lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[PATCH] PCI: fix race with pci_walk_bus and pci_destroy_dev

Browse Source 
pci_walk_bus has a race with pci_destroy_dev. When cb is called
in pci_walk_bus, pci_destroy_dev might unlink the dev pointed by next.
Later on in the next loop, pointer next becomes NULL and cause
kernel panic.

Below patch against 2.6.17-rc4 fixes it by changing pci_bus_lock (spin_lock)
to pci_bus_sem (rw_semaphore).

Signed-off-by: Zhang Yanmin <yanmin.zhang@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
Zhang Yanmin
2006-06-02 12:35:43 +08:00
committed by Greg Kroah-Hartman
parent 733a7fe122
commit d71374dafb
5 changed files with 41 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
drivers/pci/bus.c
View File

@@ -81,9 +81,9 @@ void __devinit pci_bus_add_device(struct pci_dev *dev)
{
device_add(&dev->dev);
spin_lock(&pci_bus_lock);
down_write(&pci_bus_sem);
list_add_tail(&dev->global_list, &pci_devices);
spin_unlock(&pci_bus_lock);
up_write(&pci_bus_sem);
pci_proc_attach_device(dev);
pci_create_sysfs_dev_files(dev);
@@ -125,10 +125,10 @@ void __devinit pci_bus_add_devices(struct pci_bus *bus)
*/
if (dev->subordinate) {
if (list_empty(&dev->subordinate->node)) {
spin_lock(&pci_bus_lock);
down_write(&pci_bus_sem);
list_add_tail(&dev->subordinate->node,
&dev->bus->children);
spin_unlock(&pci_bus_lock);
up_write(&pci_bus_sem);
}
pci_bus_add_devices(dev->subordinate);
@@ -168,7 +168,7 @@ void pci_walk_bus(struct pci_bus *top, void (*cb)(struct pci_dev *, void *),
struct list_head *next;
bus = top;
spin_lock(&pci_bus_lock);
down_read(&pci_bus_sem);
next = top->devices.next;
for (;;) {
if (next == &bus->devices) {
@@ -180,22 +180,19 @@ void pci_walk_bus(struct pci_bus *top, void (*cb)(struct pci_dev *, void *),
continue;
}
dev = list_entry(next, struct pci_dev, bus_list);
pci_dev_get(dev);
if (dev->subordinate) {
/* this is a pci-pci bridge, do its devices next */
next = dev->subordinate->devices.next;
bus = dev->subordinate;
} else
next = dev->bus_list.next;
spin_unlock(&pci_bus_lock);
/* Run device routines with the bus unlocked */
/* Run device routines with the device locked */
down(&dev->dev.sem);
cb(dev, userdata);
spin_lock(&pci_bus_lock);
pci_dev_put(dev);
up(&dev->dev.sem);
}
spin_unlock(&pci_bus_lock);
up_read(&pci_bus_sem);
}
EXPORT_SYMBOL_GPL(pci_walk_bus);