From: Greg KH <gregkh@linuxfoundation.org>
To: Niklas Schnelle <schnelle@linux.ibm.com>
Cc: stable@vger.kernel.org, gor@linux.ibm.com
Subject: Re: [PATCH 5.10 STABLE] s390/pci: fix zpci_zdev_put() on reserve
Date: Wed, 13 Oct 2021 11:09:12 +0200 [thread overview]
Message-ID: <YWaiON5Hw8UnWLIK@kroah.com> (raw)
In-Reply-To: <20211012093425.2247924-1-schnelle@linux.ibm.com>
On Tue, Oct 12, 2021 at 11:34:25AM +0200, Niklas Schnelle wrote:
> [ Upstream commit a46044a92add6a400f4dada7b943b30221f7cc80 ]
>
> Since commit 2a671f77ee49 ("s390/pci: fix use after free of zpci_dev")
> the reference count of a zpci_dev is incremented between
> pcibios_add_device() and pcibios_release_device() which was supposed to
> prevent the zpci_dev from being freed while the common PCI code has
> access to it. It was missed however that the handling of zPCI
> availability events assumed that once zpci_zdev_put() was called no
> later availability event would still see the device. With the previously
> mentioned commit however this assumption no longer holds and we must
> make sure that we only drop the initial long-lived reference the zPCI
> subsystem holds exactly once.
>
> Do so by introducing a zpci_device_reserved() function that handles when
> a device is reserved. Here we make sure the zpci_dev will not be
> considered for further events by removing it from the zpci_list.
>
> This also means that the device actually stays in the
> ZPCI_FN_STATE_RESERVED state between the time we know it has been
> reserved and the final reference going away. We thus need to consider it
> a real state instead of just a conceptual state after the removal. The
> final cleanup of PCI resources, removal from zbus, and destruction of
> the IOMMU stays in zpci_release_device() to make sure holders of the
> reference do see valid data until the release.
Same for the 5.14 patch, please submit the series that resolves this,
not changing individual patches a lot.
thanks,
greg k-h
next prev parent reply other threads:[~2021-10-13 9:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-10 10:22 FAILED: patch "[PATCH] s390/pci: fix zpci_zdev_put() on reserve" failed to apply to 5.10-stable tree gregkh
2021-10-12 9:34 ` [PATCH 5.10 STABLE] s390/pci: fix zpci_zdev_put() on reserve Niklas Schnelle
2021-10-13 9:09 ` Greg KH [this message]
2021-10-13 10:26 ` Niklas Schnelle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YWaiON5Hw8UnWLIK@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=gor@linux.ibm.com \
--cc=schnelle@linux.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox