summaryrefslogtreecommitdiffstats
path: root/drivers/pci/pci.c
diff options
context:
space:
mode:
authorChristoph Hellwig <hch@lst.de>2017-06-01 13:10:37 +0200
committerBjorn Helgaas <bhelgaas@google.com>2017-06-14 21:49:13 -0500
commitb014e96d1abbd67404bbe2018937b46466299e9e (patch)
tree38b5d4431d8a8305423cc010443ceecb8ad8bde4 /drivers/pci/pci.c
parent17530e71e0166a37f8e20a9b7bcf1d50ae3cff8e (diff)
downloadlinux-b014e96d1abbd67404bbe2018937b46466299e9e.tar.bz2
PCI: Protect pci_error_handlers->reset_notify() usage with device_lock()
Every method in struct device_driver or structures derived from it like struct pci_driver MUST provide exclusion vs the driver's ->remove() method, usually by using device_lock(). Protect use of pci_error_handlers->reset_notify() by holding the device lock while calling it. Note: - pci_dev_lock() calls device_lock() in addition to blocking user-space config accesses. - pci_err_handlers->reset_notify() is used inside pci_dev_save_and_disable() and pci_dev_restore(). We could hold the device lock directly in pci_reset_notify(), but we expand the region since we have several calls following each other. Without this, ->reset_notify() may race with ->remove() calls, which can be easily triggered in NVMe. [bhelgaas: changelog, add pci_reset_notify() comment] [bhelgaas: fold in fix from Dan Carpenter <dan.carpenter@oracle.com>: http://lkml.kernel.org/r/20170701135323.x5vaj4e2wcs2mcro@mwanda] Link: http://lkml.kernel.org/r/20170601111039.8913-2-hch@lst.de Reported-by: Rakesh Pandit <rakesh@tuxera.com> Tested-by: Rakesh Pandit <rakesh@tuxera.com> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Diffstat (limited to 'drivers/pci/pci.c')
-rw-r--r--drivers/pci/pci.c26
1 files changed, 18 insertions, 8 deletions
diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
index 3b38e98e68df..f4587f6f8739 100644
--- a/drivers/pci/pci.c
+++ b/drivers/pci/pci.c
@@ -4143,6 +4143,12 @@ static void pci_reset_notify(struct pci_dev *dev, bool prepare)
{
const struct pci_error_handlers *err_handler =
dev->driver ? dev->driver->err_handler : NULL;
+
+ /*
+ * dev->driver->err_handler->reset_notify() is protected against
+ * races with ->remove() by the device lock, which must be held by
+ * the caller.
+ */
if (err_handler && err_handler->reset_notify)
err_handler->reset_notify(dev, prepare);
}
@@ -4278,11 +4284,13 @@ int pci_reset_function(struct pci_dev *dev)
if (rc)
return rc;
+ pci_dev_lock(dev);
pci_dev_save_and_disable(dev);
- rc = pci_dev_reset(dev, 0);
+ rc = __pci_dev_reset(dev, 0);
pci_dev_restore(dev);
+ pci_dev_unlock(dev);
return rc;
}
@@ -4302,16 +4310,14 @@ int pci_try_reset_function(struct pci_dev *dev)
if (rc)
return rc;
- pci_dev_save_and_disable(dev);
+ if (!pci_dev_trylock(dev))
+ return -EAGAIN;
- if (pci_dev_trylock(dev)) {
- rc = __pci_dev_reset(dev, 0);
- pci_dev_unlock(dev);
- } else
- rc = -EAGAIN;
+ pci_dev_save_and_disable(dev);
+ rc = __pci_dev_reset(dev, 0);
+ pci_dev_unlock(dev);
pci_dev_restore(dev);
-
return rc;
}
EXPORT_SYMBOL_GPL(pci_try_reset_function);
@@ -4461,7 +4467,9 @@ static void pci_bus_save_and_disable(struct pci_bus *bus)
struct pci_dev *dev;
list_for_each_entry(dev, &bus->devices, bus_list) {
+ pci_dev_lock(dev);
pci_dev_save_and_disable(dev);
+ pci_dev_unlock(dev);
if (dev->subordinate)
pci_bus_save_and_disable(dev->subordinate);
}
@@ -4476,7 +4484,9 @@ static void pci_bus_restore(struct pci_bus *bus)
struct pci_dev *dev;
list_for_each_entry(dev, &bus->devices, bus_list) {
+ pci_dev_lock(dev);
pci_dev_restore(dev);
+ pci_dev_unlock(dev);
if (dev->subordinate)
pci_bus_restore(dev->subordinate);
}