From nobody Sat Feb 7 17:09:52 2026 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 411BC2E54D1; Wed, 21 Jan 2026 13:14:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769001282; cv=none; b=He4Ny/T+oyc9j+yqlMLwFio7cwapNp53OUBu6RzX6fx//1yL9O8XIj+YXHuXjoNc7ZGVxd3i5iu/waH0yE4xsxe08WV1m267kcHBpSf72X1xXJdaJzx6rvPs2Ag+RT6J/O1JRhS+2PN7fpqHnOuZeS7Ed34J3JTHnNmqU3cELP4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769001282; c=relaxed/simple; bh=RaYvlksJ/SpSfgzayP+dQQSt2W74WOsYndcSkAgl/IQ=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=GDElqe6rhzUPTAMU/qxEaVR90xzkV+78WM/65U8sTs6wEe+mmGvRu73Jjvv1VYZB15GLs+uqfQ2kSZabQsHmYQbBzA0hBfM/W0wJN5dKl5wXdzSLeGDufUxaQ5HW/x7AxggmrNOcPdnqSSwF90ngaTr/sIxeSLQKooJhx58lUPc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=gHEhbICj; arc=none smtp.client-ip=192.198.163.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="gHEhbICj" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1769001280; x=1800537280; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=RaYvlksJ/SpSfgzayP+dQQSt2W74WOsYndcSkAgl/IQ=; b=gHEhbICjljdWsgRiZtO5sRjMDHDl6rMbuPT7R8MRdF0XMXjqyVtCFGtU 91YdrjnEGcbtshm7TG9kEGr4fzyLlk8kAynpoJ3FFC5SJpmuC8aF+gjnH nBXvnQufFmqEaQ9tyqEX5PcE9fq2Lqe23z2p6HqUt+UK1KNxRB8NANKJq EAmEE3NCO5W8+gW6CrGjSlMIOrdGx4C/glHNUViZIT/jhbUr1HWIASdf6 F3gqd2YflwfyPyR/9AytpZ2OfEZbAmMXUWonYfQhoOlgIeDhVW3racX62 DhyfOWnceexP6ewCzQCim0P5uyMJ5e07+jAdvjFTdse1XNI1AeQFD2Ox4 A==; X-CSE-ConnectionGUID: ET6o7Ux5Q8mhfdwLAZu4Eg== X-CSE-MsgGUID: EW/1UPfDTYuuAQH211ieVg== X-IronPort-AV: E=McAfee;i="6800,10657,11678"; a="69424281" X-IronPort-AV: E=Sophos;i="6.21,242,1763452800"; d="scan'208";a="69424281" Received: from fmviesa009.fm.intel.com ([10.60.135.149]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2026 05:14:40 -0800 X-CSE-ConnectionGUID: n7HsbLOYRJmY6N9lQ5fuMQ== X-CSE-MsgGUID: 5iEdnD6ATmSJ+1cMvUtNhQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.21,242,1763452800"; d="scan'208";a="206872405" Received: from ijarvine-mobl1.ger.corp.intel.com (HELO localhost) ([10.245.245.108]) by fmviesa009-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2026 05:14:32 -0800 From: =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= To: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= , linux-pci@vger.kernel.org, Bjorn Helgaas , =?UTF-8?q?Christian=20K=C3=B6nig?= , =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= , linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org Subject: [PATCH 1/2] PCI: Fix BAR resize rollback path overwriting ret Date: Wed, 21 Jan 2026 15:14:16 +0200 Message-Id: <20260121131417.9582-2-ilpo.jarvinen@linux.intel.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20260121131417.9582-1-ilpo.jarvinen@linux.intel.com> References: <20260121131417.9582-1-ilpo.jarvinen@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The commit 337b1b566db0 ("PCI: Fix restoring BARs on BAR resize rollback path") added BAR rollback to pci_do_resource_release_and_resize() in case of resize failure. On the rollback, pci_claim_resource() is called which can fail and the code is prepared for that possibility. pci_claim_resource()'s return value, however, overwrites the original value of ret so pci_claim_resource() will return incorrect value in the end (as pci_claim_resource() normally succeeds, in practice ret will be 0). Fix the issue by directly calling pci_claim_resource() inside the if (). Fixes: 337b1b566db0 ("PCI: Fix restoring BARs on BAR resize rollback path") Link: https://lore.kernel.org/linux-pci/aW_w1oFQCzUxGYtu@intel.com/ Cc: stable@vger.kernel.org Reported-by: Ville Syrj=C3=A4l=C3=A4 Signed-off-by: Ilpo J=C3=A4rvinen Reviewed-by: Ville Syrj=C3=A4l=C3=A4 Tested-by: Ville Syrj=C3=A4l=C3=A4 --- drivers/pci/setup-bus.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c index 6e90f46f52af..9c374feafc77 100644 --- a/drivers/pci/setup-bus.c +++ b/drivers/pci/setup-bus.c @@ -2556,8 +2556,7 @@ int pci_do_resource_release_and_resize(struct pci_dev= *pdev, int resno, int size =20 restore_dev_resource(dev_res); =20 - ret =3D pci_claim_resource(dev, i); - if (ret) + if (pci_claim_resource(dev, i)) continue; =20 if (i < PCI_BRIDGE_RESOURCES) { --=20 2.39.5 From nobody Sat Feb 7 17:09:52 2026 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F8BD34CFD6; Wed, 21 Jan 2026 13:14:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769001288; cv=none; b=q5Dpx0TW7do6n84QGvx6HflUWI+IGa9opqu05qaVJpaCmcXu7c1tLB920w3XDV2zMMsSGUFiACYeMAmoIv7714eZLs5X7mVfCjhrcKf8Ri+MxB48YYqLp7F5JX7LPAILcC032VgMUSQskhbpfS+NbKtpZQ3HEf4hhnJVIzfFaXA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769001288; c=relaxed/simple; bh=THu1p62oDLh5lSnTH6yRQeplhg8j3JbMrtWLPiiP1as=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=sZ38MYE9mJ9/7W2D54RSTN33M3Slu8UTWNqBmXnsw0PCqgrMW16WohhZwSMqiLaslqBxDr297v4mxAWxZv63Ag0T7cxqouihb7vPJgcjKrtv7OjCc5Ne5Hpscd6AHehOSl+NjInDN1GeioiPaR3+fyWuIWnRkMIItp3rGh4wc60= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=FlEAcctx; arc=none smtp.client-ip=192.198.163.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="FlEAcctx" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1769001287; x=1800537287; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=THu1p62oDLh5lSnTH6yRQeplhg8j3JbMrtWLPiiP1as=; b=FlEAcctxzzSHdpOlMfXDmcVYzOM2zAUw43EcxHjZl/purejmzWXNupWZ PQp0KnMpXoNZFKYyb+GAu/sYoCRv9aKEfonbqtjgFBaaYrPkGwcSFOJmT q7i2KgSJHPVvn3broKo60dOjUSaFaSCvh1ysb6Cu9llquVNgXONR0jkSn KKbDtBIsicMqaqlECZ5KbowmLcPqJWu7zxmdio0ZN7VkcqAlN/1Ewtzjl WYYHNj2RN2mror9y05kLJDTNIouz5d7IpVThPi9Rp4uAyM95G9Bjsjg4S AEnrztCkMypHs3U2ykwJ1IctQEMuqETj/y932HnlW/DW8GCO0isvqN7cJ Q==; X-CSE-ConnectionGUID: 2UJLlb0ATzWpnlTM/tpufw== X-CSE-MsgGUID: Wb5I76JkRUyLBuhFKLSkWg== X-IronPort-AV: E=McAfee;i="6800,10657,11678"; a="69424288" X-IronPort-AV: E=Sophos;i="6.21,242,1763452800"; d="scan'208";a="69424288" Received: from fmviesa009.fm.intel.com ([10.60.135.149]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2026 05:14:46 -0800 X-CSE-ConnectionGUID: 8GOrohWkQNqslEk3wyz4vA== X-CSE-MsgGUID: MYOrumjqSsOc+J/5kJ7eMA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.21,242,1763452800"; d="scan'208";a="206872432" Received: from ijarvine-mobl1.ger.corp.intel.com (HELO localhost) ([10.245.245.108]) by fmviesa009-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2026 05:14:41 -0800 From: =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= To: =?UTF-8?q?Ville=20Syrj=C3=A4l=C3=A4?= , linux-pci@vger.kernel.org, Bjorn Helgaas , =?UTF-8?q?Christian=20K=C3=B6nig?= , =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= , linux-kernel@vger.kernel.org Cc: stable@vger.kernel.org Subject: [PATCH 2/2] PCI: Fix Resizable BAR restore order Date: Wed, 21 Jan 2026 15:14:17 +0200 Message-Id: <20260121131417.9582-3-ilpo.jarvinen@linux.intel.