possible bug in pci/hotplug/pciehp_core.c in linux-2.6.19

possible bug in pci/hotplug/pciehp_core.c in linux-2.6.19

[Philip Guo]

Hi,

I am a graduate student working on finding bugs in Linux drivers using 
an automated research tool.  I think I've found a possible bug in 
pci/hotplug/pciehp_core.c, and I'd appreciate it if you could 
confirm/disconfirm it.

This code is in 2.6.19, but I just checked on 2.6.20.1, and this same 
problem seems to still be present.

Thanks,
Philip

---
One thread seems to deadlock itself by calling down() on a semaphore
initialized to locked.

pci/hotplug/pciehp_core.c:

Start at pcied_init() -

static int __init pcied_init(void)
{
     int retval = 0;

#ifdef CONFIG_HOTPLUG_PCI_PCIE_POLL_EVENT_MODE
     pciehp_poll_mode = 1;
#endif

     retval = pcie_start_thread(); <-- [this returns an error]
     if (retval)
         goto error_hpc_init;
[...]

error_hpc_init:
     if (retval) { <-- [true]
         pciehp_event_stop_thread(); <-- [calling this will deadlock - 
see code snippet at the end]
     };

     return retval;
}


static int pcie_start_thread(void)
{
     int retval = 0;
     retval = pciehp_event_start_thread(); <-- [call this]
     if (retval) { <-- [take failed branch]
         return retval;
     }
     return retval;
}


pci/hotplug/pciehp_ctrl.c:

static struct semaphore event_exit; /* guard ensure thread has exited 
before calling it quits */

int pciehp_event_start_thread(void)
{
     int pid;

     /* initialize our semaphores */
     init_MUTEX_LOCKED(&event_exit); <-- [event_exit init to LOCKED]
     event_finished=0;

     init_MUTEX_LOCKED(&event_semaphore);
     pid = kernel_thread(event_thread, NULL, 0); <-- [this fails]

     if (pid < 0) { <-- [take this branch because kernel_thread failed]
         err ("Can't start up our event thread\n");
         return -1; <-- [return error]
     }
     return 0;
}

void pciehp_event_stop_thread(void)
{
     event_finished = 1;
     up(&event_semaphore);
     down(&event_exit); <-- [this is called from the end of pcied_init() 
on a LOCKED semaphore, so deadlock]
}


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CIDÞVDEV
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel

Re: possible bug in pci/hotplug/pciehp_core.c in linux-2.6.19

[Greg KH]

On Sun, Feb 25, 2007 at 04:10:29PM -0800, Philip Guo wrote:
> Hi,
> 
> I am a graduate student working on finding bugs in Linux drivers using 
> an automated research tool.  I think I've found a possible bug in 
> pci/hotplug/pciehp_core.c, and I'd appreciate it if you could 
> confirm/disconfirm it.

You might have better luck on the pci hotplug mailing list, which can be
found in the MAINTAINERS file in the kernel source tree.  This list is
to discuss the linux hotplug scripts and udev and surrounding userspace
/ kernelspace issues.

thanks,

greg k-h

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CIDÞVDEV
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel