lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
9d911d7903
linux-kernel-test/drivers
History
Alex Chiang 9d911d7903 PCI Hotplug: acpiphp: don't store a pci_dev in acpiphp_func 
An oops can occur if a user attempts to use both PCI logical
hotplug and the ACPI physical hotplug driver (acpiphp) in this
sequence, where $slot/address == $device.

In other words, if acpiphp has claimed a PCI device, and that
device is logically removed, then acpiphp may oops when it
attempts to access it again.

	# echo 1 > /sys/bus/pci/devices/$device/remove
	# echo 0 > /sys/bus/pci/slots/$slot/power

Unable to handle kernel NULL pointer dereference (address 0000000000000000)
Call Trace:
 [<a000000100016390>] show_stack+0x50/0xa0
 [<a000000100016c60>] show_regs+0x820/0x860
 [<a00000010003b390>] die+0x190/0x2a0
 [<a000000100066a40>] ia64_do_page_fault+0x8e0/0xa40
 [<a00000010000c7a0>] ia64_native_leave_kernel+0x0/0x270
 [<a0000001003b2660>] pci_remove_bus_device+0x120/0x260
 [<a0000002060549f0>] acpiphp_disable_slot+0x410/0x540 [acpiphp]
 [<a0000002060505c0>] disable_slot+0xc0/0x120 [acpiphp]
 [<a0000002040d21c0>] power_write_file+0x1e0/0x2a0 [pci_hotplug]
 [<a0000001003bb820>] pci_slot_attr_store+0x60/0xa0
 [<a000000100240f70>] sysfs_write_file+0x230/0x2c0
 [<a000000100195750>] vfs_write+0x190/0x2e0
 [<a0000001001961a0>] sys_write+0x80/0x100
 [<a00000010000c600>] ia64_ret_from_syscall+0x0/0x20
 [<a000000000010720>] __kernel_syscall_via_break+0x0/0x20

The root cause of this oops is that the logical remove ("echo 1 >
/sys/bus/pci/devices/$device/remove") destroyed the pci_dev. The
pci_dev struct itself wasn't deallocated because acpiphp kept a
reference, but some of its fields became invalid.

acpiphp doesn't have any real reason to keep a pointer to a
pci_dev around. It can always derive it using pci_get_slot().

If a logical remove destroys the pci_dev, acpiphp won't find it
and is thus prevented from causing mischief.

Reviewed-by: Matthew Wilcox <willy@linux.intel.com>
Reviewed-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Tested-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Reported-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Acked-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Alex Chiang <achiang@hp.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
2009-05-27 02:04:24 -07:00
..
accessibility
acpi Merge branches 'release', 'bugzilla-13032', 'bugzilla-13041+', 'bugzilla-13121', 'bugzilla-13165', 'bugzilla-13243', 'bugzilla-13259', 'resume-sci-en-regression', 'thermal-regression', 'tsc-regression' and 'asus-2.6.30' into release 2009-05-16 01:55:59 -04:00
amba
ata libata: Media rotation rate and form factor heuristics 2009-05-15 14:14:56 -04:00
atm
auxdisplay
base Revert driver core: move platform_data into platform_device 2009-05-08 19:22:21 -07:00
block hd: fix locking 2009-04-28 20:24:20 +02:00
bluetooth
cdrom
char Avoid ICE in get_random_int() with gcc-3.4.5 2009-05-19 11:25:35 -07:00
clocksource clocksource: pass clocksource to read() callback 2009-04-21 13:41:47 -07:00
connector
cpufreq
cpuidle
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2009-05-17 15:48:05 -07:00
dca
dio
dma dma: fix ipu_idmac.c to not discard the last queued buffer 2009-05-12 14:41:48 -07:00
edac edac: ppc mpc85xx fix mc err detect 2009-04-21 13:41:51 -07:00
eisa
firewire
firmware ibft: fix the display of a few fields in the NIC attribute structure in sysfs 2009-05-02 15:36:10 -07:00
gpio
gpu Merge branches 'release', 'bugzilla-13032', 'bugzilla-13041+', 'bugzilla-13121', 'bugzilla-13165', 'bugzilla-13243', 'bugzilla-13259', 'resume-sci-en-regression', 'thermal-regression', 'tsc-regression' and 'asus-2.6.30' into release 2009-05-16 01:55:59 -04:00
hid HID: add NOGET quirk for devices from CH Products 2009-05-11 17:09:21 +02:00
hwmon hwmon: (w83781d) Fix W83782D support (NULL pointer dereference) 2009-05-08 20:27:28 +02:00
i2c Merge branch 'i2c-for-2630-rc5' of git://aeryn.fluff.org.uk/bjdooks/linux 2009-05-12 11:21:51 -07:00
ide piix: The Sony TZ90 needs the cable type hardcoding 2009-05-16 19:03:36 +02:00
idle
ieee1394
infiniband Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 2009-05-13 16:31:12 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2009-05-12 11:21:24 -07:00
isdn Fix the race between capifs remount and node creation 2009-05-09 10:51:34 -04:00
leds
lguest lguest: fix guest crash on non-linear addresses in gdt pvops 2009-04-19 23:14:01 +09:30
macintosh Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6 2009-04-24 08:16:05 -07:00
mca
md md: remove rd%d links immediately after stopping an array. 2009-05-07 12:51:06 +10:00
media V4L/DVB (11680): cafe_ccic: use = instead of == for setting a value at a var 2009-05-09 18:54:32 -03:00
memstick
message scsi: mpt: suppress debugobjects warning 2009-04-21 13:41:50 -07:00
mfd
misc isl29003: fix resume functionality 2009-05-06 16:36:10 -07:00
mmc Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/drzeus/mmc 2009-05-05 08:23:16 -07:00
mtd mtd_dataflash: unbreak erase support 2009-05-18 08:36:21 -07:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2009-05-15 12:02:06 -07:00
nubus
of
oprofile
parisc
parport
pci PCI Hotplug: acpiphp: don't store a pci_dev in acpiphp_func 2009-05-27 02:04:24 -07:00
pcmcia [ARM] 5458/1: pcmcia: pxa2xx-sharpsl: check if we do have Scoop config 2009-04-23 23:25:40 +01:00
platform eeepc-laptop: unregister_rfkill_notifier on failure 2009-05-14 11:28:27 -04:00
pnp ACPI: suspend: don't let device _PS3 failure prevent suspend 2009-05-08 00:22:29 -04:00
power
ps3
rapidio
regulator regulator: da903x: add missing __devexit_p() 2009-05-18 11:21:10 +01:00
rtc rtc: rtc-twl4030 don't mask alarm interrupts on suspend 2009-05-12 14:11:35 -07:00
s390 [SCSI] zfcp: Fix oops when port disappears 2009-04-27 10:07:37 -05:00
sbus
scsi Reduce path_lookup() abuses 2009-05-09 10:49:42 -04:00
serial Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2009-05-15 08:05:02 -07:00
sh
sn
spi pxa2xx_spi: prevent panic case setup() fails 2009-05-12 14:11:34 -07:00
ssb
staging Staging: comedi: David doesn't want to get comedi patches 2009-05-08 19:39:28 -07:00
tc
telephony
thermal thermal: fix off-by-1 error in trip point trigger condition 2009-05-14 13:40:53 -04:00
uio
usb Fix oops on close of hot-unplugged FTDI serial converter 2009-05-18 08:37:15 -07:00
uwb
video MIPS: gbe: Make needlessly global symbols static in drivers/video/gbefb.c 2009-05-14 13:50:25 +01:00
virtio virtio: fix suspend when using virtio_balloon 2009-04-19 23:14:01 +09:30
w1
watchdog [ARM] 5460/1: Orion: reduce namespace pollution 2009-04-23 23:25:41 +01:00
xen [IA64] xen_domu_defconfig: fix build issues/warnings 2009-05-05 11:43:13 -07:00
zorro
Kconfig
Makefile V4L/DVB (11561a): move media after i2c 2009-04-29 15:41:13 -03:00