Commit d71374da authored by Zhang Yanmin's avatar Zhang Yanmin Committed by Greg Kroah-Hartman

[PATCH] PCI: fix race with pci_walk_bus and pci_destroy_dev

pci_walk_bus has a race with pci_destroy_dev. When cb is called
in pci_walk_bus, pci_destroy_dev might unlink the dev pointed by next.
Later on in the next loop, pointer next becomes NULL and cause
kernel panic.

Below patch against 2.6.17-rc4 fixes it by changing pci_bus_lock (spin_lock)
to pci_bus_sem (rw_semaphore).
Signed-off-by: default avatarZhang Yanmin <yanmin.zhang@intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 733a7fe1
...@@ -81,9 +81,9 @@ void __devinit pci_bus_add_device(struct pci_dev *dev) ...@@ -81,9 +81,9 @@ void __devinit pci_bus_add_device(struct pci_dev *dev)
{ {
device_add(&dev->dev); device_add(&dev->dev);
spin_lock(&pci_bus_lock); down_write(&pci_bus_sem);
list_add_tail(&dev->global_list, &pci_devices); list_add_tail(&dev->global_list, &pci_devices);
spin_unlock(&pci_bus_lock); up_write(&pci_bus_sem);
pci_proc_attach_device(dev); pci_proc_attach_device(dev);
pci_create_sysfs_dev_files(dev); pci_create_sysfs_dev_files(dev);
...@@ -125,10 +125,10 @@ void __devinit pci_bus_add_devices(struct pci_bus *bus) ...@@ -125,10 +125,10 @@ void __devinit pci_bus_add_devices(struct pci_bus *bus)
*/ */
if (dev->subordinate) { if (dev->subordinate) {
if (list_empty(&dev->subordinate->node)) { if (list_empty(&dev->subordinate->node)) {
spin_lock(&pci_bus_lock); down_write(&pci_bus_sem);
list_add_tail(&dev->subordinate->node, list_add_tail(&dev->subordinate->node,
&dev->bus->children); &dev->bus->children);
spin_unlock(&pci_bus_lock); up_write(&pci_bus_sem);
} }
pci_bus_add_devices(dev->subordinate); pci_bus_add_devices(dev->subordinate);
...@@ -168,7 +168,7 @@ void pci_walk_bus(struct pci_bus *top, void (*cb)(struct pci_dev *, void *), ...@@ -168,7 +168,7 @@ void pci_walk_bus(struct pci_bus *top, void (*cb)(struct pci_dev *, void *),
struct list_head *next; struct list_head *next;
bus = top; bus = top;
spin_lock(&pci_bus_lock); down_read(&pci_bus_sem);
next = top->devices.next; next = top->devices.next;
for (;;) { for (;;) {
if (next == &bus->devices) { if (next == &bus->devices) {
...@@ -180,22 +180,19 @@ void pci_walk_bus(struct pci_bus *top, void (*cb)(struct pci_dev *, void *), ...@@ -180,22 +180,19 @@ void pci_walk_bus(struct pci_bus *top, void (*cb)(struct pci_dev *, void *),
continue; continue;
} }
dev = list_entry(next, struct pci_dev, bus_list); dev = list_entry(next, struct pci_dev, bus_list);
pci_dev_get(dev);
if (dev->subordinate) { if (dev->subordinate) {
/* this is a pci-pci bridge, do its devices next */ /* this is a pci-pci bridge, do its devices next */
next = dev->subordinate->devices.next; next = dev->subordinate->devices.next;
bus = dev->subordinate; bus = dev->subordinate;
} else } else
next = dev->bus_list.next; next = dev->bus_list.next;
spin_unlock(&pci_bus_lock);
/* Run device routines with the bus unlocked */ /* Run device routines with the device locked */
down(&dev->dev.sem);
cb(dev, userdata); cb(dev, userdata);
up(&dev->dev.sem);
spin_lock(&pci_bus_lock);
pci_dev_put(dev);
} }
spin_unlock(&pci_bus_lock); up_read(&pci_bus_sem);
} }
EXPORT_SYMBOL_GPL(pci_walk_bus); EXPORT_SYMBOL_GPL(pci_walk_bus);
......
...@@ -40,7 +40,7 @@ extern int pci_bus_find_capability (struct pci_bus *bus, unsigned int devfn, int ...@@ -40,7 +40,7 @@ extern int pci_bus_find_capability (struct pci_bus *bus, unsigned int devfn, int
extern void pci_remove_legacy_files(struct pci_bus *bus); extern void pci_remove_legacy_files(struct pci_bus *bus);
/* Lock for read/write access to pci device and bus lists */ /* Lock for read/write access to pci device and bus lists */
extern spinlock_t pci_bus_lock; extern struct rw_semaphore pci_bus_sem;
#ifdef CONFIG_X86_IO_APIC #ifdef CONFIG_X86_IO_APIC
extern int pci_msi_quirk; extern int pci_msi_quirk;
......
...@@ -383,9 +383,9 @@ struct pci_bus * __devinit pci_add_new_bus(struct pci_bus *parent, struct pci_de ...@@ -383,9 +383,9 @@ struct pci_bus * __devinit pci_add_new_bus(struct pci_bus *parent, struct pci_de
child = pci_alloc_child_bus(parent, dev, busnr); child = pci_alloc_child_bus(parent, dev, busnr);
if (child) { if (child) {
spin_lock(&pci_bus_lock); down_write(&pci_bus_sem);
list_add_tail(&child->node, &parent->children); list_add_tail(&child->node, &parent->children);
spin_unlock(&pci_bus_lock); up_write(&pci_bus_sem);
} }
return child; return child;
} }
...@@ -844,9 +844,9 @@ void __devinit pci_device_add(struct pci_dev *dev, struct pci_bus *bus) ...@@ -844,9 +844,9 @@ void __devinit pci_device_add(struct pci_dev *dev, struct pci_bus *bus)
* and the bus list for fixup functions, etc. * and the bus list for fixup functions, etc.
*/ */
INIT_LIST_HEAD(&dev->global_list); INIT_LIST_HEAD(&dev->global_list);
spin_lock(&pci_bus_lock); down_write(&pci_bus_sem);
list_add_tail(&dev->bus_list, &bus->devices); list_add_tail(&dev->bus_list, &bus->devices);
spin_unlock(&pci_bus_lock); up_write(&pci_bus_sem);
} }
struct pci_dev * __devinit struct pci_dev * __devinit
...@@ -981,9 +981,10 @@ struct pci_bus * __devinit pci_create_bus(struct device *parent, ...@@ -981,9 +981,10 @@ struct pci_bus * __devinit pci_create_bus(struct device *parent,
pr_debug("PCI: Bus %04x:%02x already known\n", pci_domain_nr(b), bus); pr_debug("PCI: Bus %04x:%02x already known\n", pci_domain_nr(b), bus);
goto err_out; goto err_out;
} }
spin_lock(&pci_bus_lock);
down_write(&pci_bus_sem);
list_add_tail(&b->node, &pci_root_buses); list_add_tail(&b->node, &pci_root_buses);
spin_unlock(&pci_bus_lock); up_write(&pci_bus_sem);
memset(dev, 0, sizeof(*dev)); memset(dev, 0, sizeof(*dev));
dev->parent = parent; dev->parent = parent;
...@@ -1023,9 +1024,9 @@ struct pci_bus * __devinit pci_create_bus(struct device *parent, ...@@ -1023,9 +1024,9 @@ struct pci_bus * __devinit pci_create_bus(struct device *parent,
class_dev_reg_err: class_dev_reg_err:
device_unregister(dev); device_unregister(dev);
dev_reg_err: dev_reg_err:
spin_lock(&pci_bus_lock); down_write(&pci_bus_sem);
list_del(&b->node); list_del(&b->node);
spin_unlock(&pci_bus_lock); up_write(&pci_bus_sem);
err_out: err_out:
kfree(dev); kfree(dev);
kfree(b); kfree(b);
......
...@@ -22,18 +22,18 @@ static void pci_destroy_dev(struct pci_dev *dev) ...@@ -22,18 +22,18 @@ static void pci_destroy_dev(struct pci_dev *dev)
pci_proc_detach_device(dev); pci_proc_detach_device(dev);
pci_remove_sysfs_dev_files(dev); pci_remove_sysfs_dev_files(dev);
device_unregister(&dev->dev); device_unregister(&dev->dev);
spin_lock(&pci_bus_lock); down_write(&pci_bus_sem);
list_del(&dev->global_list); list_del(&dev->global_list);
dev->global_list.next = dev->global_list.prev = NULL; dev->global_list.next = dev->global_list.prev = NULL;
spin_unlock(&pci_bus_lock); up_write(&pci_bus_sem);
} }
/* Remove the device from the device lists, and prevent any further /* Remove the device from the device lists, and prevent any further
* list accesses from this device */ * list accesses from this device */
spin_lock(&pci_bus_lock); down_write(&pci_bus_sem);
list_del(&dev->bus_list); list_del(&dev->bus_list);
dev->bus_list.next = dev->bus_list.prev = NULL; dev->bus_list.next = dev->bus_list.prev = NULL;
spin_unlock(&pci_bus_lock); up_write(&pci_bus_sem);
pci_free_resources(dev); pci_free_resources(dev);
pci_dev_put(dev); pci_dev_put(dev);
...@@ -62,9 +62,9 @@ void pci_remove_bus(struct pci_bus *pci_bus) ...@@ -62,9 +62,9 @@ void pci_remove_bus(struct pci_bus *pci_bus)
{ {
pci_proc_detach_bus(pci_bus); pci_proc_detach_bus(pci_bus);
spin_lock(&pci_bus_lock); down_write(&pci_bus_sem);
list_del(&pci_bus->node); list_del(&pci_bus->node);
spin_unlock(&pci_bus_lock); up_write(&pci_bus_sem);
pci_remove_legacy_files(pci_bus); pci_remove_legacy_files(pci_bus);
class_device_remove_file(&pci_bus->class_dev, class_device_remove_file(&pci_bus->class_dev,
&class_device_attr_cpuaffinity); &class_device_attr_cpuaffinity);
......
...@@ -13,7 +13,7 @@ ...@@ -13,7 +13,7 @@
#include <linux/interrupt.h> #include <linux/interrupt.h>
#include "pci.h" #include "pci.h"
DEFINE_SPINLOCK(pci_bus_lock); DECLARE_RWSEM(pci_bus_sem);
static struct pci_bus * __devinit static struct pci_bus * __devinit
pci_do_find_bus(struct pci_bus* bus, unsigned char busnr) pci_do_find_bus(struct pci_bus* bus, unsigned char busnr)
...@@ -72,11 +72,11 @@ pci_find_next_bus(const struct pci_bus *from) ...@@ -72,11 +72,11 @@ pci_find_next_bus(const struct pci_bus *from)
struct pci_bus *b = NULL; struct pci_bus *b = NULL;
WARN_ON(in_interrupt()); WARN_ON(in_interrupt());
spin_lock(&pci_bus_lock); down_read(&pci_bus_sem);
n = from ? from->node.next : pci_root_buses.next; n = from ? from->node.next : pci_root_buses.next;
if (n != &pci_root_buses) if (n != &pci_root_buses)
b = pci_bus_b(n); b = pci_bus_b(n);
spin_unlock(&pci_bus_lock); up_read(&pci_bus_sem);
return b; return b;
} }
...@@ -124,7 +124,7 @@ struct pci_dev * pci_get_slot(struct pci_bus *bus, unsigned int devfn) ...@@ -124,7 +124,7 @@ struct pci_dev * pci_get_slot(struct pci_bus *bus, unsigned int devfn)
struct pci_dev *dev; struct pci_dev *dev;
WARN_ON(in_interrupt()); WARN_ON(in_interrupt());
spin_lock(&pci_bus_lock); down_read(&pci_bus_sem);
list_for_each(tmp, &bus->devices) { list_for_each(tmp, &bus->devices) {
dev = pci_dev_b(tmp); dev = pci_dev_b(tmp);
...@@ -135,7 +135,7 @@ struct pci_dev * pci_get_slot(struct pci_bus *bus, unsigned int devfn) ...@@ -135,7 +135,7 @@ struct pci_dev * pci_get_slot(struct pci_bus *bus, unsigned int devfn)
dev = NULL; dev = NULL;
out: out:
pci_dev_get(dev); pci_dev_get(dev);
spin_unlock(&pci_bus_lock); up_read(&pci_bus_sem);
return dev; return dev;
} }
...@@ -167,7 +167,7 @@ static struct pci_dev * pci_find_subsys(unsigned int vendor, ...@@ -167,7 +167,7 @@ static struct pci_dev * pci_find_subsys(unsigned int vendor,
struct pci_dev *dev; struct pci_dev *dev;
WARN_ON(in_interrupt()); WARN_ON(in_interrupt());
spin_lock(&pci_bus_lock); down_read(&pci_bus_sem);
n = from ? from->global_list.next : pci_devices.next; n = from ? from->global_list.next : pci_devices.next;
while (n && (n != &pci_devices)) { while (n && (n != &pci_devices)) {
...@@ -181,7 +181,7 @@ static struct pci_dev * pci_find_subsys(unsigned int vendor, ...@@ -181,7 +181,7 @@ static struct pci_dev * pci_find_subsys(unsigned int vendor,
} }
dev = NULL; dev = NULL;
exit: exit:
spin_unlock(&pci_bus_lock); up_read(&pci_bus_sem);
return dev; return dev;
} }
...@@ -232,7 +232,7 @@ pci_get_subsys(unsigned int vendor, unsigned int device, ...@@ -232,7 +232,7 @@ pci_get_subsys(unsigned int vendor, unsigned int device,
struct pci_dev *dev; struct pci_dev *dev;
WARN_ON(in_interrupt()); WARN_ON(in_interrupt());
spin_lock(&pci_bus_lock); down_read(&pci_bus_sem);
n = from ? from->global_list.next : pci_devices.next; n = from ? from->global_list.next : pci_devices.next;
while (n && (n != &pci_devices)) { while (n && (n != &pci_devices)) {
...@@ -247,7 +247,7 @@ pci_get_subsys(unsigned int vendor, unsigned int device, ...@@ -247,7 +247,7 @@ pci_get_subsys(unsigned int vendor, unsigned int device,
dev = NULL; dev = NULL;
exit: exit:
dev = pci_dev_get(dev); dev = pci_dev_get(dev);
spin_unlock(&pci_bus_lock); up_read(&pci_bus_sem);
pci_dev_put(from); pci_dev_put(from);
return dev; return dev;
} }
...@@ -292,7 +292,7 @@ pci_find_device_reverse(unsigned int vendor, unsigned int device, const struct p ...@@ -292,7 +292,7 @@ pci_find_device_reverse(unsigned int vendor, unsigned int device, const struct p
struct pci_dev *dev; struct pci_dev *dev;
WARN_ON(in_interrupt()); WARN_ON(in_interrupt());
spin_lock(&pci_bus_lock); down_read(&pci_bus_sem);
n = from ? from->global_list.prev : pci_devices.prev; n = from ? from->global_list.prev : pci_devices.prev;
while (n && (n != &pci_devices)) { while (n && (n != &pci_devices)) {
...@@ -304,7 +304,7 @@ pci_find_device_reverse(unsigned int vendor, unsigned int device, const struct p ...@@ -304,7 +304,7 @@ pci_find_device_reverse(unsigned int vendor, unsigned int device, const struct p
} }
dev = NULL; dev = NULL;
exit: exit:
spin_unlock(&pci_bus_lock); up_read(&pci_bus_sem);
return dev; return dev;
} }
...@@ -328,7 +328,7 @@ struct pci_dev *pci_get_class(unsigned int class, struct pci_dev *from) ...@@ -328,7 +328,7 @@ struct pci_dev *pci_get_class(unsigned int class, struct pci_dev *from)
struct pci_dev *dev; struct pci_dev *dev;
WARN_ON(in_interrupt()); WARN_ON(in_interrupt());
spin_lock(&pci_bus_lock); down_read(&pci_bus_sem);
n = from ? from->global_list.next : pci_devices.next; n = from ? from->global_list.next : pci_devices.next;
while (n && (n != &pci_devices)) { while (n && (n != &pci_devices)) {
...@@ -340,7 +340,7 @@ struct pci_dev *pci_get_class(unsigned int class, struct pci_dev *from) ...@@ -340,7 +340,7 @@ struct pci_dev *pci_get_class(unsigned int class, struct pci_dev *from)
dev = NULL; dev = NULL;
exit: exit:
dev = pci_dev_get(dev); dev = pci_dev_get(dev);
spin_unlock(&pci_bus_lock); up_read(&pci_bus_sem);
pci_dev_put(from); pci_dev_put(from);
return dev; return dev;
} }
...@@ -362,7 +362,7 @@ int pci_dev_present(const struct pci_device_id *ids) ...@@ -362,7 +362,7 @@ int pci_dev_present(const struct pci_device_id *ids)
int found = 0; int found = 0;
WARN_ON(in_interrupt()); WARN_ON(in_interrupt());
spin_lock(&pci_bus_lock); down_read(&pci_bus_sem);
while (ids->vendor || ids->subvendor || ids->class_mask) { while (ids->vendor || ids->subvendor || ids->class_mask) {
list_for_each_entry(dev, &pci_devices, global_list) { list_for_each_entry(dev, &pci_devices, global_list) {
if (pci_match_one_device(ids, dev)) { if (pci_match_one_device(ids, dev)) {
...@@ -372,8 +372,8 @@ int pci_dev_present(const struct pci_device_id *ids) ...@@ -372,8 +372,8 @@ int pci_dev_present(const struct pci_device_id *ids)
} }
ids++; ids++;
} }
exit: exit:
spin_unlock(&pci_bus_lock); up_read(&pci_bus_sem);
return found; return found;
} }
EXPORT_SYMBOL(pci_dev_present); EXPORT_SYMBOL(pci_dev_present);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment