273022 – MSI/MSI-X assignment fails if APIC ID > 255

Bug 273022 - MSI/MSI-X assignment fails if APIC ID > 255

Summary: MSI/MSI-X assignment fails if APIC ID > 255

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:	14.0r 271888
	Show dependency tree / graph

Reported:	2023-08-09 03:43 UTC by Ed Maste
Modified:	2023-08-22 21:44 UTC (History)
CC List:	0 users

See Also:	269572 271888

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ed Maste freebsd_committer

2023-08-09 03:43:34 UTC

APIC address is calculated as:

#define INTEL_ADDR(msi)                                                 \
        (MSI_INTEL_ADDR_BASE | (msi)->msi_cpu << 12 |                   \
            MSI_INTEL_ADDR_RH_OFF | MSI_INTEL_ADDR_DM_PHYSICAL)

See Intel SDM 11.11.1 Message Address Register Format
bits 19-12 are:

Destination ID — This field contains an 8-bit destination ID. It identifies the message’s target processor(s).
The destination ID corresponds to bits 63:56 of the I/O APIC Redirection Table Entry if the IOAPIC is used to
dispatch the interrupt to the processor(s).

if msi_cpu > 255 then (msi)->msi_cpu << 12 will overflow into bits 31-20 which need to contain 0xfee

Comment 1 Ed Maste freebsd_committer

2023-08-09 16:46:58 UTC

Review to add an error printf in this case, at least https://reviews.freebsd.org/D41395

Comment 2 commit-hook freebsd_committer

2023-08-09 18:17:48 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=cbf845052f1c2862a64e66dbaf38e887a7592474

commit cbf845052f1c2862a64e66dbaf38e887a7592474
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-08-08 23:42:09 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-08-09 17:52:43 +0000

    msi: report error for attempt to use APIC ID > 255

    The MSI/MSI-X address includes 8 bits to encode the Destination ID.
    Previously IDs over 255 overlapped with the fixed portion of the
    address, resulting in an invalid value (and a nonfunctional interrupt).

    Instead, print an error message and return EINVAL.  The interrupt will
    still not work, but the user will have a clue as to why.

    PR:             273022
    Reviewed by:    jhb
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D41395

 sys/x86/x86/msi.c | 5 +++++
 1 file changed, 5 insertions(+)

Comment 3 commit-hook freebsd_committer

2023-08-17 14:07:43 UTC

A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=044dfb356bb6481af4de4ed0f7ef04c3b638bf71

commit 044dfb356bb6481af4de4ed0f7ef04c3b638bf71
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-08-08 23:42:09 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-08-17 14:06:39 +0000

    msi: report error for attempt to use APIC ID > 255

    The MSI/MSI-X address includes 8 bits to encode the Destination ID.
    Previously IDs over 255 overlapped with the fixed portion of the
    address, resulting in an invalid value (and a nonfunctional interrupt).

    Instead, print an error message and return EINVAL.  The interrupt will
    still not work, but the user will have a clue as to why.

    PR:             273022
    Reviewed by:    jhb
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D41395

    (cherry picked from commit cbf845052f1c2862a64e66dbaf38e887a7592474)

 sys/x86/x86/msi.c | 5 +++++
 1 file changed, 5 insertions(+)