• Igor Mammedov's avatar
    PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus · cc22522f
    Igor Mammedov authored
    40613da5 ("PCI: acpiphp: Reassign resources on bridge if necessary")
    changed acpiphp hotplug to use pci_assign_unassigned_bridge_resources()
    which depends on bridge being available, however enable_slot() can be
    called without bridge associated:
    
      1. Legitimate case of hotplug on root bus (widely used in virt world)
    
      2. A (misbehaving) firmware, that sends ACPI Bus Check notifications to
         non existing root ports (Dell Inspiron 7352/0W6WV0), which end up at
         enable_slot(..., bridge = 0) where bus has no bridge assigned to it.
         acpihp doesn't know that it's a bridge, and bus specific 'PCI
         subsystem' can't augment ACPI context with bridge information since
         the PCI device to get this data from is/was not available.
    
    Issue is easy to reproduce with QEMU's 'pc' machine, which supports PCI
    hotplug on hostbridge slots. To reproduce, boot kernel at commit
    40613da5 in VM started with following CLI (assuming guest root fs is
    installed on sda1 partition):
    
      # qemu-system-x86_64 -M pc -m 1G -enable-kvm -cpu host \
            -monitor stdio -serial file:serial.log           \
            -kernel arch/x86/boot/bzImage                    \
            -append "root=/dev/sda1 console=ttyS0"           \
            guest_disk.img
    
    Once guest OS is fully booted at qemu prompt:
    
      (qemu) device_add e1000
    
    (check serial.log) it will cause NULL pointer dereference at:
    
      void pci_assign_unassigned_bridge_resources(struct pci_dev *bridge)
      {
        struct pci_bus *parent = bridge->subordinate;
    
      BUG: kernel NULL pointer dereference, address: 0000000000000018
    
       ? pci_assign_unassigned_bridge_resources+0x1f/0x260
       enable_slot+0x21f/0x3e0
       acpiphp_hotplug_notify+0x13d/0x260
       acpi_device_hotplug+0xbc/0x540
       acpi_hotplug_work_fn+0x15/0x20
       process_one_work+0x1f7/0x370
       worker_thread+0x45/0x3b0
    
    The issue was discovered on Dell Inspiron 7352/0W6WV0 laptop with following
    sequence:
    
      1. Suspend to RAM
      2. Wake up with the same backtrace being observed:
      3. 2nd suspend to RAM attempt makes laptop freeze
    
    Fix it by using __pci_bus_assign_resources() instead of
    pci_assign_unassigned_bridge_resources() as we used to do, but only in case
    when bus doesn't have a bridge associated (to cover for the case of ACPI
    event on hostbridge or non existing root port).
    
    That lets us keep hotplug on root bus working like it used to and at the
    same time keeps resource reassignment usable on root ports (and other 1st
    level bridges) that was fixed by 40613da5.
    
    Fixes: 40613da5 ("PCI: acpiphp: Reassign resources on bridge if necessary")
    Link: https://lore.kernel.org/r/20230726123518.2361181-2-imammedo@redhat.comReported-by: default avatarWoody Suwalski <terraluna977@gmail.com>
    Tested-by: default avatarWoody Suwalski <terraluna977@gmail.com>
    Tested-by: default avatarMichal Koutný <mkoutny@suse.com>
    Link: https://lore.kernel.org/r/11fc981c-af49-ce64-6b43-3e282728bd1a@gmail.comSigned-off-by: default avatarIgor Mammedov <imammedo@redhat.com>
    Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
    Acked-by: default avatarRafael J. Wysocki <rafael@kernel.org>
    Acked-by: default avatarMichael S. Tsirkin <mst@redhat.com>
    cc22522f
acpiphp_glue.c 26.3 KB