android_kernel_xiaomi_sm8350/drivers/pci/hotplug
Alex Chiang 9d911d7903 PCI Hotplug: acpiphp: don't store a pci_dev in acpiphp_func
An oops can occur if a user attempts to use both PCI logical
hotplug and the ACPI physical hotplug driver (acpiphp) in this
sequence, where $slot/address == $device.

In other words, if acpiphp has claimed a PCI device, and that
device is logically removed, then acpiphp may oops when it
attempts to access it again.

	# echo 1 > /sys/bus/pci/devices/$device/remove
	# echo 0 > /sys/bus/pci/slots/$slot/power

Unable to handle kernel NULL pointer dereference (address 0000000000000000)
Call Trace:
 [<a000000100016390>] show_stack+0x50/0xa0
 [<a000000100016c60>] show_regs+0x820/0x860
 [<a00000010003b390>] die+0x190/0x2a0
 [<a000000100066a40>] ia64_do_page_fault+0x8e0/0xa40
 [<a00000010000c7a0>] ia64_native_leave_kernel+0x0/0x270
 [<a0000001003b2660>] pci_remove_bus_device+0x120/0x260
 [<a0000002060549f0>] acpiphp_disable_slot+0x410/0x540 [acpiphp]
 [<a0000002060505c0>] disable_slot+0xc0/0x120 [acpiphp]
 [<a0000002040d21c0>] power_write_file+0x1e0/0x2a0 [pci_hotplug]
 [<a0000001003bb820>] pci_slot_attr_store+0x60/0xa0
 [<a000000100240f70>] sysfs_write_file+0x230/0x2c0
 [<a000000100195750>] vfs_write+0x190/0x2e0
 [<a0000001001961a0>] sys_write+0x80/0x100
 [<a00000010000c600>] ia64_ret_from_syscall+0x0/0x20
 [<a000000000010720>] __kernel_syscall_via_break+0x0/0x20

The root cause of this oops is that the logical remove ("echo 1 >
/sys/bus/pci/devices/$device/remove") destroyed the pci_dev. The
pci_dev struct itself wasn't deallocated because acpiphp kept a
reference, but some of its fields became invalid.

acpiphp doesn't have any real reason to keep a pointer to a
pci_dev around. It can always derive it using pci_get_slot().

If a logical remove destroys the pci_dev, acpiphp won't find it
and is thus prevented from causing mischief.

Reviewed-by: Matthew Wilcox <willy@linux.intel.com>
Reviewed-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Tested-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Reported-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Acked-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Alex Chiang <achiang@hp.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
2009-05-27 02:04:24 -07:00
..
acpi_pcihp.c PCI hotplug: fix wrong assumption in acpi_get_hp_hw_control_from_firmware 2009-03-20 10:48:02 -07:00
acpiphp_core.c PCI hotplug: acpiphp wants a 64-bit _SUN 2008-12-16 13:26:46 -08:00
acpiphp_glue.c PCI Hotplug: acpiphp: don't store a pci_dev in acpiphp_func 2009-05-27 02:04:24 -07:00
acpiphp_ibm.c PCI: struct device - replace bus_id with dev_name(), dev_set_name() 2009-01-07 11:12:23 -08:00
acpiphp.h PCI Hotplug: acpiphp: don't store a pci_dev in acpiphp_func 2009-05-27 02:04:24 -07:00
cpci_hotplug_core.c PCI: cpci_hotplug: stop managing hotplug_slot->name 2008-10-22 16:42:39 -07:00
cpci_hotplug_pci.c PCI: cpci_hotplug: stop managing hotplug_slot->name 2008-10-22 16:42:39 -07:00
cpci_hotplug.h PCI: cpci_hotplug: stop managing hotplug_slot->name 2008-10-22 16:42:39 -07:00
cpcihp_generic.c
cpcihp_zt5550.c
cpcihp_zt5550.h
cpqphp_core.c x86, pci: move arch/x86/pci/pci.h to arch/x86/include/asm/pci_x86.h 2008-12-29 18:17:36 +01:00
cpqphp_ctrl.c PCI hotplug: remove redundant test in cpq hotplug 2009-01-07 11:13:22 -08:00
cpqphp_nvram.c
cpqphp_nvram.h
cpqphp_pci.c PCI hotplug: cpqphp: use config space PCI interrupt pin encoding 2009-01-07 11:12:47 -08:00
cpqphp_sysfs.c PCI: struct device - replace bus_id with dev_name(), dev_set_name() 2009-03-19 19:29:24 -07:00
cpqphp.h PCI: cpqphp: stop managing hotplug_slot->name 2008-10-22 16:42:40 -07:00
fakephp.c PCI: update fakephp for bus_id removal 2009-03-26 16:00:34 -07:00
ibmphp_core.c x86, pci: move arch/x86/pci/pci.h to arch/x86/include/asm/pci_x86.h 2008-12-29 18:17:36 +01:00
ibmphp_ebda.c PCI: ibmphp: stop managing hotplug_slot->name 2008-10-22 16:42:41 -07:00
ibmphp_hpc.c
ibmphp_pci.c
ibmphp_res.c
ibmphp.h PCI: ibmphp: stop managing hotplug_slot->name 2008-10-22 16:42:41 -07:00
Kconfig powerpc/pseries: The RPA PCI hotplug driver depends on EEH 2009-03-12 15:10:02 -04:00
Makefile PCI Hotplug: rename legacy_fakephp to fakephp 2009-03-20 14:59:37 -07:00
pci_hotplug_core.c PCI: Hotplug core: remove 'name' 2008-10-22 16:42:43 -07:00
pciehp_acpi.c PCI: introduce missing kfree 2009-03-19 19:29:28 -07:00
pciehp_core.c PCI: PCIe portdrv: Implement pm object 2009-03-20 10:47:49 -07:00
pciehp_ctrl.c PCI hotplug: pciehp: remove unnecessary wait after turning power off 2009-01-07 11:12:21 -08:00
pciehp_hpc.c PCI: pciehp: enable software notification on empty slots 2009-03-19 19:29:29 -07:00
pciehp_pci.c PCI hotplug: pciehp: message refinement 2008-10-23 14:47:39 -07:00
pciehp.h PCI: pciehp: make cmd_busy flag one bit 2009-03-19 19:29:30 -07:00
pcihp_skeleton.c
rpadlpar_core.c powerpc/pci: Fix various pseries PCI hotplug issues 2008-11-06 09:31:52 +11:00
rpadlpar_sysfs.c
rpadlpar.h
rpaphp_core.c PCI hotplug: rpaphp: make debug var unique 2008-10-20 10:54:27 -07:00
rpaphp_pci.c PCI hotplug: rpaphp: make debug var unique 2008-10-20 10:54:27 -07:00
rpaphp_slot.c PCI: rpaphp: kmalloc/kfree slot->name directly 2008-10-22 16:42:42 -07:00
rpaphp.h PCI hotplug: rpaphp: make debug var unique 2008-10-20 10:54:27 -07:00
sgi_hotplug.c Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2008-10-23 10:20:36 -07:00
shpchp_core.c PCI hotplug: shpchp: message refinement 2008-10-23 16:14:00 -07:00
shpchp_ctrl.c PCI hotplug: shpchp: message refinement 2008-10-23 16:14:00 -07:00
shpchp_hpc.c PCI hotplug: shpchp: message refinement 2008-10-23 16:14:00 -07:00
shpchp_pci.c PCI hotplug: shpchp: fix bus number check to avoid false positive 2009-03-19 19:29:33 -07:00
shpchp_sysfs.c
shpchp.h PCI: add missing KERN_* constants to printks 2009-03-19 19:29:27 -07:00