From: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
Change of_map_id() to take a pointer to struct of_phandle_args
instead of passing target device node and translated IDs separately.
Update all callers accordingly.
Subsequent patch will make use of the args_count field in
struct of_phandle_args.
Suggested-by: Rob Herring (Arm) <robh@kernel.org>
Signed-off-by: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
Signed-off-by: Vijayanand Jitta <vijayanand.jitta@oss.qualcomm.com>
---
drivers/iommu/of_iommu.c | 2 +-
drivers/of/base.c | 37 +++++++++++++++++------------------
drivers/pci/controller/dwc/pci-imx6.c | 8 +++++++-
drivers/pci/controller/pcie-apple.c | 4 +++-
drivers/xen/grant-dma-ops.c | 2 +-
include/linux/of.h | 21 +++++++++++++-------
6 files changed, 44 insertions(+), 30 deletions(-)
diff --git a/drivers/iommu/of_iommu.c b/drivers/iommu/of_iommu.c
index a511ecf21fcd..d255d0f58e8c 100644
--- a/drivers/iommu/of_iommu.c
+++ b/drivers/iommu/of_iommu.c
@@ -48,7 +48,7 @@ static int of_iommu_configure_dev_id(struct device_node *master_np,
struct of_phandle_args iommu_spec = { .args_count = 1 };
int err;
- err = of_map_iommu_id(master_np, *id, &iommu_spec.np, iommu_spec.args);
+ err = of_map_iommu_id(master_np, *id, &iommu_spec);
if (err)
return err;
diff --git a/drivers/of/base.c b/drivers/of/base.c
index 57420806c1a2..6c3628255908 100644
--- a/drivers/of/base.c
+++ b/drivers/of/base.c
@@ -2102,8 +2102,11 @@ int of_find_last_cache_level(unsigned int cpu)
* @id: device ID to map.
* @map_name: property name of the map to use.
* @map_mask_name: optional property name of the mask to use.
- * @target: optional pointer to a target device node.
- * @id_out: optional pointer to receive the translated ID.
+ * @arg: of_phandle_args structure,
+ * which includes:
+ * np: pointer to the target device node
+ * args_count: number of arguments
+ * args[]: array to receive the translated ID(s).
*
* Given a device ID, look up the appropriate implementation-defined
* platform ID and/or the target device which receives transactions on that
@@ -2117,21 +2120,21 @@ int of_find_last_cache_level(unsigned int cpu)
*/
int of_map_id(const struct device_node *np, u32 id,
const char *map_name, const char *map_mask_name,
- struct device_node **target, u32 *id_out)
+ struct of_phandle_args *arg)
{
u32 map_mask, masked_id;
int map_len;
const __be32 *map = NULL;
- if (!np || !map_name || (!target && !id_out))
+ if (!np || !map_name || !arg)
return -EINVAL;
map = of_get_property(np, map_name, &map_len);
if (!map) {
- if (target)
+ if (arg->np)
return -ENODEV;
/* Otherwise, no map implies no translation */
- *id_out = id;
+ arg->args[0] = id;
return 0;
}
@@ -2173,18 +2176,15 @@ int of_map_id(const struct device_node *np, u32 id,
if (!phandle_node)
return -ENODEV;
- if (target) {
- if (*target)
- of_node_put(phandle_node);
- else
- *target = phandle_node;
+ if (arg->np)
+ of_node_put(phandle_node);
+ else
+ arg->np = phandle_node;
- if (*target != phandle_node)
- continue;
- }
+ if (arg->np != phandle_node)
+ continue;
- if (id_out)
- *id_out = masked_id - id_base + out_base;
+ arg->args[0] = masked_id - id_base + out_base;
pr_debug("%pOF: %s, using mask %08x, id-base: %08x, out-base: %08x, length: %08x, id: %08x -> %08x\n",
np, map_name, map_mask, id_base, out_base,
@@ -2193,11 +2193,10 @@ int of_map_id(const struct device_node *np, u32 id,
}
pr_info("%pOF: no %s translation for id 0x%x on %pOF\n", np, map_name,
- id, target && *target ? *target : NULL);
+ id, arg->np ? arg->np : NULL);
/* Bypasses translation */
- if (id_out)
- *id_out = id;
+ arg->args[0] = id;
return 0;
}
EXPORT_SYMBOL_GPL(of_map_id);
diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c
index bff8289f804a..74fc603b3f84 100644
--- a/drivers/pci/controller/dwc/pci-imx6.c
+++ b/drivers/pci/controller/dwc/pci-imx6.c
@@ -1139,12 +1139,18 @@ static int imx_pcie_add_lut_by_rid(struct imx_pcie *imx_pcie, u32 rid)
{
struct device *dev = imx_pcie->pci->dev;
struct device_node *target;
+ struct of_phandle_args iommu_spec = { .args_count = 1 };
u32 sid_i, sid_m;
int err_i, err_m;
u32 sid = 0;
target = NULL;
- err_i = of_map_iommu_id(dev->of_node, rid, &target, &sid_i);
+ err_i = of_map_iommu_id(dev->of_node, rid, &iommu_spec);
+ if (!err_i) {
+ target = iommu_spec.np;
+ sid_i = iommu_spec.args[0];
+ }
+
if (target) {
of_node_put(target);
} else {
diff --git a/drivers/pci/controller/pcie-apple.c b/drivers/pci/controller/pcie-apple.c
index a0937b7b3c4d..e1d4b37d200d 100644
--- a/drivers/pci/controller/pcie-apple.c
+++ b/drivers/pci/controller/pcie-apple.c
@@ -755,6 +755,7 @@ static int apple_pcie_enable_device(struct pci_host_bridge *bridge, struct pci_d
{
u32 sid, rid = pci_dev_id(pdev);
struct apple_pcie_port *port;
+ struct of_phandle_args iommu_spec = { .args_count = 1 };
int idx, err;
port = apple_pcie_get_port(pdev);
@@ -764,10 +765,11 @@ static int apple_pcie_enable_device(struct pci_host_bridge *bridge, struct pci_d
dev_dbg(&pdev->dev, "added to bus %s, index %d\n",
pci_name(pdev->bus->self), port->idx);
- err = of_map_iommu_id(port->pcie->dev->of_node, rid, NULL, &sid);
+ err = of_map_iommu_id(port->pcie->dev->of_node, rid, &iommu_spec);
if (err)
return err;
+ sid = iommu_spec.args[0];
mutex_lock(&port->pcie->lock);
idx = bitmap_find_free_region(port->sid_map, port->sid_map_sz, 0);
diff --git a/drivers/xen/grant-dma-ops.c b/drivers/xen/grant-dma-ops.c
index 1b7696b2d762..5f1d6540049a 100644
--- a/drivers/xen/grant-dma-ops.c
+++ b/drivers/xen/grant-dma-ops.c
@@ -325,7 +325,7 @@ static int xen_dt_grant_init_backend_domid(struct device *dev,
struct pci_dev *pdev = to_pci_dev(dev);
u32 rid = PCI_DEVID(pdev->bus->number, pdev->devfn);
- if (of_map_iommu_id(np, rid, &iommu_spec.np, iommu_spec.args)) {
+ if (of_map_iommu_id(np, rid, &iommu_spec)) {
dev_dbg(dev, "Cannot translate ID\n");
return -ESRCH;
}
diff --git a/include/linux/of.h b/include/linux/of.h
index 824649867810..9d72d76f909d 100644
--- a/include/linux/of.h
+++ b/include/linux/of.h
@@ -463,7 +463,7 @@ bool of_console_check(const struct device_node *dn, char *name, int index);
int of_map_id(const struct device_node *np, u32 id,
const char *map_name, const char *map_mask_name,
- struct device_node **target, u32 *id_out);
+ struct of_phandle_args *arg);
phys_addr_t of_dma_get_max_cpu_address(struct device_node *np);
@@ -929,7 +929,7 @@ static inline void of_property_clear_flag(struct property *p, unsigned long flag
static inline int of_map_id(const struct device_node *np, u32 id,
const char *map_name, const char *map_mask_name,
- struct device_node **target, u32 *id_out)
+ struct of_phandle_args *arg)
{
return -EINVAL;
}
@@ -1458,17 +1458,24 @@ static inline int of_property_read_s32(const struct device_node *np,
}
static inline int of_map_iommu_id(const struct device_node *np, u32 id,
- struct device_node **target, u32 *id_out)
+ struct of_phandle_args *arg)
{
- return of_map_id(np, id, "iommu-map", "iommu-map-mask",
- target, id_out);
+ return of_map_id(np, id, "iommu-map", "iommu-map-mask", arg);
}
static inline int of_map_msi_id(const struct device_node *np, u32 id,
struct device_node **target, u32 *id_out)
{
- return of_map_id(np, id, "msi-map", "msi-map-mask",
- target, id_out);
+ struct of_phandle_args msi_spec = { .np = *target, .args_count = 1 };
+ int ret;
+
+ ret = of_map_id(np, id, "msi-map", "msi-map-mask", &msi_spec);
+ if (!ret) {
+ *target = msi_spec.np;
+ *id_out = msi_spec.args[0];
+ }
+
+ return ret;
}
#define of_for_each_phandle(it, err, np, ln, cn, cc) \
--
2.34.1On Sun, Mar 01, 2026 at 02:04:20PM +0530, Vijayanand Jitta wrote:
> From: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
>
> Change of_map_id() to take a pointer to struct of_phandle_args
> instead of passing target device node and translated IDs separately.
> Update all callers accordingly.
>
> Subsequent patch will make use of the args_count field in
> struct of_phandle_args.
>
> Suggested-by: Rob Herring (Arm) <robh@kernel.org>
> Signed-off-by: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
> Signed-off-by: Vijayanand Jitta <vijayanand.jitta@oss.qualcomm.com>
> ---
> drivers/iommu/of_iommu.c | 2 +-
> drivers/of/base.c | 37 +++++++++++++++++------------------
> drivers/pci/controller/dwc/pci-imx6.c | 8 +++++++-
> drivers/pci/controller/pcie-apple.c | 4 +++-
> drivers/xen/grant-dma-ops.c | 2 +-
> include/linux/of.h | 21 +++++++++++++-------
> 6 files changed, 44 insertions(+), 30 deletions(-)
>
> diff --git a/drivers/pci/controller/pcie-apple.c b/drivers/pci/controller/pcie-apple.c
> index a0937b7b3c4d..e1d4b37d200d 100644
> --- a/drivers/pci/controller/pcie-apple.c
> +++ b/drivers/pci/controller/pcie-apple.c
> @@ -755,6 +755,7 @@ static int apple_pcie_enable_device(struct pci_host_bridge *bridge, struct pci_d
> {
> u32 sid, rid = pci_dev_id(pdev);
> struct apple_pcie_port *port;
> + struct of_phandle_args iommu_spec = { .args_count = 1 };
Hmm, I didn't notice this. Parsing functions are expected to ignore
of_phandle_args before the parsing. So passing .args_count = 1 is
strange.
> int idx, err;
>
> port = apple_pcie_get_port(pdev);
--
With best wishes
Dmitry
On Sun, 01 Mar 2026 10:59:23 +0000,
Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> wrote:
>
> On Sun, Mar 01, 2026 at 02:04:20PM +0530, Vijayanand Jitta wrote:
> > From: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
> >
> > Change of_map_id() to take a pointer to struct of_phandle_args
> > instead of passing target device node and translated IDs separately.
> > Update all callers accordingly.
> >
> > Subsequent patch will make use of the args_count field in
> > struct of_phandle_args.
> >
> > Suggested-by: Rob Herring (Arm) <robh@kernel.org>
> > Signed-off-by: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
> > Signed-off-by: Vijayanand Jitta <vijayanand.jitta@oss.qualcomm.com>
> > ---
> > drivers/iommu/of_iommu.c | 2 +-
> > drivers/of/base.c | 37 +++++++++++++++++------------------
> > drivers/pci/controller/dwc/pci-imx6.c | 8 +++++++-
> > drivers/pci/controller/pcie-apple.c | 4 +++-
> > drivers/xen/grant-dma-ops.c | 2 +-
> > include/linux/of.h | 21 +++++++++++++-------
> > 6 files changed, 44 insertions(+), 30 deletions(-)
> >
> > diff --git a/drivers/pci/controller/pcie-apple.c b/drivers/pci/controller/pcie-apple.c
> > index a0937b7b3c4d..e1d4b37d200d 100644
> > --- a/drivers/pci/controller/pcie-apple.c
> > +++ b/drivers/pci/controller/pcie-apple.c
> > @@ -755,6 +755,7 @@ static int apple_pcie_enable_device(struct pci_host_bridge *bridge, struct pci_d
> > {
> > u32 sid, rid = pci_dev_id(pdev);
> > struct apple_pcie_port *port;
> > + struct of_phandle_args iommu_spec = { .args_count = 1 };
>
> Hmm, I didn't notice this. Parsing functions are expected to ignore
> of_phandle_args before the parsing. So passing .args_count = 1 is
> strange.
It isn't strange. It is a semantic requirement. It explicitly
indicates the boundary of what the driver is prepared to receive, just
like passing a single u32 * is perfectly clear.
Frankly, this patch makes an absolute mess of the current API.
M.
--
Without deviation from the norm, progress is not possible.
On Sun, Mar 01, 2026 at 02:04:20PM +0530, Vijayanand Jitta wrote:
> From: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
>
> Change of_map_id() to take a pointer to struct of_phandle_args
> instead of passing target device node and translated IDs separately.
> Update all callers accordingly.
>
> Subsequent patch will make use of the args_count field in
> struct of_phandle_args.
>
> Suggested-by: Rob Herring (Arm) <robh@kernel.org>
> Signed-off-by: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
> Signed-off-by: Vijayanand Jitta <vijayanand.jitta@oss.qualcomm.com>
> ---
> drivers/iommu/of_iommu.c | 2 +-
> drivers/of/base.c | 37 +++++++++++++++++------------------
> drivers/pci/controller/dwc/pci-imx6.c | 8 +++++++-
> drivers/pci/controller/pcie-apple.c | 4 +++-
> drivers/xen/grant-dma-ops.c | 2 +-
> include/linux/of.h | 21 +++++++++++++-------
> 6 files changed, 44 insertions(+), 30 deletions(-)
>
> @@ -2193,11 +2193,10 @@ int of_map_id(const struct device_node *np, u32 id,
> }
>
> pr_info("%pOF: no %s translation for id 0x%x on %pOF\n", np, map_name,
> - id, target && *target ? *target : NULL);
> + id, arg->np ? arg->np : NULL);
Is it just 'args->np' then? If it's NULL, it's NULL anyway.
>
> /* Bypasses translation */
> - if (id_out)
> - *id_out = id;
> + arg->args[0] = id;
> return 0;
> }
> EXPORT_SYMBOL_GPL(of_map_id);
> diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c
> index bff8289f804a..74fc603b3f84 100644
> --- a/drivers/pci/controller/dwc/pci-imx6.c
> +++ b/drivers/pci/controller/dwc/pci-imx6.c
> @@ -1139,12 +1139,18 @@ static int imx_pcie_add_lut_by_rid(struct imx_pcie *imx_pcie, u32 rid)
> {
> struct device *dev = imx_pcie->pci->dev;
> struct device_node *target;
> + struct of_phandle_args iommu_spec = { .args_count = 1 };
> u32 sid_i, sid_m;
> int err_i, err_m;
> u32 sid = 0;
>
> target = NULL;
> - err_i = of_map_iommu_id(dev->of_node, rid, &target, &sid_i);
> + err_i = of_map_iommu_id(dev->of_node, rid, &iommu_spec);
> + if (!err_i) {
> + target = iommu_spec.np;
> + sid_i = iommu_spec.args[0];
> + }
> +
> if (target) {
> of_node_put(target);
> } else {
> diff --git a/drivers/pci/controller/pcie-apple.c b/drivers/pci/controller/pcie-apple.c
> index a0937b7b3c4d..e1d4b37d200d 100644
> --- a/drivers/pci/controller/pcie-apple.c
> +++ b/drivers/pci/controller/pcie-apple.c
> @@ -755,6 +755,7 @@ static int apple_pcie_enable_device(struct pci_host_bridge *bridge, struct pci_d
> {
> u32 sid, rid = pci_dev_id(pdev);
> struct apple_pcie_port *port;
> + struct of_phandle_args iommu_spec = { .args_count = 1 };
> int idx, err;
>
> port = apple_pcie_get_port(pdev);
> @@ -764,10 +765,11 @@ static int apple_pcie_enable_device(struct pci_host_bridge *bridge, struct pci_d
> dev_dbg(&pdev->dev, "added to bus %s, index %d\n",
> pci_name(pdev->bus->self), port->idx);
>
> - err = of_map_iommu_id(port->pcie->dev->of_node, rid, NULL, &sid);
> + err = of_map_iommu_id(port->pcie->dev->of_node, rid, &iommu_spec);
> if (err)
> return err;
of_node_put(iommu_spec.np);
>
> + sid = iommu_spec.args[0];
> mutex_lock(&port->pcie->lock);
>
> idx = bitmap_find_free_region(port->sid_map, port->sid_map_sz, 0);
> diff --git a/drivers/xen/grant-dma-ops.c b/drivers/xen/grant-dma-ops.c
> index 1b7696b2d762..5f1d6540049a 100644
> --- a/drivers/xen/grant-dma-ops.c
> +++ b/drivers/xen/grant-dma-ops.c
> @@ -325,7 +325,7 @@ static int xen_dt_grant_init_backend_domid(struct device *dev,
> struct pci_dev *pdev = to_pci_dev(dev);
> u32 rid = PCI_DEVID(pdev->bus->number, pdev->devfn);
>
> - if (of_map_iommu_id(np, rid, &iommu_spec.np, iommu_spec.args)) {
> + if (of_map_iommu_id(np, rid, &iommu_spec)) {
> dev_dbg(dev, "Cannot translate ID\n");
> return -ESRCH;
> }
> diff --git a/include/linux/of.h b/include/linux/of.h
> index 824649867810..9d72d76f909d 100644
> --- a/include/linux/of.h
> +++ b/include/linux/of.h
> @@ -463,7 +463,7 @@ bool of_console_check(const struct device_node *dn, char *name, int index);
>
> int of_map_id(const struct device_node *np, u32 id,
> const char *map_name, const char *map_mask_name,
> - struct device_node **target, u32 *id_out);
> + struct of_phandle_args *arg);
>
> phys_addr_t of_dma_get_max_cpu_address(struct device_node *np);
>
> @@ -929,7 +929,7 @@ static inline void of_property_clear_flag(struct property *p, unsigned long flag
>
> static inline int of_map_id(const struct device_node *np, u32 id,
> const char *map_name, const char *map_mask_name,
> - struct device_node **target, u32 *id_out)
> + struct of_phandle_args *arg)
> {
> return -EINVAL;
> }
> @@ -1458,17 +1458,24 @@ static inline int of_property_read_s32(const struct device_node *np,
> }
>
> static inline int of_map_iommu_id(const struct device_node *np, u32 id,
> - struct device_node **target, u32 *id_out)
> + struct of_phandle_args *arg)
Document that it's the caller's responsibility to of_node_put() returned
node. As it can be seen from the previous comment, it's not obvious.
> {
> - return of_map_id(np, id, "iommu-map", "iommu-map-mask",
> - target, id_out);
> + return of_map_id(np, id, "iommu-map", "iommu-map-mask", arg);
> }
>
> static inline int of_map_msi_id(const struct device_node *np, u32 id,
> struct device_node **target, u32 *id_out)
Is there a reason for chaning the of_map_iommu_id() args but not
of_map_msi_id() args?
> {
> - return of_map_id(np, id, "msi-map", "msi-map-mask",
> - target, id_out);
> + struct of_phandle_args msi_spec = { .np = *target, .args_count = 1 };
Which driver passes something being worth of storing in .np?
> + int ret;
> +
> + ret = of_map_id(np, id, "msi-map", "msi-map-mask", &msi_spec);
> + if (!ret) {
> + *target = msi_spec.np;
> + *id_out = msi_spec.args[0];
> + }
> +
> + return ret;
> }
>
> #define of_for_each_phandle(it, err, np, ln, cn, cc) \
>
> --
> 2.34.1
>
--
With best wishes
Dmitry
On Sun, 01 Mar 2026 08:34:20 +0000,
Vijayanand Jitta <vijayanand.jitta@oss.qualcomm.com> wrote:
>
> From: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
>
> Change of_map_id() to take a pointer to struct of_phandle_args
> instead of passing target device node and translated IDs separately.
> Update all callers accordingly.
>
> Subsequent patch will make use of the args_count field in
> struct of_phandle_args.
>
> Suggested-by: Rob Herring (Arm) <robh@kernel.org>
> Signed-off-by: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
> Signed-off-by: Vijayanand Jitta <vijayanand.jitta@oss.qualcomm.com>
> ---
> drivers/iommu/of_iommu.c | 2 +-
> drivers/of/base.c | 37 +++++++++++++++++------------------
> drivers/pci/controller/dwc/pci-imx6.c | 8 +++++++-
> drivers/pci/controller/pcie-apple.c | 4 +++-
> drivers/xen/grant-dma-ops.c | 2 +-
> include/linux/of.h | 21 +++++++++++++-------
> 6 files changed, 44 insertions(+), 30 deletions(-)
>
> diff --git a/drivers/iommu/of_iommu.c b/drivers/iommu/of_iommu.c
> index a511ecf21fcd..d255d0f58e8c 100644
> --- a/drivers/iommu/of_iommu.c
> +++ b/drivers/iommu/of_iommu.c
> @@ -48,7 +48,7 @@ static int of_iommu_configure_dev_id(struct device_node *master_np,
> struct of_phandle_args iommu_spec = { .args_count = 1 };
> int err;
>
> - err = of_map_iommu_id(master_np, *id, &iommu_spec.np, iommu_spec.args);
> + err = of_map_iommu_id(master_np, *id, &iommu_spec);
> if (err)
> return err;
>
> diff --git a/drivers/of/base.c b/drivers/of/base.c
> index 57420806c1a2..6c3628255908 100644
> --- a/drivers/of/base.c
> +++ b/drivers/of/base.c
> @@ -2102,8 +2102,11 @@ int of_find_last_cache_level(unsigned int cpu)
> * @id: device ID to map.
> * @map_name: property name of the map to use.
> * @map_mask_name: optional property name of the mask to use.
> - * @target: optional pointer to a target device node.
> - * @id_out: optional pointer to receive the translated ID.
> + * @arg: of_phandle_args structure,
> + * which includes:
> + * np: pointer to the target device node
> + * args_count: number of arguments
Number of arguments *to what*? Isn't that the size of args[] instead?
> + * args[]: array to receive the translated ID(s).
> *
> * Given a device ID, look up the appropriate implementation-defined
> * platform ID and/or the target device which receives transactions on that
> @@ -2117,21 +2120,21 @@ int of_find_last_cache_level(unsigned int cpu)
> */
> int of_map_id(const struct device_node *np, u32 id,
> const char *map_name, const char *map_mask_name,
> - struct device_node **target, u32 *id_out)
> + struct of_phandle_args *arg)
> {
> u32 map_mask, masked_id;
> int map_len;
> const __be32 *map = NULL;
>
> - if (!np || !map_name || (!target && !id_out))
> + if (!np || !map_name || !arg)
> return -EINVAL;
>
> map = of_get_property(np, map_name, &map_len);
> if (!map) {
> - if (target)
> + if (arg->np)
> return -ENODEV;
> /* Otherwise, no map implies no translation */
> - *id_out = id;
> + arg->args[0] = id;
What if args_count is 0? Given that you place no restriction on the
way this can be called, that'd be entirely legitimate, and you'd
corrupt something you're not supposed to touch.
> return 0;
> }
>
> @@ -2173,18 +2176,15 @@ int of_map_id(const struct device_node *np, u32 id,
> if (!phandle_node)
> return -ENODEV;
>
> - if (target) {
> - if (*target)
> - of_node_put(phandle_node);
> - else
> - *target = phandle_node;
> + if (arg->np)
> + of_node_put(phandle_node);
> + else
> + arg->np = phandle_node;
>
> - if (*target != phandle_node)
> - continue;
> - }
> + if (arg->np != phandle_node)
> + continue;
>
> - if (id_out)
> - *id_out = masked_id - id_base + out_base;
> + arg->args[0] = masked_id - id_base + out_base;
>
> pr_debug("%pOF: %s, using mask %08x, id-base: %08x, out-base: %08x, length: %08x, id: %08x -> %08x\n",
> np, map_name, map_mask, id_base, out_base,
> @@ -2193,11 +2193,10 @@ int of_map_id(const struct device_node *np, u32 id,
> }
>
> pr_info("%pOF: no %s translation for id 0x%x on %pOF\n", np, map_name,
> - id, target && *target ? *target : NULL);
> + id, arg->np ? arg->np : NULL);
>
> /* Bypasses translation */
> - if (id_out)
> - *id_out = id;
> + arg->args[0] = id;
> return 0;
> }
> EXPORT_SYMBOL_GPL(of_map_id);
> diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c
> index bff8289f804a..74fc603b3f84 100644
> --- a/drivers/pci/controller/dwc/pci-imx6.c
> +++ b/drivers/pci/controller/dwc/pci-imx6.c
> @@ -1139,12 +1139,18 @@ static int imx_pcie_add_lut_by_rid(struct imx_pcie *imx_pcie, u32 rid)
> {
> struct device *dev = imx_pcie->pci->dev;
> struct device_node *target;
> + struct of_phandle_args iommu_spec = { .args_count = 1 };
> u32 sid_i, sid_m;
> int err_i, err_m;
> u32 sid = 0;
>
> target = NULL;
> - err_i = of_map_iommu_id(dev->of_node, rid, &target, &sid_i);
> + err_i = of_map_iommu_id(dev->of_node, rid, &iommu_spec);
> + if (!err_i) {
> + target = iommu_spec.np;
> + sid_i = iommu_spec.args[0];
> + }
> +
> if (target) {
> of_node_put(target);
> } else {
> diff --git a/drivers/pci/controller/pcie-apple.c b/drivers/pci/controller/pcie-apple.c
> index a0937b7b3c4d..e1d4b37d200d 100644
> --- a/drivers/pci/controller/pcie-apple.c
> +++ b/drivers/pci/controller/pcie-apple.c
> @@ -755,6 +755,7 @@ static int apple_pcie_enable_device(struct pci_host_bridge *bridge, struct pci_d
> {
> u32 sid, rid = pci_dev_id(pdev);
> struct apple_pcie_port *port;
> + struct of_phandle_args iommu_spec = { .args_count = 1 };
> int idx, err;
>
> port = apple_pcie_get_port(pdev);
> @@ -764,10 +765,11 @@ static int apple_pcie_enable_device(struct pci_host_bridge *bridge, struct pci_d
> dev_dbg(&pdev->dev, "added to bus %s, index %d\n",
> pci_name(pdev->bus->self), port->idx);
>
> - err = of_map_iommu_id(port->pcie->dev->of_node, rid, NULL, &sid);
> + err = of_map_iommu_id(port->pcie->dev->of_node, rid, &iommu_spec);
> if (err)
> return err;
>
> + sid = iommu_spec.args[0];
I find this stuff absolutely unreadable. You're fishing the SID in a
random position of a random structure, without any documentation of
how this is supposed to work. This really needs a wrapper that hides
this implementation detail.
Thanks,
M.
--
Without deviation from the norm, progress is not possible.
On Sun, Mar 01, 2026 at 10:02:49AM +0000, Marc Zyngier wrote:
> On Sun, 01 Mar 2026 08:34:20 +0000,
> Vijayanand Jitta <vijayanand.jitta@oss.qualcomm.com> wrote:
> >
> > From: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
> >
> > Change of_map_id() to take a pointer to struct of_phandle_args
> > instead of passing target device node and translated IDs separately.
> > Update all callers accordingly.
> >
> > Subsequent patch will make use of the args_count field in
> > struct of_phandle_args.
> >
> > Suggested-by: Rob Herring (Arm) <robh@kernel.org>
> > Signed-off-by: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
> > Signed-off-by: Vijayanand Jitta <vijayanand.jitta@oss.qualcomm.com>
> > ---
> > drivers/iommu/of_iommu.c | 2 +-
> > drivers/of/base.c | 37 +++++++++++++++++------------------
> > drivers/pci/controller/dwc/pci-imx6.c | 8 +++++++-
> > drivers/pci/controller/pcie-apple.c | 4 +++-
> > drivers/xen/grant-dma-ops.c | 2 +-
> > include/linux/of.h | 21 +++++++++++++-------
> > 6 files changed, 44 insertions(+), 30 deletions(-)
> >
> > diff --git a/drivers/iommu/of_iommu.c b/drivers/iommu/of_iommu.c
> > index a511ecf21fcd..d255d0f58e8c 100644
> > --- a/drivers/iommu/of_iommu.c
> > +++ b/drivers/iommu/of_iommu.c
> > @@ -48,7 +48,7 @@ static int of_iommu_configure_dev_id(struct device_node *master_np,
> > struct of_phandle_args iommu_spec = { .args_count = 1 };
> > int err;
> >
> > - err = of_map_iommu_id(master_np, *id, &iommu_spec.np, iommu_spec.args);
> > + err = of_map_iommu_id(master_np, *id, &iommu_spec);
> > if (err)
> > return err;
> >
> > diff --git a/drivers/of/base.c b/drivers/of/base.c
> > index 57420806c1a2..6c3628255908 100644
> > --- a/drivers/of/base.c
> > +++ b/drivers/of/base.c
> > @@ -2102,8 +2102,11 @@ int of_find_last_cache_level(unsigned int cpu)
> > * @id: device ID to map.
> > * @map_name: property name of the map to use.
> > * @map_mask_name: optional property name of the mask to use.
> > - * @target: optional pointer to a target device node.
> > - * @id_out: optional pointer to receive the translated ID.
> > + * @arg: of_phandle_args structure,
> > + * which includes:
> > + * np: pointer to the target device node
> > + * args_count: number of arguments
>
> Number of arguments *to what*? Isn't that the size of args[] instead?
It is a number of values corresponding to the phandle in the DT
property. It might be not obvious here for iommu-maps, but the struct is
idiomatic in OF world. Let me quote a (trimmed) example from
qcom/sm8650.dtsi (for a different property, but it explains the meaning
of the values here):
gem_noc: interconnect@24100000 {
#interconnect-cells = <2>;
};
epss_l3: interconnect@17d90000 {
#interconnect-cells = <1>;
};
interconnects = <&gem_noc MASTER_APPSS_PROC QCOM_ICC_TAG_ACTIVE_ONLY
&gem_noc SLAVE_LLCC QCOM_ICC_TAG_ACTIVE_ONLY>,
<&epss_l3 MASTER_EPSS_L3_APPS
&epss_l3 SLAVE_EPSS_L3_SHARED>;
/* I skipped the second pair, it adds nothing here */
Here the parsing function for this property (of_icc_get_by_index()) will
call of_parse_phandle_with_args() 4 times and it expects to return the
following values in the of_phandle_args:
1. { .np = gem_noc, .args_count = 2, .args = [MASTER_APPSS_PROC,
QCOM_ICC_TAG_ACTIVE_ONLY] }
2. { .np = gem_noc, .args_count = 2, .args = [SLAVE_LLCC,
QCOM_ICC_TAG_ACTIVE_ONLY] }
3. { .np = epss_l3, .args_count = 1, .args = [MASTER_EPSS_L3_APPS] }
4. { .np = epss_l3, .args_count = 1, .args = [SLAVE_EPSS_L3_SHARED] }
The whole of_phandle_args is then typically passed to the corresponding
xlate function, specific to the paricular .np ('provider'), which will
use #args_count values from the #args array to return the object from
the provider.
Now let's see iommu-maps (again, qcom/sm8650.dtsi):
apps_smmu: iommu@15000000 {
#iommu-cells = <2>;
};
iommu-map = <0 &apps_smmu 0x1400 0x1>,
<0x100 &apps_smmu 0x1401 0x1>;
The property matches current definition at [1], however this spec
doesn't match the DT practice. It forces that the property should use 1
cell for identifying the "object" in the IOMMU provider, even if the
provider expects to use 2 cells (two args).
The correct property should look like:
iommu-map = <0 &apps_smmu 0x1400 0x0 0x1>,
<0x100 &apps_smmu 0x1401 0x0 0x1>;
[1] https://github.com/devicetree-org/dt-schema/blob/main/dtschema/schemas/pci/pci-iommu.yaml
>
> > + * args[]: array to receive the translated ID(s).
> > *
> > * Given a device ID, look up the appropriate implementation-defined
> > * platform ID and/or the target device which receives transactions on that
> > @@ -2117,21 +2120,21 @@ int of_find_last_cache_level(unsigned int cpu)
> > */
> > int of_map_id(const struct device_node *np, u32 id,
> > const char *map_name, const char *map_mask_name,
> > - struct device_node **target, u32 *id_out)
> > + struct of_phandle_args *arg)
> > {
> > u32 map_mask, masked_id;
> > int map_len;
> > const __be32 *map = NULL;
> >
> > - if (!np || !map_name || (!target && !id_out))
> > + if (!np || !map_name || !arg)
> > return -EINVAL;
> >
> > map = of_get_property(np, map_name, &map_len);
> > if (!map) {
> > - if (target)
> > + if (arg->np)
> > return -ENODEV;
> > /* Otherwise, no map implies no translation */
> > - *id_out = id;
> > + arg->args[0] = id;
>
> What if args_count is 0? Given that you place no restriction on the
> way this can be called, that'd be entirely legitimate, and you'd
> corrupt something you're not supposed to touch.
args is an array (not a pointer) in of_phandle_args. As such we know
that args[0] is legit.
>
> > return 0;
> > }
> >
> > @@ -2173,18 +2176,15 @@ int of_map_id(const struct device_node *np, u32 id,
> > if (!phandle_node)
> > return -ENODEV;
> >
> > - if (target) {
> > - if (*target)
> > - of_node_put(phandle_node);
> > - else
> > - *target = phandle_node;
> > + if (arg->np)
> > + of_node_put(phandle_node);
> > + else
> > + arg->np = phandle_node;
> >
> > - if (*target != phandle_node)
> > - continue;
> > - }
> > + if (arg->np != phandle_node)
> > + continue;
> >
> > - if (id_out)
> > - *id_out = masked_id - id_base + out_base;
> > + arg->args[0] = masked_id - id_base + out_base;
> >
> > pr_debug("%pOF: %s, using mask %08x, id-base: %08x, out-base: %08x, length: %08x, id: %08x -> %08x\n",
> > np, map_name, map_mask, id_base, out_base,
> > @@ -2193,11 +2193,10 @@ int of_map_id(const struct device_node *np, u32 id,
> > }
> >
> > pr_info("%pOF: no %s translation for id 0x%x on %pOF\n", np, map_name,
> > - id, target && *target ? *target : NULL);
> > + id, arg->np ? arg->np : NULL);
> >
> > /* Bypasses translation */
> > - if (id_out)
> > - *id_out = id;
> > + arg->args[0] = id;
> > return 0;
> > }
> > EXPORT_SYMBOL_GPL(of_map_id);
> > diff --git a/drivers/pci/controller/dwc/pci-imx6.c b/drivers/pci/controller/dwc/pci-imx6.c
> > index bff8289f804a..74fc603b3f84 100644
> > --- a/drivers/pci/controller/dwc/pci-imx6.c
> > +++ b/drivers/pci/controller/dwc/pci-imx6.c
> > @@ -1139,12 +1139,18 @@ static int imx_pcie_add_lut_by_rid(struct imx_pcie *imx_pcie, u32 rid)
> > {
> > struct device *dev = imx_pcie->pci->dev;
> > struct device_node *target;
> > + struct of_phandle_args iommu_spec = { .args_count = 1 };
> > u32 sid_i, sid_m;
> > int err_i, err_m;
> > u32 sid = 0;
> >
> > target = NULL;
> > - err_i = of_map_iommu_id(dev->of_node, rid, &target, &sid_i);
> > + err_i = of_map_iommu_id(dev->of_node, rid, &iommu_spec);
> > + if (!err_i) {
> > + target = iommu_spec.np;
> > + sid_i = iommu_spec.args[0];
> > + }
> > +
> > if (target) {
> > of_node_put(target);
> > } else {
> > diff --git a/drivers/pci/controller/pcie-apple.c b/drivers/pci/controller/pcie-apple.c
> > index a0937b7b3c4d..e1d4b37d200d 100644
> > --- a/drivers/pci/controller/pcie-apple.c
> > +++ b/drivers/pci/controller/pcie-apple.c
> > @@ -755,6 +755,7 @@ static int apple_pcie_enable_device(struct pci_host_bridge *bridge, struct pci_d
> > {
> > u32 sid, rid = pci_dev_id(pdev);
> > struct apple_pcie_port *port;
> > + struct of_phandle_args iommu_spec = { .args_count = 1 };
> > int idx, err;
> >
> > port = apple_pcie_get_port(pdev);
> > @@ -764,10 +765,11 @@ static int apple_pcie_enable_device(struct pci_host_bridge *bridge, struct pci_d
> > dev_dbg(&pdev->dev, "added to bus %s, index %d\n",
> > pci_name(pdev->bus->self), port->idx);
> >
> > - err = of_map_iommu_id(port->pcie->dev->of_node, rid, NULL, &sid);
> > + err = of_map_iommu_id(port->pcie->dev->of_node, rid, &iommu_spec);
> > if (err)
> > return err;
> >
> > + sid = iommu_spec.args[0];
>
> I find this stuff absolutely unreadable. You're fishing the SID in a
> random position of a random structure, without any documentation of
> how this is supposed to work. This really needs a wrapper that hides
> this implementation detail.
>
> Thanks,
>
> M.
>
> --
> Without deviation from the norm, progress is not possible.
--
With best wishes
Dmitry
On Sun, 01 Mar 2026 10:46:57 +0000,
Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> wrote:
>
> On Sun, Mar 01, 2026 at 10:02:49AM +0000, Marc Zyngier wrote:
> > On Sun, 01 Mar 2026 08:34:20 +0000,
> > Vijayanand Jitta <vijayanand.jitta@oss.qualcomm.com> wrote:
> > >
> > > From: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
> > >
> > > Change of_map_id() to take a pointer to struct of_phandle_args
> > > instead of passing target device node and translated IDs separately.
> > > Update all callers accordingly.
> > >
> > > Subsequent patch will make use of the args_count field in
> > > struct of_phandle_args.
> > >
> > > Suggested-by: Rob Herring (Arm) <robh@kernel.org>
> > > Signed-off-by: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
> > > Signed-off-by: Vijayanand Jitta <vijayanand.jitta@oss.qualcomm.com>
> > > ---
> > > drivers/iommu/of_iommu.c | 2 +-
> > > drivers/of/base.c | 37 +++++++++++++++++------------------
> > > drivers/pci/controller/dwc/pci-imx6.c | 8 +++++++-
> > > drivers/pci/controller/pcie-apple.c | 4 +++-
> > > drivers/xen/grant-dma-ops.c | 2 +-
> > > include/linux/of.h | 21 +++++++++++++-------
> > > 6 files changed, 44 insertions(+), 30 deletions(-)
> > >
> > > diff --git a/drivers/iommu/of_iommu.c b/drivers/iommu/of_iommu.c
> > > index a511ecf21fcd..d255d0f58e8c 100644
> > > --- a/drivers/iommu/of_iommu.c
> > > +++ b/drivers/iommu/of_iommu.c
> > > @@ -48,7 +48,7 @@ static int of_iommu_configure_dev_id(struct device_node *master_np,
> > > struct of_phandle_args iommu_spec = { .args_count = 1 };
> > > int err;
> > >
> > > - err = of_map_iommu_id(master_np, *id, &iommu_spec.np, iommu_spec.args);
> > > + err = of_map_iommu_id(master_np, *id, &iommu_spec);
> > > if (err)
> > > return err;
> > >
> > > diff --git a/drivers/of/base.c b/drivers/of/base.c
> > > index 57420806c1a2..6c3628255908 100644
> > > --- a/drivers/of/base.c
> > > +++ b/drivers/of/base.c
> > > @@ -2102,8 +2102,11 @@ int of_find_last_cache_level(unsigned int cpu)
> > > * @id: device ID to map.
> > > * @map_name: property name of the map to use.
> > > * @map_mask_name: optional property name of the mask to use.
> > > - * @target: optional pointer to a target device node.
> > > - * @id_out: optional pointer to receive the translated ID.
> > > + * @arg: of_phandle_args structure,
> > > + * which includes:
> > > + * np: pointer to the target device node
> > > + * args_count: number of arguments
> >
> > Number of arguments *to what*? Isn't that the size of args[] instead?
>
> It is a number of values corresponding to the phandle in the DT
> property.
No. It is what the *caller* expects. Not what is is in the DT, which
could be (and generally is) a pile of random crap. If the two don't
match, return an error. But don't randomly overwrite data that is not
yours.
[...]
> It might be not obvious here for iommu-maps, but the struct is
> idiomatic in OF world. Let me quote a (trimmed) example from
> qcom/sm8650.dtsi (for a different property, but it explains the meaning
> of the values here):
>
> gem_noc: interconnect@24100000 {
> #interconnect-cells = <2>;
> };
>
> epss_l3: interconnect@17d90000 {
> #interconnect-cells = <1>;
> };
>
> interconnects = <&gem_noc MASTER_APPSS_PROC QCOM_ICC_TAG_ACTIVE_ONLY
> &gem_noc SLAVE_LLCC QCOM_ICC_TAG_ACTIVE_ONLY>,
> <&epss_l3 MASTER_EPSS_L3_APPS
> &epss_l3 SLAVE_EPSS_L3_SHARED>;
> /* I skipped the second pair, it adds nothing here */
>
> Here the parsing function for this property (of_icc_get_by_index()) will
> call of_parse_phandle_with_args() 4 times and it expects to return the
> following values in the of_phandle_args:
>
> 1. { .np = gem_noc, .args_count = 2, .args = [MASTER_APPSS_PROC,
> QCOM_ICC_TAG_ACTIVE_ONLY] }
> 2. { .np = gem_noc, .args_count = 2, .args = [SLAVE_LLCC,
> QCOM_ICC_TAG_ACTIVE_ONLY] }
> 3. { .np = epss_l3, .args_count = 1, .args = [MASTER_EPSS_L3_APPS] }
> 4. { .np = epss_l3, .args_count = 1, .args = [SLAVE_EPSS_L3_SHARED] }
>
> The whole of_phandle_args is then typically passed to the corresponding
> xlate function, specific to the paricular .np ('provider'), which will
> use #args_count values from the #args array to return the object from
> the provider.
>
> Now let's see iommu-maps (again, qcom/sm8650.dtsi):
>
> apps_smmu: iommu@15000000 {
> #iommu-cells = <2>;
> };
>
> iommu-map = <0 &apps_smmu 0x1400 0x1>,
> <0x100 &apps_smmu 0x1401 0x1>;
>
> The property matches current definition at [1], however this spec
> doesn't match the DT practice. It forces that the property should use 1
> cell for identifying the "object" in the IOMMU provider, even if the
> provider expects to use 2 cells (two args).
>
> The correct property should look like:
>
> iommu-map = <0 &apps_smmu 0x1400 0x0 0x1>,
> <0x100 &apps_smmu 0x1401 0x0 0x1>;
>
> [1] https://github.com/devicetree-org/dt-schema/blob/main/dtschema/schemas/pci/pci-iommu.yaml
>
> >
> > > + * args[]: array to receive the translated ID(s).
> > > *
> > > * Given a device ID, look up the appropriate implementation-defined
> > > * platform ID and/or the target device which receives transactions on that
> > > @@ -2117,21 +2120,21 @@ int of_find_last_cache_level(unsigned int cpu)
> > > */
> > > int of_map_id(const struct device_node *np, u32 id,
> > > const char *map_name, const char *map_mask_name,
> > > - struct device_node **target, u32 *id_out)
> > > + struct of_phandle_args *arg)
> > > {
> > > u32 map_mask, masked_id;
> > > int map_len;
> > > const __be32 *map = NULL;
> > >
> > > - if (!np || !map_name || (!target && !id_out))
> > > + if (!np || !map_name || !arg)
> > > return -EINVAL;
> > >
> > > map = of_get_property(np, map_name, &map_len);
> > > if (!map) {
> > > - if (target)
> > > + if (arg->np)
> > > return -ENODEV;
> > > /* Otherwise, no map implies no translation */
> > > - *id_out = id;
> > > + arg->args[0] = id;
> >
> > What if args_count is 0? Given that you place no restriction on the
> > way this can be called, that'd be entirely legitimate, and you'd
> > corrupt something you're not supposed to touch.
>
> args is an array (not a pointer) in of_phandle_args. As such we know
> that args[0] is legit.
Again, no. The caller is telling you what it expects. This is strictly
equivalent to:
void func(void *blah[], int sz);
func() is not supposed to look beyond sz. As it stands, this change in
not acceptable.
M.
--
Without deviation from the norm, progress is not possible.
On Sun, Mar 01, 2026 at 11:42:47AM +0000, Marc Zyngier wrote:
> On Sun, 01 Mar 2026 10:46:57 +0000,
> Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> wrote:
> >
> > On Sun, Mar 01, 2026 at 10:02:49AM +0000, Marc Zyngier wrote:
> > > On Sun, 01 Mar 2026 08:34:20 +0000,
> > > Vijayanand Jitta <vijayanand.jitta@oss.qualcomm.com> wrote:
> > > >
> > > > From: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
> > > >
> > > > Change of_map_id() to take a pointer to struct of_phandle_args
> > > > instead of passing target device node and translated IDs separately.
> > > > Update all callers accordingly.
> > > >
> > > > Subsequent patch will make use of the args_count field in
> > > > struct of_phandle_args.
> > > >
> > > > Suggested-by: Rob Herring (Arm) <robh@kernel.org>
> > > > Signed-off-by: Charan Teja Kalla <charan.kalla@oss.qualcomm.com>
> > > > Signed-off-by: Vijayanand Jitta <vijayanand.jitta@oss.qualcomm.com>
> > > > ---
> > > > drivers/iommu/of_iommu.c | 2 +-
> > > > drivers/of/base.c | 37 +++++++++++++++++------------------
> > > > drivers/pci/controller/dwc/pci-imx6.c | 8 +++++++-
> > > > drivers/pci/controller/pcie-apple.c | 4 +++-
> > > > drivers/xen/grant-dma-ops.c | 2 +-
> > > > include/linux/of.h | 21 +++++++++++++-------
> > > > 6 files changed, 44 insertions(+), 30 deletions(-)
> > > >
> > > > diff --git a/drivers/iommu/of_iommu.c b/drivers/iommu/of_iommu.c
> > > > index a511ecf21fcd..d255d0f58e8c 100644
> > > > --- a/drivers/iommu/of_iommu.c
> > > > +++ b/drivers/iommu/of_iommu.c
> > > > @@ -48,7 +48,7 @@ static int of_iommu_configure_dev_id(struct device_node *master_np,
> > > > struct of_phandle_args iommu_spec = { .args_count = 1 };
> > > > int err;
> > > >
> > > > - err = of_map_iommu_id(master_np, *id, &iommu_spec.np, iommu_spec.args);
> > > > + err = of_map_iommu_id(master_np, *id, &iommu_spec);
> > > > if (err)
> > > > return err;
> > > >
> > > > diff --git a/drivers/of/base.c b/drivers/of/base.c
> > > > index 57420806c1a2..6c3628255908 100644
> > > > --- a/drivers/of/base.c
> > > > +++ b/drivers/of/base.c
> > > > @@ -2102,8 +2102,11 @@ int of_find_last_cache_level(unsigned int cpu)
> > > > * @id: device ID to map.
