From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Krishna Kumar <krishnak@linux.ibm.com>,
Timothy Pearson <tpearson@raptorengineering.com>,
Bjorn Helgaas <bhelgaas@google.com>,
Shawn Anastasio <sanastasio@raptorengineering.com>,
Michael Ellerman <mpe@ellerman.id.au>,
Sasha Levin <sashal@kernel.org>,
linuxppc-dev@lists.ozlabs.org, linux-pci@vger.kernel.org
Subject: [PATCH AUTOSEL 5.4 18/22] pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
Date: Wed, 31 Jul 2024 20:38:47 -0400 [thread overview]
Message-ID: <20240801003918.3939431-18-sashal@kernel.org> (raw)
In-Reply-To: <20240801003918.3939431-1-sashal@kernel.org>
From: Krishna Kumar <krishnak@linux.ibm.com>
[ Upstream commit 335e35b748527f0c06ded9eebb65387f60647fda ]
The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel
crash when we try to hot-unplug/disable the PCIe switch/bridge from
the PHB.
The crash occurs because although the MSI data structure has been
released during disable/hot-unplug path and it has been assigned
with NULL, still during unregistration the code was again trying to
explicitly disable the MSI which causes the NULL pointer dereference and
kernel crash.
The patch fixes the check during unregistration path to prevent invoking
pci_disable_msi/msix() since its data structure is already freed.
Reported-by: Timothy Pearson <tpearson@raptorengineering.com>
Closes: https://lore.kernel.org/all/1981605666.2142272.1703742465927.JavaMail.zimbra@raptorengineeringinc.com/
Acked-by: Bjorn Helgaas <bhelgaas@google.com>
Tested-by: Shawn Anastasio <sanastasio@raptorengineering.com>
Signed-off-by: Krishna Kumar <krishnak@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20240701074513.94873-2-krishnak@linux.ibm.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/hotplug/pnv_php.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/pci/hotplug/pnv_php.c b/drivers/pci/hotplug/pnv_php.c
index d7b2b47bc33eb..3824942618305 100644
--- a/drivers/pci/hotplug/pnv_php.c
+++ b/drivers/pci/hotplug/pnv_php.c
@@ -35,7 +35,6 @@ static void pnv_php_disable_irq(struct pnv_php_slot *php_slot,
bool disable_device)
{
struct pci_dev *pdev = php_slot->pdev;
- int irq = php_slot->irq;
u16 ctrl;
if (php_slot->irq > 0) {
@@ -54,7 +53,7 @@ static void pnv_php_disable_irq(struct pnv_php_slot *php_slot,
php_slot->wq = NULL;
}
- if (disable_device || irq > 0) {
+ if (disable_device) {
if (pdev->msix_enabled)
pci_disable_msix(pdev);
else if (pdev->msi_enabled)
--
2.43.0
next prev parent reply other threads:[~2024-08-01 0:40 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-01 0:38 [PATCH AUTOSEL 5.4 01/22] drm/amdgpu: fix overflowed array index read warning Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 02/22] drm/amd/display: Check gpio_id before used as array index Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 03/22] drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 04/22] drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 05/22] drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 06/22] drm/amdgpu: fix ucode out-of-bounds read warning Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 07/22] drm/amdgpu: fix mc_data " Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 08/22] drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 09/22] smack: tcp: ipv4, fix incorrect labeling Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 10/22] wifi: cfg80211: make hash table duplicates more survivable Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 11/22] drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 12/22] ELF: fix kernel.randomize_va_space double read Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 13/22] udf: Avoid excessive partition lengths Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 14/22] usb: uas: set host status byte on data completion error Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 15/22] cgroup: Protect css->cgroup write under css_set_lock Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 16/22] um: line: always fill *error_out in setup_one_line() Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 17/22] devres: Initialize an uninitialized struct member Sasha Levin
2024-08-01 0:38 ` Sasha Levin [this message]
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 19/22] hwmon: (lm95234) Fix underflows seen when writing limit attributes Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 20/22] hwmon: (w83627ehf) " Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 21/22] libbpf: Add NULL checks to bpf_object__{prev_map,next_map} Sasha Levin
2024-08-01 0:38 ` [PATCH AUTOSEL 5.4 22/22] wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240801003918.3939431-18-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=bhelgaas@google.com \
--cc=krishnak@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=sanastasio@raptorengineering.com \
--cc=stable@vger.kernel.org \
--cc=tpearson@raptorengineering.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox