[PATCH v2] PCI: Fix incorrect unlocking in pci_slot

public inbox for stable@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH v2] PCI: Fix incorrect unlocking in pci_slot_trylock()
@ 2025-12-12 13:37 Jinhui Guo
  2025-12-12 14:31 ` Ilpo Järvinen
  2025-12-12 14:55 ` [RESEND PATCH " Jinhui Guo
  0 siblings, 2 replies; 5+ messages in thread
From: Jinhui Guo @ 2025-12-12 13:37 UTC (permalink / raw)
  To: bhelgaas, kbusch, dave.jiang, dan.j.williams, ilpo.jarvinen
  Cc: guojinhui.liam, linux-pci, linux-kernel, stable

Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()")
delegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in
pci_slot_trylock(), but it forgets to remove the corresponding
pci_dev_unlock() when pci_bus_trylock() fails.

Before the commit, the code did:

  if (!pci_dev_trylock(dev)) /* <- lock bridge device */
    goto unlock;
  if (dev->subordinate) {
    if (!pci_bus_trylock(dev->subordinate)) {
      pci_dev_unlock(dev);   /* <- unlock bridge device */
      goto unlock;
    }
  }

After the commit the bridge-device lock is no longer taken, but the
pci_dev_unlock(dev) on the failure path was left in place, leading to
the bug.

This yields one of two errors:
1. A warning that the lock is being unlocked when no one holds it.
2. An incorrect unlock of a lock that belongs to another thread.

Fix it by removing the now-redundant pci_dev_unlock(dev) on the failure
path.

Fixes: a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()")
Cc: stable@vger.kernel.org
Signed-off-by: Jinhui Guo <guojinhui.liam@bytedance.com>
Acked-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
---

Hi, all

v1: https://lore.kernel.org/all/20251211123635.2215-1-guojinhui.liam@bytedance.com/

Changelog in v1 -> v2
 - The v1 commit message was too brief, so I’ve sent v2 with more detail.
 - Remove the braces from the if (!pci_bus_trylock(dev->subordinate)) statement.

Sorry for the noise.

Best Regards,
Jinhui

 drivers/pci/pci.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index 13dbb405dc31..59319e08fca6 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -5346,10 +5346,8 @@ static int pci_slot_trylock(struct pci_slot *slot)
 		if (!dev->slot || dev->slot != slot)
 			continue;
 		if (dev->subordinate) {
-			if (!pci_bus_trylock(dev->subordinate)) {
-				pci_dev_unlock(dev);
+			if (!pci_bus_trylock(dev->subordinate))
 				goto unlock;
-			}
 		} else if (!pci_dev_trylock(dev))
 			goto unlock;
 	}
-- 
2.20.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] PCI: Fix incorrect unlocking in pci_slot_trylock()
  2025-12-12 13:37 [PATCH v2] PCI: Fix incorrect unlocking in pci_slot_trylock() Jinhui Guo
@ 2025-12-12 14:31 ` Ilpo Järvinen
  2025-12-12 14:55 ` [RESEND PATCH " Jinhui Guo
  1 sibling, 0 replies; 5+ messages in thread
From: Ilpo Järvinen @ 2025-12-12 14:31 UTC (permalink / raw)
  To: Jinhui Guo
  Cc: bhelgaas, kbusch, dave.jiang, dan.j.williams, linux-pci, LKML,
	stable

[-- Attachment #1: Type: text/plain, Size: 2411 bytes --]

On Fri, 12 Dec 2025, Jinhui Guo wrote:

> Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()")
> delegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in
> pci_slot_trylock(), but it forgets to remove the corresponding
> pci_dev_unlock() when pci_bus_trylock() fails.
> 
> Before the commit, the code did:
> 
>   if (!pci_dev_trylock(dev)) /* <- lock bridge device */
>     goto unlock;
>   if (dev->subordinate) {
>     if (!pci_bus_trylock(dev->subordinate)) {
>       pci_dev_unlock(dev);   /* <- unlock bridge device */
>       goto unlock;
>     }
>   }
> 
> After the commit the bridge-device lock is no longer taken, but the
> pci_dev_unlock(dev) on the failure path was left in place, leading to
> the bug.
> 
> This yields one of two errors:
> 1. A warning that the lock is being unlocked when no one holds it.
> 2. An incorrect unlock of a lock that belongs to another thread.
> 
> Fix it by removing the now-redundant pci_dev_unlock(dev) on the failure
> path.
> 
> Fixes: a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()")
> Cc: stable@vger.kernel.org
> Signed-off-by: Jinhui Guo <guojinhui.liam@bytedance.com>
> Acked-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>

Please don't make tags like this unless the other people explicitly give 
them to the patch.

Other than that, this looks okay to me.

-- 
 i.

> ---
> 
> Hi, all
> 
> v1: https://lore.kernel.org/all/20251211123635.2215-1-guojinhui.liam@bytedance.com/
> 
> Changelog in v1 -> v2
>  - The v1 commit message was too brief, so I’ve sent v2 with more detail.
>  - Remove the braces from the if (!pci_bus_trylock(dev->subordinate)) statement.
> 
> Sorry for the noise.
> 
> Best Regards,
> Jinhui
> 
>  drivers/pci/pci.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
> index 13dbb405dc31..59319e08fca6 100644
> --- a/drivers/pci/pci.c
> +++ b/drivers/pci/pci.c
> @@ -5346,10 +5346,8 @@ static int pci_slot_trylock(struct pci_slot *slot)
>  		if (!dev->slot || dev->slot != slot)
>  			continue;
>  		if (dev->subordinate) {
> -			if (!pci_bus_trylock(dev->subordinate)) {
> -				pci_dev_unlock(dev);
> +			if (!pci_bus_trylock(dev->subordinate))
>  				goto unlock;
> -			}
>  		} else if (!pci_dev_trylock(dev))
>  			goto unlock;
>  	}
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread

* [RESEND PATCH v2] PCI: Fix incorrect unlocking in pci_slot_trylock()
  2025-12-12 13:37 [PATCH v2] PCI: Fix incorrect unlocking in pci_slot_trylock() Jinhui Guo
  2025-12-12 14:31 ` Ilpo Järvinen
@ 2025-12-12 14:55 ` Jinhui Guo
  2026-01-28 21:03   ` dan.j.williams
  2026-01-28 22:53   ` Bjorn Helgaas
  1 sibling, 2 replies; 5+ messages in thread
From: Jinhui Guo @ 2025-12-12 14:55 UTC (permalink / raw)
  To: bhelgaas, dan.j.williams, dave.jiang, ilpo.jarvinen, kbusch
  Cc: guojinhui.liam, linux-kernel, linux-pci, stable

Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()")
delegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in
pci_slot_trylock(), but it forgets to remove the corresponding
pci_dev_unlock() when pci_bus_trylock() fails.

Before the commit, the code did:

  if (!pci_dev_trylock(dev)) /* <- lock bridge device */
    goto unlock;
  if (dev->subordinate) {
    if (!pci_bus_trylock(dev->subordinate)) {
      pci_dev_unlock(dev);   /* <- unlock bridge device */
      goto unlock;
    }
  }

After the commit the bridge-device lock is no longer taken, but the
pci_dev_unlock(dev) on the failure path was left in place, leading to
the bug.

This yields one of two errors:
1. A warning that the lock is being unlocked when no one holds it.
2. An incorrect unlock of a lock that belongs to another thread.

Fix it by removing the now-redundant pci_dev_unlock(dev) on the failure
path.

Fixes: a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()")
Cc: stable@vger.kernel.org
Signed-off-by: Jinhui Guo <guojinhui.liam@bytedance.com>
---

Hi, all

Resent v2 to drop the Acked-by tag; no code changes. Sorry for the noise again.

v1: https://lore.kernel.org/all/20251211123635.2215-1-guojinhui.liam@bytedance.com/

Changelog in v1 -> v2
 - The v1 commit message was too brief, so I’ve sent v2 with more detail.
 - Remove the braces from the if (!pci_bus_trylock(dev->subordinate)) statement.

Best Regards,
Jinhui

 drivers/pci/pci.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index 13dbb405dc31..59319e08fca6 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -5346,10 +5346,8 @@ static int pci_slot_trylock(struct pci_slot *slot)
 		if (!dev->slot || dev->slot != slot)
 			continue;
 		if (dev->subordinate) {
-			if (!pci_bus_trylock(dev->subordinate)) {
-				pci_dev_unlock(dev);
+			if (!pci_bus_trylock(dev->subordinate))
 				goto unlock;
-			}
 		} else if (!pci_dev_trylock(dev))
 			goto unlock;
 	}
-- 
2.20.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [RESEND PATCH v2] PCI: Fix incorrect unlocking in pci_slot_trylock()
  2025-12-12 14:55 ` [RESEND PATCH " Jinhui Guo
@ 2026-01-28 21:03   ` dan.j.williams
  2026-01-28 22:53   ` Bjorn Helgaas
  1 sibling, 0 replies; 5+ messages in thread
From: dan.j.williams @ 2026-01-28 21:03 UTC (permalink / raw)
  To: Jinhui Guo, bhelgaas, dan.j.williams, dave.jiang, ilpo.jarvinen,
	kbusch
  Cc: guojinhui.liam, linux-kernel, linux-pci, stable

Jinhui Guo wrote:
> Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()")
> delegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in
> pci_slot_trylock(), but it forgets to remove the corresponding
> pci_dev_unlock() when pci_bus_trylock() fails.
> 
> Before the commit, the code did:
> 
>   if (!pci_dev_trylock(dev)) /* <- lock bridge device */
>     goto unlock;
>   if (dev->subordinate) {
>     if (!pci_bus_trylock(dev->subordinate)) {
>       pci_dev_unlock(dev);   /* <- unlock bridge device */
>       goto unlock;
>     }
>   }
> 
> After the commit the bridge-device lock is no longer taken, but the
> pci_dev_unlock(dev) on the failure path was left in place, leading to
> the bug.
> 
> This yields one of two errors:
> 1. A warning that the lock is being unlocked when no one holds it.
> 2. An incorrect unlock of a lock that belongs to another thread.
> 
> Fix it by removing the now-redundant pci_dev_unlock(dev) on the failure
> path.
> 
> Fixes: a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()")
> Cc: stable@vger.kernel.org
> Signed-off-by: Jinhui Guo <guojinhui.liam@bytedance.com>
> ---
> 
> Hi, all
> 
> Resent v2 to drop the Acked-by tag; no code changes. Sorry for the noise again.
> 
> v1: https://lore.kernel.org/all/20251211123635.2215-1-guojinhui.liam@bytedance.com/
> 
> Changelog in v1 -> v2
>  - The v1 commit message was too brief, so I’ve sent v2 with more detail.
>  - Remove the braces from the if (!pci_bus_trylock(dev->subordinate)) statement.
> 
> Best Regards,
> Jinhui

I ended up also reviewing Keith's version of the same [1], but since this
one was posted earlier, go with this one.

Reviewed-by: Dan Williams <dan.j.williams@intel.com>

[1]: http://lore.kernel.org/20260116184150.3013258-1-kbusch@meta.com

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [RESEND PATCH v2] PCI: Fix incorrect unlocking in pci_slot_trylock()
  2025-12-12 14:55 ` [RESEND PATCH " Jinhui Guo
  2026-01-28 21:03   ` dan.j.williams
@ 2026-01-28 22:53   ` Bjorn Helgaas
  1 sibling, 0 replies; 5+ messages in thread
From: Bjorn Helgaas @ 2026-01-28 22:53 UTC (permalink / raw)
  To: Jinhui Guo
  Cc: bhelgaas, dan.j.williams, dave.jiang, ilpo.jarvinen, kbusch,
	linux-kernel, linux-pci, stable, Keith Busch, Alex Williamson,
	Lukas Wunner

[+cc Keith, Alex, Lukas]

On Fri, Dec 12, 2025 at 10:55:28PM +0800, Jinhui Guo wrote:
> Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()")
> delegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in
> pci_slot_trylock(), but it forgets to remove the corresponding
> pci_dev_unlock() when pci_bus_trylock() fails.
> 
> Before the commit, the code did:
> 
>   if (!pci_dev_trylock(dev)) /* <- lock bridge device */
>     goto unlock;
>   if (dev->subordinate) {
>     if (!pci_bus_trylock(dev->subordinate)) {
>       pci_dev_unlock(dev);   /* <- unlock bridge device */
>       goto unlock;
>     }
>   }
> 
> After the commit the bridge-device lock is no longer taken, but the
> pci_dev_unlock(dev) on the failure path was left in place, leading to
> the bug.
> 
> This yields one of two errors:
> 1. A warning that the lock is being unlocked when no one holds it.
> 2. An incorrect unlock of a lock that belongs to another thread.
> 
> Fix it by removing the now-redundant pci_dev_unlock(dev) on the failure
> path.
> 
> Fixes: a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()")
> Cc: stable@vger.kernel.org
> Signed-off-by: Jinhui Guo <guojinhui.liam@bytedance.com>

Applied to pci/virtualization for v6.20, thanks!

> ---
> 
> Hi, all
> 
> Resent v2 to drop the Acked-by tag; no code changes. Sorry for the noise again.
> 
> v1: https://lore.kernel.org/all/20251211123635.2215-1-guojinhui.liam@bytedance.com/
> 
> Changelog in v1 -> v2
>  - The v1 commit message was too brief, so I’ve sent v2 with more detail.
>  - Remove the braces from the if (!pci_bus_trylock(dev->subordinate)) statement.
> 
> Best Regards,
> Jinhui
> 
>  drivers/pci/pci.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
> index 13dbb405dc31..59319e08fca6 100644
> --- a/drivers/pci/pci.c
> +++ b/drivers/pci/pci.c
> @@ -5346,10 +5346,8 @@ static int pci_slot_trylock(struct pci_slot *slot)
>  		if (!dev->slot || dev->slot != slot)
>  			continue;
>  		if (dev->subordinate) {
> -			if (!pci_bus_trylock(dev->subordinate)) {
> -				pci_dev_unlock(dev);
> +			if (!pci_bus_trylock(dev->subordinate))
>  				goto unlock;
> -			}
>  		} else if (!pci_dev_trylock(dev))
>  			goto unlock;
>  	}
> -- 
> 2.20.1

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2026-01-28 22:53 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-12 13:37 [PATCH v2] PCI: Fix incorrect unlocking in pci_slot_trylock() Jinhui Guo
2025-12-12 14:31 ` Ilpo Järvinen
2025-12-12 14:55 ` [RESEND PATCH " Jinhui Guo
2026-01-28 21:03   ` dan.j.williams
2026-01-28 22:53   ` Bjorn Helgaas

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox