Kenji Kaneshige 8cc2bfd87f PCI: kernel oops on access to pci proc file while hot-removal ... I encountered the problem that /proc/bus/pci/XX/YY is not removed even after the corresponding device is hot-removed, if the file is still being opened. In addtion, accessing this file in this situation causes kernel panic (see below). Becasue the pci_proc_detach_device() doesn't call remove_proc_entry() if struct proc_dir_entry->count > 1, access to /proc/bus/pci/XX/YY would refer to struct pci_dev that was already freed. Though I don't know why the check for proc_dir_entry->count was added, I don't think it is needed. Removing this check fixes the problem. Steps to reproduce ------------------ # cd /sys/bus/pci/slots/2/ # PROC_BUS_PCI_FILE=/proc/bus/pci/`awk -F: '{print $2"/"$3}' < address`.0 # sleep 10000 < $PROC_BUS_PCI_FILE & # echo 0 > power # while true; do cat $PROC_BUS_PCI_FILE > /dev/null; done Oops Messages ------------- BUG: unable to handle kernel NULL pointer dereference at 00000042 IP: [<c05c82d5>] pci_user_read_config_dword+0x65/0xa0 *pdpt = 000000002185e001 *pde = 0000000476a79067 Oops: 0000 [#1] SMP last sysfs file: /sys/devices/pci0000:00/0000:00:1c.0/0000:10:00.0/local_cpus Modules linked in: autofs4 sunrpc cpufreq_ondemand acpi_cpufreq ipv6 dm_mirror dm_region_hash dm_log dm_mod e1000e i2c_i801 i2c_core iTCO_wdt igb sg pcspkr dca iTCO_vendor_support ext4 mbcache jbd2 sd_mod crc_t10dif lpfc mptsas scsi_transport_fc mptscsih mptbase scsi_tgt scsi_transport_sas [last unloaded: microcode] Pid: 2997, comm: cat Not tainted 2.6.34-kk #32 SB/PRIMEQUEST 1800E EIP: 0060:[<c05c82d5>] EFLAGS: 00010046 CPU: 19 EIP is at pci_user_read_config_dword+0x65/0xa0 EAX: 00000002 EBX: e44f1800 ECX: e144df14 EDX: 155668c7 ESI: 00000087 EDI: 00000000 EBP: e144df40 ESP: e144df0c DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 Process cat (pid: 2997, ti=e144c000 task=e26f2570 task.ti=e144c000) Stack: c09ceac0 c0570f72 ffffffff 08c57000 00000000 00001000 e44f1800 c05d2404 <0> e144df40 00001000 00000000 00001000 08c57000 3093ae50 e420cb40 e358d5c0 <0> c05d2300 fffffffb c054984f e144df9c 00008000 08c57000 e358d5c0 00008000 Call Trace: [<c0570f72>] ? security_capable+0x22/0x30 [<c05d2404>] ? proc_bus_pci_read+0x104/0x220 [<c05d2300>] ? proc_bus_pci_read+0x0/0x220 [<c054984f>] ? proc_reg_read+0x5f/0x90 [<c05497f0>] ? proc_reg_read+0x0/0x90 [<c050694d>] ? vfs_read+0x9d/0x190 [<c04958f4>] ? audit_syscall_entry+0x204/0x230 [<c0506a81>] ? sys_read+0x41/0x70 [<c0402f1f>] ? sysenter_do_call+0x12/0x28 Code: b4 26 00 00 00 00 b8 20 88 b1 c0 c7 44 24 08 ff ff ff ff e8 3e 52 22 00 f6 83 24 04 00 00 20 75 34 8b 43 08 8d 4c 24 08 8b 53 1c <8b> 70 40 89 4c 24 04 89 f9 c7 04 24 04 00 00 00 ff 16 89 c6 f0 EIP: [<c05c82d5>] pci_user_read_config_dword+0x65/0xa0 SS:ESP 0068:e144df0c CR2: 0000000000000042 Acked-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>		2010-07-30 09:29:33 -07:00
..
hotplug	PCI hotplug: shpchp: Removed check for hotplug of display devices	2010-07-30 09:29:16 -07:00
pcie	PCI: Don't enable aspm before drivers have had a chance to veto it	2010-07-30 09:29:15 -07:00
.gitignore
access.c	PCI: output FW warning in pci_read/write_vpd	2010-05-18 15:00:25 -07:00
bus.c	PCI: check return value of pci_enable_device() when enabling bridges	2010-07-30 09:29:14 -07:00
dmar.c	Merge git://git.infradead.org/iommu-2.6	2010-05-21 17:25:01 -07:00
hotplug-pci.c
hotplug.c
htirq.c	include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h	2010-03-30 22:02:32 +09:00
intel-iommu.c	intel-iommu: Force-disable IOMMU for iGFX on broken Cantiga revisions.	2010-06-15 10:57:57 +01:00
intr_remapping.c	Merge git://git.infradead.org/iommu-2.6	2010-05-21 17:25:01 -07:00
intr_remapping.h	intr-remap: generic support for remapping HPET MSIs	2009-08-27 23:33:20 +02:00
ioapic.c	include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h	2010-03-30 22:02:32 +09:00
iov.c	include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h	2010-03-30 22:02:32 +09:00
iova.c	intel-iommu: Remove superfluous iova_alloc_lock from IOVA code	2009-07-15 08:17:02 +01:00
irq.c
Kconfig	PCI: change PCI_MSI help text to recommend enabling	2010-05-11 12:01:10 -07:00
Makefile	microblaze: Enable PCI, missing files	2010-03-11 14:04:27 +01:00
msi.c	PCI: fix wrong memory address handling in MSI-X	2010-07-30 09:29:14 -07:00
msi.h	PCI MSI: shorten PCI_MSIX_ENTRY_* symbol names	2009-06-29 12:15:19 -07:00
pci-acpi.c	Merge branch 'acpica' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6	2010-03-01 10:36:22 -08:00
pci-driver.c	PCI: change device runtime PM settings for probe and remove	2010-07-30 09:29:09 -07:00
pci-stub.c	PCI: pci-stub: add pci_stub.ids parameter	2009-09-09 13:44:34 -07:00
pci-sysfs.c	PCI: pci-sysfs: remove casts from void*	2010-07-30 09:29:18 -07:00
pci.c	virtio-pci: disable msi at startup	2010-06-23 22:49:07 +09:30
pci.h	PCI: make bitfield unsigned	2010-05-11 10:07:20 +02:00
probe.c	ACPI, APEI, PCIE AER, use general HEST table parsing in AER firmware_first setup	2010-05-19 22:40:14 -04:00
proc.c	PCI: kernel oops on access to pci proc file while hot-removal	2010-07-30 09:29:33 -07:00
quirks.c	PCI: disable MSI on VIA K8M800	2010-07-30 09:29:12 -07:00
remove.c
rom.c
search.c	include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h	2010-03-30 22:02:32 +09:00
setup-bus.c	PCI hotplug: make sure child bridges are enabled at hotplug time	2010-07-30 09:29:16 -07:00
setup-irq.c
setup-res.c	PCI: fall back to original BIOS BAR addresses	2010-07-16 11:39:48 -07:00
slot.c	Revert "PCI: create function symlinks in /sys/bus/pci/slots/N/"	2010-06-11 13:08:37 -07:00
syscall.c	headers: smp_lock.h redux	2009-07-12 12:22:34 -07:00
vpd.c	pci: Add helper to search for VPD keywords	2010-02-28 00:43:33 -08:00