The interrupts already minus 1 in pci_epc_set_msix() according to pcie
specification. So we must add 1 otherwise data corruption will happen.

Signed-off-by: Jiantao Zhang <water.zhangjiantao@huawei.com>
Signed-off-by: Jianrong Zhang <zhangjianrong5@huawei.com>
---
 drivers/pci/controller/cadence/pcie-cadence-ep.c | 2 +-
 drivers/pci/controller/dwc/pcie-designware-ep.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/pci/controller/cadence/pcie-cadence-ep.c b/drivers/pci/controller/cadence/pcie-cadence-ep.c
index b8b655d4047e..ff608c46b8ac 100644
--- a/drivers/pci/controller/cadence/pcie-cadence-ep.c
+++ b/drivers/pci/controller/cadence/pcie-cadence-ep.c
@@ -310,7 +310,7 @@ static int cdns_pcie_ep_set_msix(struct pci_epc *epc, u8 fn, u8 vfn,
 
 	/* Set PBA BAR and offset.  BAR must match MSIX BAR */
 	reg = cap + PCI_MSIX_PBA;
-	val = (offset + (interrupts * PCI_MSIX_ENTRY_SIZE)) | bir;
+	val = (offset + ((interrupts + 1) * PCI_MSIX_ENTRY_SIZE)) | bir;
 	cdns_pcie_ep_fn_writel(pcie, fn, reg, val);
 
 	return 0;
diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c
index f9182f8d552f..3d078ebe2517 100644
--- a/drivers/pci/controller/dwc/pcie-designware-ep.c
+++ b/drivers/pci/controller/dwc/pcie-designware-ep.c
@@ -417,7 +417,7 @@ static int dw_pcie_ep_set_msix(struct pci_epc *epc, u8 func_no, u8 vfunc_no,
 	dw_pcie_writel_dbi(pci, reg, val);
 
 	reg = ep_func->msix_cap + func_offset + PCI_MSIX_PBA;
-	val = (offset + (interrupts * PCI_MSIX_ENTRY_SIZE)) | bir;
+	val = (offset + ((interrupts + 1) * PCI_MSIX_ENTRY_SIZE)) | bir;
 	dw_pcie_writel_dbi(pci, reg, val);
 
 	dw_pcie_dbi_ro_wr_dis(pci);
-- 
2.17.1

On Wed, May 31, 2023 at 10:24:42PM +0800, Jiantao Zhang wrote:
> The interrupts already minus 1 in pci_epc_set_msix() according to pcie
> specification. So we must add 1 otherwise data corruption will happen.

I'm not sure what happened to this.

Can you include a citation to the section of the spec, which will help
reviewers?

Have you observed a crash or similar defect that is fixed by this
patch?  If so, a few details would be useful in the commit log to help
people find this fix.

> Signed-off-by: Jiantao Zhang <water.zhangjiantao@huawei.com>
> Signed-off-by: Jianrong Zhang <zhangjianrong5@huawei.com>
> ---
>  drivers/pci/controller/cadence/pcie-cadence-ep.c | 2 +-
>  drivers/pci/controller/dwc/pcie-designware-ep.c  | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/pci/controller/cadence/pcie-cadence-ep.c b/drivers/pci/controller/cadence/pcie-cadence-ep.c
> index b8b655d4047e..ff608c46b8ac 100644
> --- a/drivers/pci/controller/cadence/pcie-cadence-ep.c
> +++ b/drivers/pci/controller/cadence/pcie-cadence-ep.c
> @@ -310,7 +310,7 @@ static int cdns_pcie_ep_set_msix(struct pci_epc *epc, u8 fn, u8 vfn,
>  
>  	/* Set PBA BAR and offset.  BAR must match MSIX BAR */
>  	reg = cap + PCI_MSIX_PBA;
> -	val = (offset + (interrupts * PCI_MSIX_ENTRY_SIZE)) | bir;
> +	val = (offset + ((interrupts + 1) * PCI_MSIX_ENTRY_SIZE)) | bir;
>  	cdns_pcie_ep_fn_writel(pcie, fn, reg, val);
>  
>  	return 0;
> diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c
> index f9182f8d552f..3d078ebe2517 100644
> --- a/drivers/pci/controller/dwc/pcie-designware-ep.c
> +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c
> @@ -417,7 +417,7 @@ static int dw_pcie_ep_set_msix(struct pci_epc *epc, u8 func_no, u8 vfunc_no,
>  	dw_pcie_writel_dbi(pci, reg, val);
>  
>  	reg = ep_func->msix_cap + func_offset + PCI_MSIX_PBA;
> -	val = (offset + (interrupts * PCI_MSIX_ENTRY_SIZE)) | bir;
> +	val = (offset + ((interrupts + 1) * PCI_MSIX_ENTRY_SIZE)) | bir;
>  	dw_pcie_writel_dbi(pci, reg, val);
>  
>  	dw_pcie_dbi_ro_wr_dis(pci);
> -- 
> 2.17.1
>