From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: "Íñigo Huguet" <ihuguet@redhat.com>,
"David S . Miller" <davem@davemloft.net>,
"Sasha Levin" <sashal@kernel.org>,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 37/45] sfc: avoid double pci_remove of VFs
Date: Tue, 6 Jul 2021 07:27:41 -0400 [thread overview]
Message-ID: <20210706112749.2065541-37-sashal@kernel.org> (raw)
In-Reply-To: <20210706112749.2065541-1-sashal@kernel.org>
From: Íñigo Huguet <ihuguet@redhat.com>
[ Upstream commit 45423cff1db66cf0993e8a9bd0ac93e740149e49 ]
If pci_remove was called for a PF with VFs, the removal of the VFs was
called twice from efx_ef10_sriov_fini: one directly with pci_driver->remove
and another implicit by calling pci_disable_sriov, which also perform
the VFs remove. This was leading to crashing the kernel on the second
attempt.
Given that pci_disable_sriov already calls to pci remove function, get
rid of the direct call to pci_driver->remove from the driver.
2 different ways to trigger the bug:
- Create one or more VFs, then attach the PF to a virtual machine (at
least with qemu/KVM)
- Create one or more VFs, then remove the PF with:
echo 1 > /sys/bus/pci/devices/PF_PCI_ID/remove
Removing sfc module does not trigger the error, at least for me, because
it removes the VF first, and then the PF.
Example of a log with the error:
list_del corruption, ffff967fd20a8ad0->next is LIST_POISON1 (dead000000000100)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:47!
[...trimmed...]
RIP: 0010:__list_del_entry_valid.cold.1+0x12/0x4c
[...trimmed...]
Call Trace:
efx_dissociate+0x1f/0x140 [sfc]
efx_pci_remove+0x27/0x150 [sfc]
pci_device_remove+0x3b/0xc0
device_release_driver_internal+0x103/0x1f0
pci_stop_bus_device+0x69/0x90
pci_stop_and_remove_bus_device+0xe/0x20
pci_iov_remove_virtfn+0xba/0x120
sriov_disable+0x2f/0xe0
efx_ef10_pci_sriov_disable+0x52/0x80 [sfc]
? pcie_aer_is_native+0x12/0x40
efx_ef10_sriov_fini+0x72/0x110 [sfc]
efx_pci_remove+0x62/0x150 [sfc]
pci_device_remove+0x3b/0xc0
device_release_driver_internal+0x103/0x1f0
unbind_store+0xf6/0x130
kernfs_fop_write+0x116/0x190
vfs_write+0xa5/0x1a0
ksys_write+0x4f/0xb0
do_syscall_64+0x5b/0x1a0
entry_SYSCALL_64_after_hwframe+0x65/0xca
Signed-off-by: Íñigo Huguet <ihuguet@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/sfc/ef10_sriov.c | 10 +---------
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/drivers/net/ethernet/sfc/ef10_sriov.c b/drivers/net/ethernet/sfc/ef10_sriov.c
index 019cef1d3cf7..76c8d50882fc 100644
--- a/drivers/net/ethernet/sfc/ef10_sriov.c
+++ b/drivers/net/ethernet/sfc/ef10_sriov.c
@@ -443,7 +443,6 @@ int efx_ef10_sriov_init(struct efx_nic *efx)
void efx_ef10_sriov_fini(struct efx_nic *efx)
{
struct efx_ef10_nic_data *nic_data = efx->nic_data;
- unsigned int i;
int rc;
if (!nic_data->vf) {
@@ -453,14 +452,7 @@ void efx_ef10_sriov_fini(struct efx_nic *efx)
return;
}
- /* Remove any VFs in the host */
- for (i = 0; i < efx->vf_count; ++i) {
- struct efx_nic *vf_efx = nic_data->vf[i].efx;
-
- if (vf_efx)
- vf_efx->pci_dev->driver->remove(vf_efx->pci_dev);
- }
-
+ /* Disable SRIOV and remove any VFs in the host */
rc = efx_ef10_pci_sriov_disable(efx, true);
if (rc)
netif_dbg(efx, drv, efx->net_dev,
--
2.30.2
next prev parent reply other threads:[~2021-07-06 11:54 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 11:27 [PATCH AUTOSEL 4.14 01/45] drm/etnaviv: fix NULL check before some freeing functions is not needed Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 02/45] drm/mxsfb: Don't select DRM_KMS_FB_HELPER Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 03/45] drm/zte: " Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 04/45] drm/amd/amdgpu/sriov disable all ip hw status by default Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 05/45] net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 06/45] hugetlb: clear huge pte during flush function on mips platform Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 07/45] atm: iphase: fix possible use-after-free in ia_module_exit() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 08/45] mISDN: fix possible use-after-free in HFC_cleanup() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 09/45] atm: nicstar: Fix possible use-after-free in nicstar_cleanup() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 10/45] net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 11/45] reiserfs: add check for invalid 1st journal block Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 12/45] drm/virtio: Fixes a potential NULL pointer dereference on probe failure Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 13/45] drm/virtio: Fix double free " Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 14/45] udf: Fix NULL pointer dereference in udf_symlink function Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 15/45] e100: handle eeprom as little endian Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 16/45] clk: renesas: r8a77995: Add ZA2 clock Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 17/45] clk: tegra: Ensure that PLLU configuration is applied properly Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 18/45] ipv6: use prandom_u32() for ID generation Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 19/45] RDMA/cxgb4: Fix missing error code in create_qp() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 20/45] dm space maps: don't reset space map allocation cursor when committing Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 21/45] virtio_net: Remove BUG() to avoid machine dead Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 22/45] net: bcmgenet: check return value after calling platform_get_resource() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 23/45] net: micrel: " Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 24/45] net: moxa: Use devm_platform_get_and_ioremap_resource() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 25/45] fjes: check return value after calling platform_get_resource() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 26/45] selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 27/45] xfrm: Fix error reporting in xfrm_state_construct Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 28/45] wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 29/45] wl1251: Fix possible buffer overflow in wl1251_cmd_scan Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 30/45] cw1200: add missing MODULE_DEVICE_TABLE Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 31/45] MIPS: add PMD table accounting into MIPS'pmd_alloc_one Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 32/45] atm: nicstar: use 'dma_free_coherent' instead of 'kfree' Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 33/45] atm: nicstar: register the interrupt handler in the right place Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 34/45] vsock: notify server to shutdown when client has pending signal Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 35/45] RDMA/rxe: Don't overwrite errno from ib_umem_get() Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 36/45] iwlwifi: mvm: don't change band on bound PHY contexts Sasha Levin
2021-07-06 11:27 ` Sasha Levin [this message]
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 38/45] sfc: error code if SRIOV cannot be disabled Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 39/45] wireless: wext-spy: Fix out-of-bounds warning Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 40/45] RDMA/cma: Fix rdma_resolve_route() memory leak Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 41/45] Bluetooth: Fix the HCI to MGMT status conversion table Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 42/45] Bluetooth: Shutdown controller after workqueues are flushed or cancelled Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 43/45] Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 44/45] sctp: validate from_addr_param return Sasha Levin
2021-07-06 11:27 ` [PATCH AUTOSEL 4.14 45/45] sctp: add size validation when walking chunks Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210706112749.2065541-37-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=ihuguet@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).