linux/drivers/pci
Alex Chiang 9d911d7903 PCI Hotplug: acpiphp: don't store a pci_dev in acpiphp_func
An oops can occur if a user attempts to use both PCI logical
hotplug and the ACPI physical hotplug driver (acpiphp) in this
sequence, where $slot/address == $device.

In other words, if acpiphp has claimed a PCI device, and that
device is logically removed, then acpiphp may oops when it
attempts to access it again.

	# echo 1 > /sys/bus/pci/devices/$device/remove
	# echo 0 > /sys/bus/pci/slots/$slot/power

Unable to handle kernel NULL pointer dereference (address 0000000000000000)
Call Trace:
 [<a000000100016390>] show_stack+0x50/0xa0
 [<a000000100016c60>] show_regs+0x820/0x860
 [<a00000010003b390>] die+0x190/0x2a0
 [<a000000100066a40>] ia64_do_page_fault+0x8e0/0xa40
 [<a00000010000c7a0>] ia64_native_leave_kernel+0x0/0x270
 [<a0000001003b2660>] pci_remove_bus_device+0x120/0x260
 [<a0000002060549f0>] acpiphp_disable_slot+0x410/0x540 [acpiphp]
 [<a0000002060505c0>] disable_slot+0xc0/0x120 [acpiphp]
 [<a0000002040d21c0>] power_write_file+0x1e0/0x2a0 [pci_hotplug]
 [<a0000001003bb820>] pci_slot_attr_store+0x60/0xa0
 [<a000000100240f70>] sysfs_write_file+0x230/0x2c0
 [<a000000100195750>] vfs_write+0x190/0x2e0
 [<a0000001001961a0>] sys_write+0x80/0x100
 [<a00000010000c600>] ia64_ret_from_syscall+0x0/0x20
 [<a000000000010720>] __kernel_syscall_via_break+0x0/0x20

The root cause of this oops is that the logical remove ("echo 1 >
/sys/bus/pci/devices/$device/remove") destroyed the pci_dev. The
pci_dev struct itself wasn't deallocated because acpiphp kept a
reference, but some of its fields became invalid.

acpiphp doesn't have any real reason to keep a pointer to a
pci_dev around. It can always derive it using pci_get_slot().

If a logical remove destroys the pci_dev, acpiphp won't find it
and is thus prevented from causing mischief.

Reviewed-by: Matthew Wilcox <willy@linux.intel.com>
Reviewed-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Tested-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Reported-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Acked-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Alex Chiang <achiang@hp.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
2009-05-27 02:04:24 -07:00
..
hotplug PCI Hotplug: acpiphp: don't store a pci_dev in acpiphp_func 2009-05-27 02:04:24 -07:00
pcie PCI: Fix pci-e port driver slot_reset bad default return value 2009-05-05 12:20:57 -07:00
.gitignore
access.c docbooks: add/fix PCI kernel-doc 2009-04-22 14:49:33 -07:00
bus.c PCI: Setup disabled bridges even if buses are added 2009-04-06 11:25:06 -07:00
dmar.c intel-iommu: Avoid panic() for DRHD at address zero. 2009-04-10 22:27:48 -07:00
hotplug-pci.c
hotplug.c
htirq.c docbooks: add/fix PCI kernel-doc 2009-04-22 14:49:33 -07:00
intel-iommu.c intel-iommu: PAE memory corruption fix 2009-05-11 07:51:01 -07:00
intr_remapping.c drivers/pci/intr_remapping.c: include acpi.h 2009-04-06 13:45:48 -07:00
intr_remapping.h
iov.c PCI-IOV: fix missing kernel-doc 2009-04-06 11:25:33 -07:00
iova.c
irq.c PCI: struct device - replace bus_id with dev_name(), dev_set_name() 2009-01-07 11:12:23 -08:00
Kconfig PCI: initialize and release SR-IOV capability 2009-03-20 10:48:22 -07:00
Makefile PCI: initialize and release SR-IOV capability 2009-03-20 10:48:22 -07:00
msi.c PCI MSI: Fix MSI-X with NIU cards 2009-05-11 17:02:27 -07:00
msi.h PCI MSI: Add support for multiple MSI 2009-03-20 10:48:14 -07:00
pci-acpi.c Merge branch 'linus' into release 2009-04-05 02:14:15 -04:00
pci-driver.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-cpumask 2009-04-05 10:33:07 -07:00
pci-stub.c PCI: pci-stub module to reserve pci device 2009-01-07 11:12:38 -08:00
pci-sysfs.c docbooks: add/fix PCI kernel-doc 2009-04-22 14:49:33 -07:00
pci.c PCI PM: Fix initialization and kexec breakage for some devices 2009-05-19 15:26:07 -07:00
pci.h Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2009-04-01 09:47:12 -07:00
probe.c x86/PCI: Move set_pci_bus_resources_arch_default into arch/x86 2009-04-22 13:57:36 -07:00
proc.c PCI: define PCI resource names in an 'enum' 2009-01-07 11:13:01 -08:00
quirks.c PCI quirk: disable MSI on VIA VT3364 chipsets 2009-04-22 13:53:03 -07:00
remove.c PCI: fix kernel oops on bridge removal 2009-03-26 15:55:18 -07:00
rom.c PCI: fix rom.c kernel-doc warning 2009-02-13 12:01:56 -08:00
search.c PCI: fix wrong assumption in pci_find_upstream_pcie_bridge 2009-03-20 10:48:03 -07:00
setup-bus.c PCI: cleanup debug output resources 2009-04-22 14:49:25 -07:00
setup-irq.c
setup-res.c PCI: allow assignment of memory resources with a specified alignment 2009-03-20 10:48:15 -07:00
slot.c docbooks: add/fix PCI kernel-doc 2009-04-22 14:49:33 -07:00
syscall.c [CVE-2009-0029] System call wrappers part 26 2009-01-14 14:15:29 +01:00