* [PATCH v2] cxl: Fix unbalanced pci_dev_get in cxl_probe
@ 2015-09-15 5:04 Daniel Axtens
2015-09-15 5:12 ` Ian Munsie
2015-09-17 5:13 ` [v2] " Michael Ellerman
0 siblings, 2 replies; 3+ messages in thread
From: Daniel Axtens @ 2015-09-15 5:04 UTC (permalink / raw)
To: linuxppc-dev; +Cc: mpe, benh, mikey, imunsie, andrew.donnellan, Daniel Axtens
Currently the first thing we do in cxl_probe is to grab a reference
on the pci device. Later on, we call device_register on our adapter.
In our remove path, we call device_unregister, but we never call
pci_dev_put. We therefore leak the device every time we do a
reflash.
device_register/unregister is sufficient to hold the reference.
Therefore, drop the call to pci_dev_get.
Here's why this is safe.
The proposed cxl_probe(pdev) calls cxl_adapter_init:
a) init calls cxl_adapter_alloc, which creates a struct cxl,
conventionally called adapter. This struct contains a
device entry, adapter->dev.
b) init calls cxl_configure_adapter, where we set
adapter->dev.parent = &dev->dev (here dev is the pci dev)
So at this point, the cxl adapter's device's parent is the PCI
device that I want to be refcounted properly.
c) init calls cxl_register_adapter
*) cxl_register_adapter calls device_register(&adapter->dev)
So now we're in device_register, where dev is the adapter device, and
we want to know if the PCI device is safe after we return.
device_register(&adapter->dev) calls device_initialize() and then
device_add().
device_add() does a get_device(). device_add() also explicitly grabs
the device's parent, and calls get_device() on it:
parent = get_device(dev->parent);
So therefore, device_register() takes a lock on the parent PCI dev,
which is what pci_dev_get() was guarding. pci_dev_get() can therefore
be safely removed.
Fixes: f204e0b8cedd ("cxl: Driver code for powernv PCIe based cards for userspace access")
Cc: stable@vger.kernel.org
Signed-off-by: Daniel Axtens <dja@axtens.net>
---
This is the cxl bug that caused me to catch this a few weeks back:
e642d11bdbfe ("powerpc/eeh: Probe after unbalanced kref check")
I put an printk in the unbalanced kref path and confirmed that it
was printed with the pci_dev_get in and went away with the
pci_dev_get out.
---
drivers/misc/cxl/pci.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/misc/cxl/pci.c b/drivers/misc/cxl/pci.c
index 02c85160bfe9..a5e977192b61 100644
--- a/drivers/misc/cxl/pci.c
+++ b/drivers/misc/cxl/pci.c
@@ -1249,8 +1249,6 @@ static int cxl_probe(struct pci_dev *dev, const struct pci_device_id *id)
int slice;
int rc;
- pci_dev_get(dev);
-
if (cxl_verbose)
dump_cxl_config_space(dev);
--
2.5.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v2] cxl: Fix unbalanced pci_dev_get in cxl_probe
2015-09-15 5:04 [PATCH v2] cxl: Fix unbalanced pci_dev_get in cxl_probe Daniel Axtens
@ 2015-09-15 5:12 ` Ian Munsie
2015-09-17 5:13 ` [v2] " Michael Ellerman
1 sibling, 0 replies; 3+ messages in thread
From: Ian Munsie @ 2015-09-15 5:12 UTC (permalink / raw)
To: Daniel Axtens; +Cc: linuxppc-dev, mikey, andrew.donnellan
Acked-by: Ian Munsie <imunsie@au1.ibm.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [v2] cxl: Fix unbalanced pci_dev_get in cxl_probe
2015-09-15 5:04 [PATCH v2] cxl: Fix unbalanced pci_dev_get in cxl_probe Daniel Axtens
2015-09-15 5:12 ` Ian Munsie
@ 2015-09-17 5:13 ` Michael Ellerman
1 sibling, 0 replies; 3+ messages in thread
From: Michael Ellerman @ 2015-09-17 5:13 UTC (permalink / raw)
To: Daniel Axtens, linuxppc-dev
Cc: mikey, imunsie, andrew.donnellan, Daniel Axtens
On Tue, 2015-15-09 at 05:04:07 UTC, Daniel Axtens wrote:
> Currently the first thing we do in cxl_probe is to grab a reference
> on the pci device. Later on, we call device_register on our adapter.
> In our remove path, we call device_unregister, but we never call
> pci_dev_put. We therefore leak the device every time we do a
> reflash.
>
> device_register/unregister is sufficient to hold the reference.
> Therefore, drop the call to pci_dev_get.
>
> Here's why this is safe.
> The proposed cxl_probe(pdev) calls cxl_adapter_init:
> a) init calls cxl_adapter_alloc, which creates a struct cxl,
> conventionally called adapter. This struct contains a
> device entry, adapter->dev.
>
> b) init calls cxl_configure_adapter, where we set
> adapter->dev.parent = &dev->dev (here dev is the pci dev)
>
> So at this point, the cxl adapter's device's parent is the PCI
> device that I want to be refcounted properly.
>
> c) init calls cxl_register_adapter
> *) cxl_register_adapter calls device_register(&adapter->dev)
>
> So now we're in device_register, where dev is the adapter device, and
> we want to know if the PCI device is safe after we return.
>
> device_register(&adapter->dev) calls device_initialize() and then
> device_add().
>
> device_add() does a get_device(). device_add() also explicitly grabs
> the device's parent, and calls get_device() on it:
>
> parent = get_device(dev->parent);
>
> So therefore, device_register() takes a lock on the parent PCI dev,
> which is what pci_dev_get() was guarding. pci_dev_get() can therefore
> be safely removed.
>
> Fixes: f204e0b8cedd ("cxl: Driver code for powernv PCIe based cards for userspace access")
> Cc: stable@vger.kernel.org
> Signed-off-by: Daniel Axtens <dja@axtens.net>
> Acked-by: Ian Munsie <imunsie@au1.ibm.com>
Applied to powerpc fixes, thanks.
https://git.kernel.org/powerpc/c/2925c2fdf1e0eb642482f5b3
cheers
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-09-17 5:13 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-09-15 5:04 [PATCH v2] cxl: Fix unbalanced pci_dev_get in cxl_probe Daniel Axtens
2015-09-15 5:12 ` Ian Munsie
2015-09-17 5:13 ` [v2] " Michael Ellerman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).