From: Yicong Yang <yangyccccc@gmail.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: "Kagan, Roman" <rkagan@amazon.de>,
"Mehanna, Fares" <faresx@amazon.de>,
yangyccccc@gmail.com, helgaas@kernel.org,
linux-pci@vger.kernel.org, linuxarm@huawei.dom,
prime.zeng@huawei.com
Subject: Re: [RESEND PATCH] PCI: Fix race condition between block_cfg_access and msi_enabled/msix_enabled
Date: Sat, 28 Mar 2026 21:29:14 +0800 [thread overview]
Message-ID: <a27239fd-af18-40c9-acc1-55aa6e6e10bc@gmail.com> (raw)
In-Reply-To: <b7731cbbfe4144fcb411bf52d1f1002365ae0b87.camel@infradead.org>
On 2026/3/16 17:56, David Woodhouse wrote:
>> Previously we use bit field for block_cfg_access and
>> msi_enabled/msix_enabled, which is non-atomic and they may race
>> each other as they share the same memory region. A race condition
>> is met between driver bind vs FLR through sysfs:
>>
>> for driver bind side in thread 1:
>> ...
>> device_lock()
>> ...
>> ->probe()
>> pci_alloc_irq_vectors_affinity()
>> __pci_enable_msi_range()
>> msi_capability_init()
>> dev->msi_enabled=1 <---set here
>> request_irq(pci_irq_vector(),...)
>>
>> when echo 1 > reset in thread 2:
>> pci_reset_function()
>> pci_dev_lock()
>> pci_cfg_access_lock()
>> dev->block_cfg_access=1 <---may overwrite msi_enabled bit
>> device_lock()
>>
>> The msi_enabled bit may be overwritten to 0 and will trigger the WARN
>> assert in pci_irq_vector(). A similar issue has been addressed in
>> commit 44bda4b7d26e ("PCI: Fix is_added/is_busmaster race
>> condition").
>>
>> Move the block_cfg_access to the pci_dev->priv_flags and use atomic
>> bit operations to avoid the race condition.
>>
>> Signed-off-by: Yicong Yang <yangyicong@hisilicon.com>
> Looks like you dropped this... since commit c9a81f9ed6a ("PCI: Avoid
> pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()") we now take
> the device lock *before* pci_cfg_access_lock(), so the second thread of
> your race description above can no longer happen, right?
yes you're right. now dev->block_cfg_access is protected by device_lock() and will not race with
thread 1, as dev->block_cfg_access is also protected by device_lock().
prev parent reply other threads:[~2026-03-28 13:29 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-11 10:21 [RESEND PATCH] PCI: Fix race condition between block_cfg_access and msi_enabled/msix_enabled Yicong Yang
2026-03-16 9:56 ` David Woodhouse
2026-03-28 13:29 ` Yicong Yang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a27239fd-af18-40c9-acc1-55aa6e6e10bc@gmail.com \
--to=yangyccccc@gmail.com \
--cc=dwmw2@infradead.org \
--cc=faresx@amazon.de \
--cc=helgaas@kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linuxarm@huawei.dom \
--cc=prime.zeng@huawei.com \
--cc=rkagan@amazon.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox