nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

PCI: Protect pci_error_handlers->reset_notify() usage with device_lock()

Browse source 
Every method in struct device_driver or structures derived from it like
struct pci_driver MUST provide exclusion vs the driver's ->remove() method,
usually by using device_lock().

Protect use of pci_error_handlers->reset_notify() by holding the device
lock while calling it.

Note:

  - pci_dev_lock() calls device_lock() in addition to blocking user-space
    config accesses.

  - pci_err_handlers->reset_notify() is used inside
    pci_dev_save_and_disable() and pci_dev_restore().  We could hold the
    device lock directly in pci_reset_notify(), but we expand the region
    since we have several calls following each other.

Without this, ->reset_notify() may race with ->remove() calls, which can be
easily triggered in NVMe.

[bhelgaas: changelog, add pci_reset_notify() comment]
[bhelgaas: fold in fix from Dan Carpenter <dan.carpenter@oracle.com>:
http://lkml.kernel.org/r/20170701135323.x5vaj4e2wcs2mcro@mwanda]
Link: http://lkml.kernel.org/r/20170601111039.8913-2-hch@lst.de
Reported-by: Rakesh Pandit <rakesh@tuxera.com>
Tested-by: Rakesh Pandit <rakesh@tuxera.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
This commit is contained in:
Christoph Hellwig 2017-06-01 13:10:37 +02:00 committed by Bjorn Helgaas
parent 17530e71e0
commit b014e96d1a
1 changed files with 18 additions and 8 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

26
drivers/pci/pci.c
View file

@ -4143,6 +4143,12 @@ static void pci_reset_notify(struct pci_dev *dev, bool prepare)
{ {
const struct pci_error_handlers *err_handler = const struct pci_error_handlers *err_handler =
dev->driver ? dev->driver->err_handler : NULL; dev->driver ? dev->driver->err_handler : NULL;
/*
* dev->driver->err_handler->reset_notify() is protected against
* races with ->remove() by the device lock, which must be held by
* the caller.
*/
if (err_handler && err_handler->reset_notify) if (err_handler && err_handler->reset_notify)
err_handler->reset_notify(dev, prepare); err_handler->reset_notify(dev, prepare);
} }
@ -4278,11 +4284,13 @@ int pci_reset_function(struct pci_dev *dev)
if (rc) if (rc)
return rc; return rc;
pci_dev_lock(dev);
pci_dev_save_and_disable(dev); pci_dev_save_and_disable(dev);
rc = pci_dev_reset(dev, 0); rc = __pci_dev_reset(dev, 0);
pci_dev_restore(dev); pci_dev_restore(dev);
pci_dev_unlock(dev);
return rc; return rc;
} }
@ -4302,16 +4310,14 @@ int pci_try_reset_function(struct pci_dev *dev)
if (rc) if (rc)
return rc; return rc;
pci_dev_save_and_disable(dev); if (!pci_dev_trylock(dev))
return -EAGAIN;
if (pci_dev_trylock(dev)) { pci_dev_save_and_disable(dev);
rc = __pci_dev_reset(dev, 0); rc = __pci_dev_reset(dev, 0);
pci_dev_unlock(dev); pci_dev_unlock(dev);
} else
rc = -EAGAIN;
pci_dev_restore(dev); pci_dev_restore(dev);
return rc; return rc;
} }
EXPORT_SYMBOL_GPL(pci_try_reset_function); EXPORT_SYMBOL_GPL(pci_try_reset_function);
@ -4461,7 +4467,9 @@ static void pci_bus_save_and_disable(struct pci_bus *bus)
struct pci_dev *dev; struct pci_dev *dev;
list_for_each_entry(dev, &bus->devices, bus_list) { list_for_each_entry(dev, &bus->devices, bus_list) {
pci_dev_lock(dev);
pci_dev_save_and_disable(dev); pci_dev_save_and_disable(dev);
pci_dev_unlock(dev);
if (dev->subordinate) if (dev->subordinate)
pci_bus_save_and_disable(dev->subordinate); pci_bus_save_and_disable(dev->subordinate);
} }
@ -4476,7 +4484,9 @@ static void pci_bus_restore(struct pci_bus *bus)
struct pci_dev *dev; struct pci_dev *dev;
list_for_each_entry(dev, &bus->devices, bus_list) { list_for_each_entry(dev, &bus->devices, bus_list) {
pci_dev_lock(dev);
pci_dev_restore(dev); pci_dev_restore(dev);
pci_dev_unlock(dev);
if (dev->subordinate) if (dev->subordinate)
pci_bus_restore(dev->subordinate); pci_bus_restore(dev->subordinate);
} }