From: <gregkh@linuxfoundation.org>
To: hch@lst.de, bhelgaas@google.com, dan.carpenter@oracle.com,
gregkh@linuxfoundation.org, rakesh@tuxera.com
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
Subject: Patch "PCI: Protect pci_error_handlers->reset_notify() usage with device_lock()" has been added to the 4.12-stable tree
Date: Sun, 13 Aug 2017 15:26:11 -0700 [thread overview]
Message-ID: <1502663171217149@kroah.com> (raw)
This is a note to let you know that I've just added the patch titled
PCI: Protect pci_error_handlers->reset_notify() usage with device_lock()
to the 4.12-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
pci-protect-pci_error_handlers-reset_notify-usage-with-device_lock.patch
and it can be found in the queue-4.12 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From b014e96d1abbd67404bbe2018937b46466299e9e Mon Sep 17 00:00:00 2001
From: Christoph Hellwig <hch@lst.de>
Date: Thu, 1 Jun 2017 13:10:37 +0200
Subject: PCI: Protect pci_error_handlers->reset_notify() usage with device_lock()
From: Christoph Hellwig <hch@lst.de>
commit b014e96d1abbd67404bbe2018937b46466299e9e upstream.
Every method in struct device_driver or structures derived from it like
struct pci_driver MUST provide exclusion vs the driver's ->remove() method,
usually by using device_lock().
Protect use of pci_error_handlers->reset_notify() by holding the device
lock while calling it.
Note:
- pci_dev_lock() calls device_lock() in addition to blocking user-space
config accesses.
- pci_err_handlers->reset_notify() is used inside
pci_dev_save_and_disable() and pci_dev_restore(). We could hold the
device lock directly in pci_reset_notify(), but we expand the region
since we have several calls following each other.
Without this, ->reset_notify() may race with ->remove() calls, which can be
easily triggered in NVMe.
[bhelgaas: changelog, add pci_reset_notify() comment]
[bhelgaas: fold in fix from Dan Carpenter <dan.carpenter@oracle.com>:
http://lkml.kernel.org/r/20170701135323.x5vaj4e2wcs2mcro@mwanda]
Link: http://lkml.kernel.org/r/20170601111039.8913-2-hch@lst.de
Reported-by: Rakesh Pandit <rakesh@tuxera.com>
Tested-by: Rakesh Pandit <rakesh@tuxera.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/pci/pci.c | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -4141,6 +4141,12 @@ static void pci_reset_notify(struct pci_
{
const struct pci_error_handlers *err_handler =
dev->driver ? dev->driver->err_handler : NULL;
+
+ /*
+ * dev->driver->err_handler->reset_notify() is protected against
+ * races with ->remove() by the device lock, which must be held by
+ * the caller.
+ */
if (err_handler && err_handler->reset_notify)
err_handler->reset_notify(dev, prepare);
}
@@ -4276,11 +4282,13 @@ int pci_reset_function(struct pci_dev *d
if (rc)
return rc;
+ pci_dev_lock(dev);
pci_dev_save_and_disable(dev);
- rc = pci_dev_reset(dev, 0);
+ rc = __pci_dev_reset(dev, 0);
pci_dev_restore(dev);
+ pci_dev_unlock(dev);
return rc;
}
@@ -4300,16 +4308,14 @@ int pci_try_reset_function(struct pci_de
if (rc)
return rc;
- pci_dev_save_and_disable(dev);
+ if (!pci_dev_trylock(dev))
+ return -EAGAIN;
- if (pci_dev_trylock(dev)) {
- rc = __pci_dev_reset(dev, 0);
- pci_dev_unlock(dev);
- } else
- rc = -EAGAIN;
+ pci_dev_save_and_disable(dev);
+ rc = __pci_dev_reset(dev, 0);
+ pci_dev_unlock(dev);
pci_dev_restore(dev);
-
return rc;
}
EXPORT_SYMBOL_GPL(pci_try_reset_function);
@@ -4459,7 +4465,9 @@ static void pci_bus_save_and_disable(str
struct pci_dev *dev;
list_for_each_entry(dev, &bus->devices, bus_list) {
+ pci_dev_lock(dev);
pci_dev_save_and_disable(dev);
+ pci_dev_unlock(dev);
if (dev->subordinate)
pci_bus_save_and_disable(dev->subordinate);
}
@@ -4474,7 +4482,9 @@ static void pci_bus_restore(struct pci_b
struct pci_dev *dev;
list_for_each_entry(dev, &bus->devices, bus_list) {
+ pci_dev_lock(dev);
pci_dev_restore(dev);
+ pci_dev_unlock(dev);
if (dev->subordinate)
pci_bus_restore(dev->subordinate);
}
Patches currently in stable-queue which might be from hch@lst.de are
queue-4.12/pci-remove-__pci_dev_reset-and-pci_dev_reset.patch
queue-4.12/usb-storage-fix-deadlock-involving-host-lock-and-scsi_done.patch
queue-4.12/pci-protect-pci_error_handlers-reset_notify-usage-with-device_lock.patch
reply other threads:[~2017-08-14 0:34 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1502663171217149@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=bhelgaas@google.com \
--cc=dan.carpenter@oracle.com \
--cc=hch@lst.de \
--cc=rakesh@tuxera.com \
--cc=stable-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).