instead of physical address to rman_manage_region().
This should had been part of r347930 ("pci: ecam: Correctly parse memory
and IO region").

Sponsored by:	DARPA, AFRL
2019-05-29 15:53:33 +00:00
cem
250e158ddf Extract eventfilter declarations to sys/_eventfilter.h
This allows replacing "sys/eventfilter.h" includes with "sys/_eventfilter.h"
in other header files (e.g., sys/{bus,conf,cpu}.h) and reduces header
pollution substantially.

EVENTHANDLER_DECLARE and EVENTHANDLER_LIST_DECLAREs were moved out of .c
files into appropriate headers (e.g., sys/proc.h, powernv/opal.h).

As a side effect of reduced header pollution, many .c files and headers no
longer contain needed definitions.  The remainder of the patch addresses
adding appropriate includes to fix those files.

LOCK_DEBUG and LOCK_FILE_LINE_ARG are moved to sys/_lock.h, as required by
sys/mutex.h since r326106 (but silently protected by header pollution prior
to this change).

No functional change (intended).  Of course, any out of tree modules that
relied on header pollution for sys/eventhandler.h, sys/lock.h, or
sys/mutex.h inclusion need to be fixed.  __FreeBSD_version has been bumped.
2019-05-20 00:38:23 +00:00
manu
e8fb590b2b pci: ecam: Correctly parse memory and IO region
When activating a resource do not compare the resource id to the adress.
Treat IO region as MEMORY region too.

Submitted by:	Tuan Phan <tphan@amperecomputing.com> (Original Version)
Sponsored by:	Ampere Computing, LLC
Differential Revision:	https://reviews.freebsd.org/D20214
2019-05-17 17:05:16 +00:00
manu
77cb8c789c pci: ecam: Do not warn on mismatch of bus_end
We cannot know the bus end number before parsing the MCFG table
so don't set the bus_end before that. If the MCFG table doesn't
exist we will set the configuration base address based on the _CBA
value and set the bus_end to the maximal number allowed by PCI.

Sponsored by: Ampere Computing, LLC

Differential Revision:	https://reviews.freebsd.org/D20213
2019-05-17 17:04:01 +00:00
tychon
35c95d331a remove the 4GB boundary requirement on PCI DMA segments
Reviewed by:	kib
Discussed with:	jhb
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D19867
2019-04-19 13:43:33 +00:00
kib
587458f1cd Give new home to the comment from ppt_pci_reset(), explaining a nuance
of power reset.

Noted by:	soralx@cydem.org
Sponsored by:	Mellanox Technologies
MFC after:	12 days
2019-04-07 08:58:09 +00:00
kib
1f83f13cf3 Implement resets for PCI buses and PCIe bridges.
For PCI device (i.e. child of a PCI bus), reset tries FLR if
implemented and worked, and falls to power reset otherwise.

For PCIe bus (child of a PCIe bridge or root port), reset
disables PCIe link and then re-trains it, performing what is known as
link-level reset.

Reviewed by:	imp (previous version), jhb (previous version)
Sponsored by:	Mellanox Technologies
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D19646
2019-04-05 19:25:26 +00:00
tychon
8f32b48958 Devices behind downstream bridges should still get DMAR protection.
Reviewed by:	kib
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D19717
2019-04-01 19:08:05 +00:00
imp
90d8cba860 Fix two typos: an -> and; the the -> the
And justify the paragraph after the change (and set fill column to 80
instead of 70).

Noticed by: rpokala@, vangyzen@
2019-03-19 21:46:21 +00:00
imp
148c0d4211 Add comment about why we bother to use endian macros here, and why we
must use bitfields.
2019-03-19 15:03:20 +00:00
jhb
ae6222b0c3 Drop "All rights reserved" from my copyright statements.
Reviewed by:	rgrimes
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D19485
2019-03-06 22:11:45 +00:00
jhb
7a00254565 Enable PCI BAR reallocation by default.
When pci_realloc_bars was first added, the intention was to eventually
enable it by default, but it was left disabled to preserve existing
behavior.  The setting is pretty conservative in that it does not
attempt to allocate resources for BARs that the BIOS/firmware leaves
disabled.  It only attempts to reallocate resources for a BAR that the
firmware programmed during boot but that conflicts with another
resource during the kernel's device scan.

PR 221350 is an example of a machine that this knob fixes.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D18965
2019-02-11 20:47:09 +00:00
jchandra
5a66a899d5 pci_host_generic_acpi: use IORT data for MSI/MSI-X
Use the information from IORT parsing to translate the PCI RID to
GIC ITS device ID. And similarly, use the information to find the
PIC XREF identifier to be used for PCI devices.

Reviewed by:	andrew
Differential Revision:	https://reviews.freebsd.org/D18004
2019-02-07 04:50:16 +00:00
avg
260cc02954 add support for marking interrupt handlers as suspended
The goal of this change is to fix a problem with PCI shared interrupts
during suspend and resume.

I have observed a couple of variations of the following scenario.
Devices A and B are on the same PCI bus and share the same interrupt.
Device A's driver is suspended first and the device is powered down.
Device B generates an interrupt. Interrupt handlers of both drivers are
called. Device A's interrupt handler accesses registers of the powered
down device and gets back bogus values (I assume all 0xff). That data is
interpreted as interrupt status bits, etc. So, the interrupt handler
gets confused and may produce some noise or enter an infinite loop, etc.

This change affects only PCI devices.  The pci(4) bus driver marks a
child's interrupt handler as suspended after the child's suspend method
is called and before the device is powered down.  This is done only for
traditional PCI interrupts, because only they can be shared.

At the moment the change is only for x86.

Notable changes in core subsystems / interfaces:
- BUS_SUSPEND_INTR and BUS_RESUME_INTR methods are added to bus
  interface along with convenience functions bus_suspend_intr and
  bus_resume_intr;
- rman_set_irq_cookie and rman_get_irq_cookie functions are added to
  provide a way to associate an interrupt resource with an interrupt
  cookie;
- intr_event_suspend_handler and intr_event_resume_handler functions
  are added to the MI interrupt handler interface.

I added two new interrupt handler flags, IH_SUSP and IH_CHANGED, to
implement the new intr_event functions.  IH_SUSP marks a suspended
interrupt handler.  IH_CHANGED is used to implement a barrier that
ensures that a change to the interrupt handler's state is visible
to future interrupts.
While there, I fixed some whitespace issues in comments and changed a
couple of logically boolean variables to be bool.

MFC after:	1 month (maybe)
Differential Revision: https://reviews.freebsd.org/D15755
2018-12-17 17:11:00 +00:00
grog
ac4ff55dd9 Work around BIOS quirks on HPE Proliant MicroServer Gen10
PR:		221350
Submitted by:	Bob Bishop
Reported by:	Rafal Lukawiecki
Reviewed by:	jhb
MFC after:	2 weeks
2018-12-17 07:09:46 +00:00
jhibbits
ef0472302e Sprinkle EARLY_DRIVER_MODULE around the tree
Mark some buses as BUS_PASS_BUS, and some resources as BUS_PASS_RESOURCE.
This also decouples some resource attachment orderings from being races by
device tree ordering, instead relying on the bus pass to provide the
ordering.

This was originally intended to support multipass suspend/resume, but it's
also needed on PowerMacs when using fdt, as the device tree seems to get
created in reverse of the OFW tree.
Reviewed by:	nwhitehorn (long ago)
Differential Revision:	https://reviews.freebsd.org/D918
2018-12-04 04:55:49 +00:00
jchandra
30ac447495 pci_host_generic : move activate/release to generic code
Now that the ACPI and FDT implementations for activating and
deactivating resources are the same, we can move it to
pci_host_generic.c.  No functional changes.

Reviewed by:	andrew
Differential Revision:	https://reviews.freebsd.org/D17793
2018-11-19 03:43:10 +00:00
jchandra
bd91f059fb pci_host_generic, acpi_resource: drop unneeded code
Now that we are handling PCI resources in pci_host_generic_acpi.c, we
don't need these change (made by r336129)

Reviewed by:	andrew
Differential Revision:	https://reviews.freebsd.org/D17792
2018-11-19 03:34:15 +00:00
jchandra
65f57cddff acpica, pci_host_generic_acpi: redo pci_host_generic_acpi.c
This is a major update for pci_host_generic_acpi.c, the current
implementation has some gaps that are better fixed up in one go.
The changes are to:
 * Follow x86 method of not adding PCI resources to PCI host bridge in
   ACPI code. This has been moved to pci_host_generic_acpi.c, where we
   walk thru its resources of the host bridge and add them.
 * Fixup code in pci_host_generic_acpi.c to read all decoded ranges
   and update the 'ranges' property. This allows us to share most of
   the code with generic implementation (and the FDT one).
 * Parse and setup IO ranges and bus ranges when walking the resources
   above. Drop most of the changes related to this from acpica code.
 * Add the ECAM memory area as mem resource 0. Implement the logic to
   get the ECAM area from MCFG (using bus range which we now decode),
   or from _CBA (using _BBN/bus range). Drop aarch64 ifdefs from acpica
   code which did part of this.
 * Switch resource activation to similar code as FDT implementation,
   this can be moved into generic implementation in a later pass.
 * Drop the mechanism of using the 7th bit of bus number as the domain,
   this is not correct and will work only in very specific cases. Use
   _SEG as PCI domain and use the bus ranges of the host bridge to
   provide start bus number.

This commit should not make any functional change to dev/acpica/acpi.c
for other architectures, almost all the changes there are to revert
earlier additions in this file done for aarch64.

Reviewed by:	andrew
Differential Revision:	https://reviews.freebsd.org/D17791
2018-11-19 03:16:16 +00:00
jchandra
3b690e695d pci_host_generic*: basic implementation of bus range
Both ACPI and FDT support bus ranges for pci host bridges. Update
pci_host_generic*.[ch] with a default implementation to support this.
This will be used in the next set of changes for ACPI based host
bridge. No functional changes in this commit.

Reviewed by:	andrew
Differential Revision:	https://reviews.freebsd.org/D17657
2018-11-19 02:55:18 +00:00
jchandra
956387e5e9 pci_host_generic: allocate resources against devices
Fix up pci_host_generic.c and pci_host_generic_fdt.c to allocate
resources against devices that requested them. Currently the
allocation happens against the pcib, which is incorrect.

This is needed for the upcoming changes for fixing up
pci_host_generic_acpi.c

Reviewed by:	andrew
Differential Revision:	https://reviews.freebsd.org/D17656
2018-11-19 02:43:34 +00:00
jchandra
36b6a94a13 pci_host_generic: remove unneeded ThunderX2 quirk
The current quirk implementation writes a fixed address to the PCI BAR
to fix a firmware bug. The PCI BARs are allocated by firmware and will
change depending on PCI devices present. So using a fixed address here
is not correct.

This quirk worked around a firmware bug that programmed the MSI-X bar
of the SATA controller incorrectly. The newer firmware does not have
this issue, so it is better to drop this quirk altogether.

Reviewed by:	andrew
Differential Revision:	https://reviews.freebsd.org/D17655
2018-11-19 02:38:02 +00:00
brooks
82a106e39f Fix stray tab.
Reported by:	jbeich
MFC after:	3 days
MFC with:	r340489
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D18011
2018-11-17 00:03:04 +00:00
brooks
b148efc1a3 Fix freebsd32 support for PCIOCGETCONF.
This fixes regresssions in pciconf -l and some ports as reported on
freebsd-current:

https://lists.freebsd.org/pipermail/freebsd-current/2018-November/072144.html

Reported by:	jbeich
Reviewed by:	kib (also proposed an idential patch)
Tested by:	jbeich
MFC after:	3 days
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D18011
2018-11-16 23:58:51 +00:00
brooks
ef4d131c12 Centralize compat support for PCIOCGETCONF.
The pre-7.x compat for both native and 32-bit code was already in
pci_user.c. Use this infrastructure to add implement 32-bit support.
This is more correct as ioctl(2) commands only have meaning in the
context of a file descriptor.

Reviewed by:	kib
Approved by:	re (gjb)
Obtained from:	CheriBSD
Sponsored by:	DARPA, AFRL
Differential revision:	https://reviews.freebsd.org/D17324
2018-09-27 21:08:32 +00:00
imp
8efc2b3f05 Reapply, with minor tweaks, r338025, from the original commit:
Remove unused and easy to misuse PNP macro parameter

Inspired by r338025, just remove the element size parameter to the
MODULE_PNP_INFO macro entirely.  The 'table' parameter is now required to
have correct pointer (or array) type.  Since all invocations of the macro
already had this property and the emitted PNP data continues to include the
element size, there is no functional change.

Mostly done with the coccinelle 'spatch' tool:

  $ cat modpnpsize0.cocci
    @normaltables@
    identifier b,c;
    expression a,d,e;
    declarer MODULE_PNP_INFO;
    @@
     MODULE_PNP_INFO(a,b,c,d,
    -sizeof(d[0]),
     e);

    @singletons@
    identifier b,c,d;
    expression a;
    declarer MODULE_PNP_INFO;
    @@
     MODULE_PNP_INFO(a,b,c,&d,
    -sizeof(d),
     1);

  $ rg -l MODULE_PNP_INFO -- sys | \
    xargs spatch --in-place --sp-file modpnpsize0.cocci

(Note that coccinelle invokes diff(1) via a PATH search and expects diff to
tolerate the -B flag, which BSD diff does not.  So I had to link gdiff into
PATH as diff to use spatch.)

Tinderbox'd (-DMAKE_JUST_KERNELS).
Approved by: re (glen)
2018-09-26 17:12:14 +00:00
slavash
f297c4c762 Add PCIV_INVALID definition
From PCI Spec rev 2.2, 6.2.1. Device Identification:
Vendor ID This field identifies the manufacturer of the device. Valid
vendor identifiers are allocated by the PCI SIG to ensure uniqueness.
0FFFFh is an invalid value for Vendor ID.

MFC after:      3 days
Approved by:    re (Glen), hselasky (mentor), kib (mentor)
Sponsored by:   Mellanox Technologies
2018-09-26 13:16:55 +00:00
jhb
e55a0565c8 Don't directly dereference a user pointer in the VPD ioctl.
The PCIOCLISTVPD ioctl on /dev/pci is used to fetch a list of VPD
key-value pairs for a specific PCI function.  It is used by
'pciconf -l -V'.  The list is stored in a userland-supplied buffer as
an array of variable-length structures where the key and data length
are stored in a fixed-size header followed by the variable-length
value as a byte array.  To facilitate walking this array in userland,
<sys/pciio.h> provides a PVE_NEXT() helper macro to return a pointer
to the next array element by reading the the length out of the current
header and using it to compute the address of the next header.

To simplify the implementation, the ioctl handler was also using
PVE_NEXT() when on the user address of the user buffer to compute the
user address of the next array element.  However, the PVE_NEXT() macro
when used with a user address was reading the value's length by
indirecting the user pointer.  The value was ready after the current
record had been copied out to the user buffer, so it appeared to work
on architectures where user addresses are directly dereferencable from
the kernel (all but powerpc and i386 after the 4:4 split).  The recent
enablement of SMAP on amd64 caught this violation however.  To fix,
add a variant of PVE_NEXT() for use in the ioctl handler that takes an
explicit value length.

Reported by:	Jeffrey Pieper @ Intel
Reviewed by:	kib
Approved by:	re (gjb)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D16800
2018-08-31 16:10:01 +00:00
cem
d70d723ffc Back out r338035 until Warner is finished churning GSoC PNP patches
I was not aware Warner was making or planning to make forward progress in
this area and have since been informed of that.

It's easy to apply/reapply when churn dies down.
2018-08-19 00:46:22 +00:00