korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-20 02:34:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
8cc2bfd87f
linux/drivers
History
Kenji Kaneshige 8cc2bfd87f PCI: kernel oops on access to pci proc file while hot-removal 
I encountered the problem that /proc/bus/pci/XX/YY is not removed even
after the corresponding device is hot-removed, if the file is still
being opened. In addtion, accessing this file in this situation causes
kernel panic (see below).

Becasue the pci_proc_detach_device() doesn't call remove_proc_entry()
if struct proc_dir_entry->count > 1, access to /proc/bus/pci/XX/YY
would refer to struct pci_dev that was already freed.

Though I don't know why the check for proc_dir_entry->count was added,
I don't think it is needed. Removing this check fixes the problem.

Steps to reproduce
------------------
# cd /sys/bus/pci/slots/2/
# PROC_BUS_PCI_FILE=/proc/bus/pci/`awk -F: '{print $2"/"$3}' < address`.0
# sleep 10000 < $PROC_BUS_PCI_FILE &
# echo 0 > power
# while true; do cat $PROC_BUS_PCI_FILE > /dev/null; done

Oops Messages
-------------
BUG: unable to handle kernel NULL pointer dereference at 00000042
IP: [<c05c82d5>] pci_user_read_config_dword+0x65/0xa0
*pdpt = 000000002185e001 *pde = 0000000476a79067
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:1c.0/0000:10:00.0/local_cpus
Modules linked in: autofs4 sunrpc cpufreq_ondemand acpi_cpufreq ipv6 dm_mirror dm_region_hash dm_log dm_mod e1000e i2c_i801 i2c_core iTCO_wdt igb sg pcspkr dca iTCO_vendor_support ext4 mbcache jbd2 sd_mod crc_t10dif lpfc mptsas scsi_transport_fc mptscsih mptbase scsi_tgt scsi_transport_sas [last unloaded: microcode]

Pid: 2997, comm: cat Not tainted 2.6.34-kk #32 SB/PRIMEQUEST 1800E
EIP: 0060:[<c05c82d5>] EFLAGS: 00010046 CPU: 19
EIP is at pci_user_read_config_dword+0x65/0xa0
EAX: 00000002 EBX: e44f1800 ECX: e144df14 EDX: 155668c7
ESI: 00000087 EDI: 00000000 EBP: e144df40 ESP: e144df0c
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process cat (pid: 2997, ti=e144c000 task=e26f2570 task.ti=e144c000)
Stack:
 c09ceac0 c0570f72 ffffffff 08c57000 00000000 00001000 e44f1800 c05d2404
<0> e144df40 00001000 00000000 00001000 08c57000 3093ae50 e420cb40 e358d5c0
<0> c05d2300 fffffffb c054984f e144df9c 00008000 08c57000 e358d5c0 00008000
Call Trace:
 [<c0570f72>] ? security_capable+0x22/0x30
 [<c05d2404>] ? proc_bus_pci_read+0x104/0x220
 [<c05d2300>] ? proc_bus_pci_read+0x0/0x220
 [<c054984f>] ? proc_reg_read+0x5f/0x90
 [<c05497f0>] ? proc_reg_read+0x0/0x90
 [<c050694d>] ? vfs_read+0x9d/0x190
 [<c04958f4>] ? audit_syscall_entry+0x204/0x230
 [<c0506a81>] ? sys_read+0x41/0x70
 [<c0402f1f>] ? sysenter_do_call+0x12/0x28
Code: b4 26 00 00 00 00 b8 20 88 b1 c0 c7 44 24 08 ff ff ff ff e8 3e 52 22 00 f6 83 24 04 00 00 20 75 34 8b 43 08 8d 4c 24 08 8b 53 1c <8b> 70 40 89 4c 24 04 89 f9 c7 04 24 04 00 00 00 ff 16 89 c6 f0
EIP: [<c05c82d5>] pci_user_read_config_dword+0x65/0xa0 SS:ESP 0068:e144df0c
CR2: 0000000000000042

Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
2010-07-30 09:29:33 -07:00
..
accessibility
acpi ACPI: Disable ASPM if the platform won't provide _OSC control for PCIe 2010-07-30 09:29:17 -07:00
amba
ata ata_generic: implement ATA_GEN_* flags and force enable DMA on MBP 7,1 2010-07-01 15:34:48 -04:00
atm Merge remote branch 'origin' into secretlab/next-devicetree 2010-05-22 00:36:56 -06:00
auxdisplay auxdisplay: section cleanup in cfag12864bfb driver 2010-05-25 08:07:09 -07:00
base Driver-core: Always create class directories for classses that support namespaces. 2010-07-26 08:05:31 -07:00
block cciss: set SCSI max cmd len to 16, as default is wrong 2010-06-15 08:12:34 +02:00
bluetooth drivers: bluetooth: bluecard_cs.c: Fixed include error, changed to linux/io.h 2010-07-01 21:28:14 -07:00
cdrom
char Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/anholt/drm-intel 2010-07-26 13:04:25 -07:00
clocksource Andres has moved 2010-07-20 16:25:41 -07:00
connector
cpufreq [CPUFREQ] fix memory leak in cpufreq_add_dev 2010-07-26 15:25:33 -04:00
cpuidle sched: Cure nr_iowait_cpu() users 2010-07-01 09:39:48 +02:00
crypto crypto: talitos - fix bug in sg_copy_end_to_buffer 2010-07-19 14:11:24 +08:00
dca
dio
dma of/dma: fix build breakage in ppc4xx adma driver 2010-07-02 15:46:17 -06:00
edac edac: mpc85xx: fix coldplug/hotplug module autoloading 2010-07-27 14:32:06 -07:00
eisa
firewire firewire: core: check for 1394a compliant IRM, fix inaccessibility of Sony camcorder 2010-06-02 19:48:13 +02:00
firmware sysfs: add struct file* to bin_attr callbacks 2010-05-21 09:37:31 -07:00
gpio gpio: fix spurious printk when freeing a gpio 2010-07-27 14:32:07 -07:00
gpu drm/i915: make sure we shut off the panel in eDP configs 2010-07-26 15:34:16 -07:00
hid HID: Send Report ID when numbered reports are sent over the control endpoint. 2010-07-11 23:13:15 +02:00
hwmon hwmon: (coretemp) Properly label the sensors 2010-07-09 16:22:51 +02:00
i2c Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2010-07-11 13:35:34 -07:00
ide powerpc/macio: Fix probing of macio devices by using the right of match table 2010-06-02 17:50:38 +10:00
idle intel_idle: native hardware cpuidle driver for latest Intel processors 2010-05-28 14:26:20 -04:00
ieee1394 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2010-05-27 10:22:06 -07:00
ieee802154
infiniband IB/qib: Use request_firmware() to load SD7220 firmware 2010-07-08 13:27:05 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2010-07-22 11:46:15 -07:00
isdn ISDN: hysdn, fix potential NULL dereference 2010-06-26 22:12:02 -07:00
leds i2c: Remove all i2c_set_clientdata(client, NULL) in drivers 2010-06-03 11:33:58 +02:00
lguest
macintosh Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2010-06-03 15:46:37 -07:00
mca
md md/raid5: don't include 'spare' drives when reshaping to fewer devices. 2010-06-24 13:36:04 +10:00
media V4L/DVB: v4l: mem2mem_testdev: fix g_fmt NULL pointer dereference 2010-07-08 16:50:24 -03:00
memstick
message drivers/message/i2o/i2o_config.c: use memdup_user 2010-05-27 09:12:41 -07:00
mfd i2c: Remove all i2c_set_clientdata(client, NULL) in drivers 2010-06-03 11:33:58 +02:00
misc Andres has moved 2010-07-20 16:25:41 -07:00
mmc sdhci-s3c: add missing remove function 2010-07-20 16:25:41 -07:00
mtd Merge git://git.infradead.org/~dwmw2/mtd-2.6.35 2010-06-07 17:10:06 -07:00
net PCI: change device runtime PM settings for probe and remove 2010-07-30 09:29:09 -07:00
nubus
of Merge remote branch 'origin' into secretlab/next-devicetree 2010-05-22 00:36:56 -06:00
oprofile
parisc
parport m68k: amiga - Parallel port platform device conversion 2010-05-26 19:51:09 +02:00
pci PCI: kernel oops on access to pci proc file while hot-removal 2010-07-30 09:29:33 -07:00
pcmcia Merge master.kernel.org:/home/rmk/linux-2.6-arm 2010-07-26 08:20:38 -07:00
platform intel_scu_ipc: Oops/crash fixes 2010-07-19 13:17:37 -07:00
pnp
power Merge git://git.infradead.org/users/cbou/battery-2.6.35 2010-07-27 09:22:55 -07:00
pps
ps3
rapidio rapidio: fix new kernel-doc warnings 2010-05-30 09:02:47 -07:00
regulator regulator: tps6507x: allow driver to use DEFDCDC{2,3}_HIGH register 2010-07-28 15:09:26 +01:00
rtc drivers/rtc/rtc-rx8581.c: fix setdatetime 2010-07-27 14:32:06 -07:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6 2010-07-28 20:00:42 -07:00
sbus drivers/sbus: Remove unnecessary casts of private_data 2010-07-12 21:16:04 -07:00
scsi [SCSI] ibmvscsi: Fix oops when an interrupt is pending during probe 2010-07-27 11:53:23 -05:00
serial serial: fix rs485 for atmel_serial on avr32 2010-07-26 11:59:31 -07:00
sfi SFI: do not return freed pointer 2010-06-01 12:04:35 -04:00
sh sh: Make intc messages consistent via pr_fmt. 2010-06-02 18:10:00 +09:00
sn
spi powerpc/cpm: Reintroduce global spi_pram struct (fixes build issue) 2010-07-11 11:03:22 -05:00
ssb ssb: fix NULL ptr deref when pcihost_wrapper is used 2010-05-28 13:57:01 -04:00
staging Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6 2010-06-30 15:45:59 -07:00
tc
telephony drivers/telephony/ixj.c: use memdup_user 2010-05-27 09:12:42 -07:00
thermal
uio
usb Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6 2010-07-26 13:06:39 -07:00
uwb
vhost Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-07-20 16:26:42 -07:00
video VIDEO: Au1100fb: Fix section mismatch 2010-07-26 19:08:15 +01:00
virtio virtio: fix oops on OOM 2010-07-26 08:05:31 -07:00
vlynq
w1 sysfs: add struct file* to bin_attr callbacks 2010-05-21 09:37:31 -07:00
watchdog watchdog: at32ap700x_wdt: register misc device last in probe() function 2010-06-17 09:56:57 +00:00
xen xen: avoid allocation causing potential swap activity on the resume path 2010-06-03 09:34:45 +01:00
zorro sysfs: add struct file* to bin_attr callbacks 2010-05-21 09:37:31 -07:00
Kconfig
Makefile intel_idle: native hardware cpuidle driver for latest Intel processors 2010-05-28 14:26:20 -04:00