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20260121131417.9582-1-ilpo.jarvinen@linux.intel.com> References: <20260121131417.9582-1-ilpo.jarvinen@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable The commit 337b1b566db0 ("PCI: Fix restoring BARs on BAR resize rollback path") changed BAR resize to layer rebar code and resource setup/restore code cleanly. Unfortunately, it did not consider how the value of the BAR Size field impacts the read-only bits in the Base Address Register (PCIe7 spec, sec. 7.8.6.3). That is, it very much matters in which order the BAR Size and Base Address Register are restored. Post-337b1b566db0 ("PCI: Fix restoring BARs on BAR resize rollback path") during BAR resize rollback, pci_do_resource_release_and_resize() attempts to restore the old address to the BAR that was resized, but it can fail to setup the address correctly if the address has too low bits set that collide with the bits that are still read-only. As a result, kernel's resource and BAR will be out-of-sync. Fix this by restoring BAR Size before rolling back the resource changes and restoring the BAR. Fixes: 337b1b566db0 ("PCI: Fix restoring BARs on BAR resize rollback path") Link: https://lore.kernel.org/linux-pci/aW_w1oFQCzUxGYtu@intel.com/ Cc: stable@vger.kernel.org Reported-by: Ville Syrj=C3=A4l=C3=A4 Signed-off-by: Ilpo J=C3=A4rvinen Reviewed-by: Ville Syrj=C3=A4l=C3=A4 Tested-by: Ville Syrj=C3=A4l=C3=A4 --- drivers/pci/rebar.c | 18 +----------------- drivers/pci/setup-bus.c | 20 ++++++++++++++++++-- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/drivers/pci/rebar.c b/drivers/pci/rebar.c index ecdebdeb2dff..39f8cf3b70d5 100644 --- a/drivers/pci/rebar.c +++ b/drivers/pci/rebar.c @@ -295,7 +295,6 @@ int pci_resize_resource(struct pci_dev *dev, int resno,= int size, int exclude_bars) { struct pci_host_bridge *host; - int old, ret; =20 /* Check if we must preserve the firmware's resource assignment */ host =3D pci_find_host_bridge(dev->bus); @@ -308,21 +307,6 @@ int pci_resize_resource(struct pci_dev *dev, int resno= , int size, if (!pci_rebar_size_supported(dev, resno, size)) return -EINVAL; =20 - old =3D pci_rebar_get_current_size(dev, resno); - if (old < 0) - return old; - - ret =3D pci_rebar_set_size(dev, resno, size); - if (ret) - return ret; - - ret =3D pci_do_resource_release_and_resize(dev, resno, size, exclude_bars= ); - if (ret) - goto error_resize; - return 0; - -error_resize: - pci_rebar_set_size(dev, resno, old); - return ret; + return pci_do_resource_release_and_resize(dev, resno, size, exclude_bars); } EXPORT_SYMBOL(pci_resize_resource); diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c index 9c374feafc77..a61d38777cdc 100644 --- a/drivers/pci/setup-bus.c +++ b/drivers/pci/setup-bus.c @@ -2504,12 +2504,20 @@ int pci_do_resource_release_and_resize(struct pci_d= ev *pdev, int resno, int size struct resource *b_win, *r; LIST_HEAD(saved); unsigned int i; - int ret =3D 0; + int old, ret; =20 b_win =3D pbus_select_window(bus, res); if (!b_win) return -EINVAL; =20 + old =3D pci_rebar_get_current_size(pdev, resno); + if (old < 0) + return old; + + ret =3D pci_rebar_set_size(pdev, resno, size); + if (ret) + return ret; + pci_dev_for_each_resource(pdev, r, i) { if (i >=3D PCI_BRIDGE_RESOURCES) break; @@ -2542,7 +2550,15 @@ int pci_do_resource_release_and_resize(struct pci_de= v *pdev, int resno, int size return ret; =20 restore: - /* Revert to the old configuration */ + /* + * Revert to the old configuration. + * + * BAR Size must be restored first because it affects the read-only + * bits in BAR (the old address might not be restorable otherwise + * due to low address bits). + */ + pci_rebar_set_size(pdev, resno, old); + list_for_each_entry(dev_res, &saved, list) { struct resource *res =3D dev_res->res; struct pci_dev *dev =3D dev_res->dev; --=20 2.39.5