> > > > * @map_name: property name of the map to use.
> > > > * @map_mask_name: optional property name of the mask to use.
> > > > - * @target: optional pointer to a target device node.
> > > > - * @id_out: optional pointer to receive the translated ID.
> > > > + * @arg: of_phandle_args structure,
> > > > + * which includes:
> > > > + * np: pointer to the target device node
> > > > + * args_count: number of arguments
> > >
> > > Number of arguments *to what*? Isn't that the size of args[] instead?
> >
> > It is a number of values corresponding to the phandle in the DT
> > property.
>
> No. It is what the *caller* expects. Not what is is in the DT, which
> could be (and generally is) a pile of random crap.
Nice
> If the two don't
> match, return an error. But don't randomly overwrite data that is not
> yours.
Mark, no. The caller can't know how many cell arguments the provider
uses until:
- the provider handle is parsed
- provider node is consulted for the #foo-cells
It is not a number of arguments for the _caller_. It is how many u32
values are used by the _provider_.
In case of IOMMUs, enough IOMMU devices have #iommu-cells = <2>, which
means that it uses two u32 values to identify the SID or set of SIDs.
Following your analogy, if we force 1 cell in the iommu-map property, we
are trying to force the function which expects to take two arguments to
accept just one. But it's not the caller, it's the IOMMU's xlate
function.
>
> [...]
>
> > It might be not obvious here for iommu-maps, but the struct is
> > idiomatic in OF world. Let me quote a (trimmed) example from
> > qcom/sm8650.dtsi (for a different property, but it explains the meaning
> > of the values here):
> >
> > gem_noc: interconnect@24100000 {
> > #interconnect-cells = <2>;
> > };
> >
> > epss_l3: interconnect@17d90000 {
> > #interconnect-cells = <1>;
> > };
> >
> > interconnects = <&gem_noc MASTER_APPSS_PROC QCOM_ICC_TAG_ACTIVE_ONLY
> > &gem_noc SLAVE_LLCC QCOM_ICC_TAG_ACTIVE_ONLY>,
> > <&epss_l3 MASTER_EPSS_L3_APPS
> > &epss_l3 SLAVE_EPSS_L3_SHARED>;
> > /* I skipped the second pair, it adds nothing here */
> >
> > Here the parsing function for this property (of_icc_get_by_index()) will
> > call of_parse_phandle_with_args() 4 times and it expects to return the
> > following values in the of_phandle_args:
> >
> > 1. { .np = gem_noc, .args_count = 2, .args = [MASTER_APPSS_PROC,
> > QCOM_ICC_TAG_ACTIVE_ONLY] }
> > 2. { .np = gem_noc, .args_count = 2, .args = [SLAVE_LLCC,
> > QCOM_ICC_TAG_ACTIVE_ONLY] }
> > 3. { .np = epss_l3, .args_count = 1, .args = [MASTER_EPSS_L3_APPS] }
> > 4. { .np = epss_l3, .args_count = 1, .args = [SLAVE_EPSS_L3_SHARED] }
> >
> > The whole of_phandle_args is then typically passed to the corresponding
> > xlate function, specific to the paricular .np ('provider'), which will
> > use #args_count values from the #args array to return the object from
> > the provider.
> >
> > Now let's see iommu-maps (again, qcom/sm8650.dtsi):
> >
> > apps_smmu: iommu@15000000 {
> > #iommu-cells = <2>;
> > };
> >
> > iommu-map = <0 &apps_smmu 0x1400 0x1>,
> > <0x100 &apps_smmu 0x1401 0x1>;
> >
> > The property matches current definition at [1], however this spec
> > doesn't match the DT practice. It forces that the property should use 1
> > cell for identifying the "object" in the IOMMU provider, even if the
> > provider expects to use 2 cells (two args).
> >
> > The correct property should look like:
> >
> > iommu-map = <0 &apps_smmu 0x1400 0x0 0x1>,
> > <0x100 &apps_smmu 0x1401 0x0 0x1>;
> >
> > [1] https://github.com/devicetree-org/dt-schema/blob/main/dtschema/schemas/pci/pci-iommu.yaml
> >
> > >
> > > > + * args[]: array to receive the translated ID(s).
> > > > *
> > > > * Given a device ID, look up the appropriate implementation-defined
> > > > * platform ID and/or the target device which receives transactions on that
> > > > @@ -2117,21 +2120,21 @@ int of_find_last_cache_level(unsigned int cpu)
> > > > */
> > > > int of_map_id(const struct device_node *np, u32 id,
> > > > const char *map_name, const char *map_mask_name,
> > > > - struct device_node **target, u32 *id_out)
> > > > + struct of_phandle_args *arg)
> > > > {
> > > > u32 map_mask, masked_id;
> > > > int map_len;
> > > > const __be32 *map = NULL;
> > > >
> > > > - if (!np || !map_name || (!target && !id_out))
> > > > + if (!np || !map_name || !arg)
> > > > return -EINVAL;
> > > >
> > > > map = of_get_property(np, map_name, &map_len);
> > > > if (!map) {
> > > > - if (target)
> > > > + if (arg->np)
> > > > return -ENODEV;
> > > > /* Otherwise, no map implies no translation */
> > > > - *id_out = id;
> > > > + arg->args[0] = id;
> > >
> > > What if args_count is 0? Given that you place no restriction on the
> > > way this can be called, that'd be entirely legitimate, and you'd
> > > corrupt something you're not supposed to touch.
> >
> > args is an array (not a pointer) in of_phandle_args. As such we know
> > that args[0] is legit.
>
> Again, no. The caller is telling you what it expects. This is strictly
> equivalent to:
>
> void func(void *blah[], int sz);
>
> func() is not supposed to look beyond sz. As it stands, this change in
> not acceptable.
DT parsing functions follow a different approach, because of the "random
crap". It is:
int parse(void *phandle, u32 **args, int *sz);
So, if the caller insists that it can handle only one argument, it
should call parse(), then check that (sz == 1) and return -EINVAL
otherwise (kfreeing *args and of_node_puting phandle while it does so).
I will quote of_phandle_args here:
struct of_phandle_args {
struct device_node *np;
int args_count;
uint32_t args[MAX_PHANDLE_ARGS];
};
Please take a look at how of_parse_phandle_with_args() works.
--
With best wishes
Dmitry
© 2016 - 2026 Red Hat, Inc.