pbus_reassign_bridge_resources() saves bridge windows into the saved
list before attempting to adjust resource assignments to perform a BAR
resize operation. If resource adjustments cannot be completed fully,
rollback is attempted by restoring the resource from the saved list.

The rollback, however, does not check whether the resources it restores were
assigned by the partial resize attempt. If restore changes addresses of the
resource, it can result in corrupting the resource tree.

An example of a corrupted resource tree with overlapping addresses:

6200000000000-6203fbfffffff : pciex@620c3c0000000
  6200000000000-6203fbff0ffff : PCI Bus 0030:01
    6200020000000-62000207fffff : 0030:01:00.0
    6200000000000-6203fbff0ffff : PCI Bus 0030:02

A resource that are assigned into the resource tree must remain
unchanged. Thus, release such a resource before attempting to restore
and claim it back.

For simplicity, always do the release and claim back for the resource
even in the cases where it is restored to the same address range.

Note: this fix may "break" some cases where devices "worked" because
the resource tree corruption allowed address space double counting to
fit more resource than what can now be assigned without double
counting. The upcoming changes to BAR resizing should address those
scenarios (to the extent possible).

Fixes: 8bb705e3e79d ("PCI: Add pci_resize_resource() for resizing BARs")
Reported-by: Simon Richter <Simon.Richter@hogyros.de>
Reported-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
---
 drivers/pci/setup-bus.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c
index 4a8735b275e4..e6984bb530ae 100644
--- a/drivers/pci/setup-bus.c
+++ b/drivers/pci/setup-bus.c
@@ -2504,6 +2504,11 @@ int pbus_reassign_bridge_resources(struct pci_bus *bus, struct resource *res)
 		bridge = dev_res->dev;
 		i = pci_resource_num(bridge, res);
 
+		if (res->parent) {
+			release_child_resources(res);
+			pci_release_resource(bridge, i);
+		}
+
 		restore_dev_resource(dev_res);
 
 		pci_claim_resource(bridge, i);
-- 
2.39.5

On Tue, Oct 28, 2025 at 07:35:43PM +0200, Ilpo Järvinen wrote:
> pbus_reassign_bridge_resources() saves bridge windows into the saved
> list before attempting to adjust resource assignments to perform a BAR
> resize operation. If resource adjustments cannot be completed fully,
> rollback is attempted by restoring the resource from the saved list.

> Fixes: 8bb705e3e79d ("PCI: Add pci_resize_resource() for resizing BARs")
> Reported-by: Simon Richter <Simon.Richter@hogyros.de>
> Reported-by: Alex Bennée <alex.bennee@linaro.org>

If these reports were public, can we include lore URLs for them?

Same question for [PATCH 5/9] PCI: Fix restoring BARs on BAR resize
rollback path.

I put these all on pci/resource for build testing.  I assume we'll
tweak these based on testing reports and sorting out the pci/rebar
conflicts.

Bjorn

On Wed, 29 Oct 2025, Bjorn Helgaas wrote:

> On Tue, Oct 28, 2025 at 07:35:43PM +0200, Ilpo Järvinen wrote:
> > pbus_reassign_bridge_resources() saves bridge windows into the saved
> > list before attempting to adjust resource assignments to perform a BAR
> > resize operation. If resource adjustments cannot be completed fully,
> > rollback is attempted by restoring the resource from the saved list.
> 
> > Fixes: 8bb705e3e79d ("PCI: Add pci_resize_resource() for resizing BARs")
> > Reported-by: Simon Richter <Simon.Richter@hogyros.de>
> > Reported-by: Alex Bennée <alex.bennee@linaro.org>
> 
> If these reports were public, can we include lore URLs for them?
> 
> Same question for [PATCH 5/9] PCI: Fix restoring BARs on BAR resize
> rollback path.
> 
> I put these all on pci/resource for build testing.  I assume we'll
> tweak these based on testing reports and sorting out the pci/rebar
> conflicts.

Thanks, the links will come in v2 along with fixing a few things found by 
more extensive tests by LKP. E.g., it seems clang thinks guard() cannot be 
used here because goto jumps over it (auto variable initialization gets 
skipped so it's kind of understandable limitation).

-- 
 i.

On Thu, Oct 30, 2025 at 10:22:27AM +0200, Ilpo Järvinen wrote:
> On Wed, 29 Oct 2025, Bjorn Helgaas wrote:
> 
> > On Tue, Oct 28, 2025 at 07:35:43PM +0200, Ilpo Järvinen wrote:
> > > pbus_reassign_bridge_resources() saves bridge windows into the saved
> > > list before attempting to adjust resource assignments to perform a BAR
> > > resize operation. If resource adjustments cannot be completed fully,
> > > rollback is attempted by restoring the resource from the saved list.
> > 
> > > Fixes: 8bb705e3e79d ("PCI: Add pci_resize_resource() for resizing BARs")
> > > Reported-by: Simon Richter <Simon.Richter@hogyros.de>
> > > Reported-by: Alex Bennée <alex.bennee@linaro.org>
> > 
> > If these reports were public, can we include lore URLs for them?
> > 
> > Same question for [PATCH 5/9] PCI: Fix restoring BARs on BAR resize
> > rollback path.
> > 
> > I put these all on pci/resource for build testing.  I assume we'll
> > tweak these based on testing reports and sorting out the pci/rebar
> > conflicts.
> 
> Thanks, the links will come in v2 along with fixing a few things found by 
> more extensive tests by LKP. E.g., it seems clang thinks guard() cannot be 
> used here because goto jumps over it (auto variable initialization gets 
> skipped so it's kind of understandable limitation).

Just a ping on this.  The lkp robot did build this fine:
https://lore.kernel.org/r/202510311139.1VIkw3Ez-lkp@intel.com

I'm happy to put it in pci/next as-is, especially if the amdgpu and
i915 folks are ok with it.