Commit 29c2680f authored by Harald Freudenberger's avatar Harald Freudenberger Committed by Heiko Carstens

s390/ap: fix ap devices reference counting

With the last rework of the AP bus scan function one get_device() is
missing causing the reference counter to be one instance too
low. Together with binding/unbinding device drivers to an ap device it
may end up in an segfault because the ap device is freed but a device
driver still assumes it's pointer to the ap device is valid:

Unable to handle kernel pointer dereference in virtual kernel address space
Failing address: 6b6b6b6b6b6b6000 TEID: 6b6b6b6b6b6b6803
Fault in home space mode while using kernel ASCE.
Krnl PSW : 0404e00180000000 000000001472f3b6 (klist_next+0x7e/0x180)
           R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3
Call Trace:
 [<000000001472f3b6>] klist_next+0x7e/0x180
([<000000001472f36a>] klist_next+0x32/0x180)
 [<00000000147c14de>] bus_for_each_dev+0x66/0xb8
 [<0000000014aab0d4>] ap_scan_adapter+0xcc/0x6c0
 [<0000000014aab74a>] ap_scan_bus+0x82/0x140
 [<0000000013f3b654>] process_one_work+0x27c/0x478
 [<0000000013f3b8b6>] worker_thread+0x66/0x368
 [<0000000013f44e32>] kthread+0x17a/0x1a0
 [<0000000014af23e4>] ret_from_fork+0x24/0x2c
Kernel panic - not syncing: Fatal exception: panic_on_oops

Fixed by adjusting the reference count with get_device() on the right
place. Also now the device drivers don't need to adjust the ap
device's reference counting any more. This is now done in the ap bus
probe and remove functions.
Reported-by: default avatarMarc Hartmayer <mhartmay@linux.ibm.com>
Fixes: 4f2fcccd ("s390/ap: add card/queue deconfig state")
Signed-off-by: default avatarHarald Freudenberger <freude@linux.ibm.com>
Signed-off-by: default avatarHeiko Carstens <hca@linux.ibm.com>
parent 3cea11cd
...@@ -680,7 +680,10 @@ static int ap_device_probe(struct device *dev) ...@@ -680,7 +680,10 @@ static int ap_device_probe(struct device *dev)
{ {
struct ap_device *ap_dev = to_ap_dev(dev); struct ap_device *ap_dev = to_ap_dev(dev);
struct ap_driver *ap_drv = to_ap_drv(dev->driver); struct ap_driver *ap_drv = to_ap_drv(dev->driver);
int card, queue, devres, drvres, rc; int card, queue, devres, drvres, rc = -ENODEV;
if (!get_device(dev))
return rc;
if (is_queue_dev(dev)) { if (is_queue_dev(dev)) {
/* /*
...@@ -697,7 +700,7 @@ static int ap_device_probe(struct device *dev) ...@@ -697,7 +700,7 @@ static int ap_device_probe(struct device *dev)
mutex_unlock(&ap_perms_mutex); mutex_unlock(&ap_perms_mutex);
drvres = ap_drv->flags & AP_DRIVER_FLAG_DEFAULT; drvres = ap_drv->flags & AP_DRIVER_FLAG_DEFAULT;
if (!!devres != !!drvres) if (!!devres != !!drvres)
return -ENODEV; goto out;
} }
/* Add queue/card to list of active queues/cards */ /* Add queue/card to list of active queues/cards */
...@@ -718,6 +721,9 @@ static int ap_device_probe(struct device *dev) ...@@ -718,6 +721,9 @@ static int ap_device_probe(struct device *dev)
ap_dev->drv = NULL; ap_dev->drv = NULL;
} }
out:
if (rc)
put_device(dev);
return rc; return rc;
} }
...@@ -744,6 +750,8 @@ static int ap_device_remove(struct device *dev) ...@@ -744,6 +750,8 @@ static int ap_device_remove(struct device *dev)
hash_del(&to_ap_queue(dev)->hnode); hash_del(&to_ap_queue(dev)->hnode);
spin_unlock_bh(&ap_queues_lock); spin_unlock_bh(&ap_queues_lock);
put_device(dev);
return 0; return 0;
} }
...@@ -1371,6 +1379,8 @@ static inline void ap_scan_domains(struct ap_card *ac) ...@@ -1371,6 +1379,8 @@ static inline void ap_scan_domains(struct ap_card *ac)
__func__, ac->id, dom); __func__, ac->id, dom);
goto put_dev_and_continue; goto put_dev_and_continue;
} }
/* get it and thus adjust reference counter */
get_device(dev);
if (decfg) if (decfg)
AP_DBF_INFO("%s(%d,%d) new (decfg) queue device created\n", AP_DBF_INFO("%s(%d,%d) new (decfg) queue device created\n",
__func__, ac->id, dom); __func__, ac->id, dom);
......
...@@ -157,11 +157,6 @@ int zcrypt_card_register(struct zcrypt_card *zc) ...@@ -157,11 +157,6 @@ int zcrypt_card_register(struct zcrypt_card *zc)
{ {
int rc; int rc;
rc = sysfs_create_group(&zc->card->ap_dev.device.kobj,
&zcrypt_card_attr_group);
if (rc)
return rc;
spin_lock(&zcrypt_list_lock); spin_lock(&zcrypt_list_lock);
list_add_tail(&zc->list, &zcrypt_card_list); list_add_tail(&zc->list, &zcrypt_card_list);
spin_unlock(&zcrypt_list_lock); spin_unlock(&zcrypt_list_lock);
...@@ -170,6 +165,14 @@ int zcrypt_card_register(struct zcrypt_card *zc) ...@@ -170,6 +165,14 @@ int zcrypt_card_register(struct zcrypt_card *zc)
ZCRYPT_DBF(DBF_INFO, "card=%02x register online=1\n", zc->card->id); ZCRYPT_DBF(DBF_INFO, "card=%02x register online=1\n", zc->card->id);
rc = sysfs_create_group(&zc->card->ap_dev.device.kobj,
&zcrypt_card_attr_group);
if (rc) {
spin_lock(&zcrypt_list_lock);
list_del_init(&zc->list);
spin_unlock(&zcrypt_list_lock);
}
return rc; return rc;
} }
EXPORT_SYMBOL(zcrypt_card_register); EXPORT_SYMBOL(zcrypt_card_register);
......
...@@ -180,7 +180,6 @@ int zcrypt_queue_register(struct zcrypt_queue *zq) ...@@ -180,7 +180,6 @@ int zcrypt_queue_register(struct zcrypt_queue *zq)
&zcrypt_queue_attr_group); &zcrypt_queue_attr_group);
if (rc) if (rc)
goto out; goto out;
get_device(&zq->queue->ap_dev.device);
if (zq->ops->rng) { if (zq->ops->rng) {
rc = zcrypt_rng_device_add(); rc = zcrypt_rng_device_add();
...@@ -192,7 +191,6 @@ int zcrypt_queue_register(struct zcrypt_queue *zq) ...@@ -192,7 +191,6 @@ int zcrypt_queue_register(struct zcrypt_queue *zq)
out_unregister: out_unregister:
sysfs_remove_group(&zq->queue->ap_dev.device.kobj, sysfs_remove_group(&zq->queue->ap_dev.device.kobj,
&zcrypt_queue_attr_group); &zcrypt_queue_attr_group);
put_device(&zq->queue->ap_dev.device);
out: out:
spin_lock(&zcrypt_list_lock); spin_lock(&zcrypt_list_lock);
list_del_init(&zq->list); list_del_init(&zq->list);
...@@ -220,12 +218,10 @@ void zcrypt_queue_unregister(struct zcrypt_queue *zq) ...@@ -220,12 +218,10 @@ void zcrypt_queue_unregister(struct zcrypt_queue *zq)
list_del_init(&zq->list); list_del_init(&zq->list);
zcrypt_device_count--; zcrypt_device_count--;
spin_unlock(&zcrypt_list_lock); spin_unlock(&zcrypt_list_lock);
zcrypt_card_put(zc);
if (zq->ops->rng) if (zq->ops->rng)
zcrypt_rng_device_remove(); zcrypt_rng_device_remove();
sysfs_remove_group(&zq->queue->ap_dev.device.kobj, sysfs_remove_group(&zq->queue->ap_dev.device.kobj,
&zcrypt_queue_attr_group); &zcrypt_queue_attr_group);
put_device(&zq->queue->ap_dev.device); zcrypt_card_put(zc);
zcrypt_queue_put(zq);
} }
EXPORT_SYMBOL(zcrypt_queue_unregister); EXPORT_SYMBOL(zcrypt_queue_unregister);
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment