From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Matthew Rosato <mjrosato@linux.ibm.com>,
Niklas Schnelle <schnelle@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 19/97] s390/pci: improve zpci_dev reference counting
Date: Mon, 23 May 2022 19:05:23 +0200 [thread overview]
Message-ID: <20220523165815.319610610@linuxfoundation.org> (raw)
In-Reply-To: <20220523165812.244140613@linuxfoundation.org>
From: Niklas Schnelle <schnelle@linux.ibm.com>
[ Upstream commit c122383d221dfa2f41cfe5e672540595de986fde ]
Currently zpci_dev uses kref based reference counting but only accounts
for one original reference plus one reference from an added pci_dev to
its underlying zpci_dev. Counting just the original reference worked
until the pci_dev reference was added in commit 2a671f77ee49 ("s390/pci:
fix use after free of zpci_dev") because once a zpci_dev goes away, i.e.
enters the reserved state, it would immediately get released. However
with the pci_dev reference this is no longer the case and the zpci_dev
may still appear in multiple availability events indicating that it was
reserved. This was solved by detecting when the zpci_dev is already on
its way out but still hanging around. This has however shown some light
on how unusual our zpci_dev reference counting is.
Improve upon this by modelling zpci_dev reference counting on pci_dev.
Analogous to pci_get_slot() increment the reference count in
get_zdev_by_fid(). Thus all users of get_zdev_by_fid() must drop the
reference once they are done with the zpci_dev.
Similar to pci_scan_single_device(), zpci_create_device() returns the
device with an initial count of 1 and the device added to the zpci_list
(analogous to the PCI bus' device_list). In turn users of
zpci_create_device() must only drop the reference once the device is
gone from the point of view of the zPCI subsystem, it might still be
referenced by the common PCI subsystem though.
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/s390/pci/pci.c | 1 +
arch/s390/pci/pci_bus.h | 3 ++-
arch/s390/pci/pci_clp.c | 9 +++++++--
arch/s390/pci/pci_event.c | 7 ++++++-
4 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c
index e14e4a3a647a..74799439b259 100644
--- a/arch/s390/pci/pci.c
+++ b/arch/s390/pci/pci.c
@@ -69,6 +69,7 @@ struct zpci_dev *get_zdev_by_fid(u32 fid)
list_for_each_entry(tmp, &zpci_list, entry) {
if (tmp->fid == fid) {
zdev = tmp;
+ zpci_zdev_get(zdev);
break;
}
}
diff --git a/arch/s390/pci/pci_bus.h b/arch/s390/pci/pci_bus.h
index 55c9488e504c..8d2fcd091ca7 100644
--- a/arch/s390/pci/pci_bus.h
+++ b/arch/s390/pci/pci_bus.h
@@ -13,7 +13,8 @@ void zpci_bus_device_unregister(struct zpci_dev *zdev);
void zpci_release_device(struct kref *kref);
static inline void zpci_zdev_put(struct zpci_dev *zdev)
{
- kref_put(&zdev->kref, zpci_release_device);
+ if (zdev)
+ kref_put(&zdev->kref, zpci_release_device);
}
static inline void zpci_zdev_get(struct zpci_dev *zdev)
diff --git a/arch/s390/pci/pci_clp.c b/arch/s390/pci/pci_clp.c
index 0a0e8b8293be..d1a5c80a41cb 100644
--- a/arch/s390/pci/pci_clp.c
+++ b/arch/s390/pci/pci_clp.c
@@ -22,6 +22,8 @@
#include <asm/clp.h>
#include <uapi/asm/clp.h>
+#include "pci_bus.h"
+
bool zpci_unique_uid;
void update_uid_checking(bool new)
@@ -372,8 +374,11 @@ static void __clp_add(struct clp_fh_list_entry *entry, void *data)
return;
zdev = get_zdev_by_fid(entry->fid);
- if (!zdev)
- zpci_create_device(entry->fid, entry->fh, entry->config_state);
+ if (zdev) {
+ zpci_zdev_put(zdev);
+ return;
+ }
+ zpci_create_device(entry->fid, entry->fh, entry->config_state);
}
int clp_scan_pci_devices(void)
diff --git a/arch/s390/pci/pci_event.c b/arch/s390/pci/pci_event.c
index b7cfde7e80a8..6ced44b5be8a 100644
--- a/arch/s390/pci/pci_event.c
+++ b/arch/s390/pci/pci_event.c
@@ -61,10 +61,12 @@ static void __zpci_event_error(struct zpci_ccdf_err *ccdf)
pdev ? pci_name(pdev) : "n/a", ccdf->pec, ccdf->fid);
if (!pdev)
- return;
+ goto no_pdev;
pdev->error_state = pci_channel_io_perm_failure;
pci_dev_put(pdev);
+no_pdev:
+ zpci_zdev_put(zdev);
}
void zpci_event_error(void *data)
@@ -76,6 +78,7 @@ void zpci_event_error(void *data)
static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf)
{
struct zpci_dev *zdev = get_zdev_by_fid(ccdf->fid);
+ bool existing_zdev = !!zdev;
enum zpci_state state;
struct pci_dev *pdev;
int ret;
@@ -161,6 +164,8 @@ static void __zpci_event_availability(struct zpci_ccdf_avail *ccdf)
default:
break;
}
+ if (existing_zdev)
+ zpci_zdev_put(zdev);
}
void zpci_event_availability(void *data)
--
2.35.1
next prev parent reply other threads:[~2022-05-23 17:28 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-23 17:05 [PATCH 5.10 00/97] 5.10.118-rc1 review Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 01/97] usb: gadget: fix race when gadget driver register via ioctl Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 02/97] io_uring: always grab file table for deferred statx Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 03/97] floppy: use a statically allocated error counter Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 04/97] Revert "drm/i915/opregion: check port number bounds for SWSCI display power state" Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 05/97] igc: Remove _I_PHY_ID checking Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 06/97] igc: Remove phy->type checking Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 07/97] igc: Update I226_K device ID Greg Kroah-Hartman
2022-05-25 10:45 ` Pavel Machek
2022-05-26 4:02 ` Neftin, Sasha
2022-05-23 17:05 ` [PATCH 5.10 08/97] rtc: fix use-after-free on device removal Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 09/97] rtc: pcf2127: fix bug when reading alarm registers Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 10/97] um: Cleanup syscall_handler_t definition/cast, fix warning Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 11/97] Input: add bounds checking to input_set_capability() Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 12/97] Input: stmfts - fix reference leak in stmfts_input_open Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 13/97] nvme-pci: add quirks for Samsung X5 SSDs Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 14/97] gfs2: Disable page faults during lockless buffered reads Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 15/97] rtc: sun6i: Fix time overflow handling Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 16/97] crypto: stm32 - fix reference leak in stm32_crc_remove Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 17/97] crypto: x86/chacha20 - Avoid spurious jumps to other functions Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 18/97] ALSA: hda/realtek: Enable headset mic on Lenovo P360 Greg Kroah-Hartman
2022-05-23 17:05 ` Greg Kroah-Hartman [this message]
2022-05-23 17:05 ` [PATCH 5.10 20/97] vhost_vdpa: dont setup irq offloading when irq_num < 0 Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 21/97] tools/virtio: compile with -pthread Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 22/97] nvme-multipath: fix hang when disk goes live over reconnect Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 23/97] rtc: mc146818-lib: Fix the AltCentury for AMD platforms Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 24/97] fs: fix an infinite loop in iomap_fiemap Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 25/97] MIPS: lantiq: check the return value of kzalloc() Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 26/97] drbd: remove usage of list iterator variable after loop Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 27/97] platform/chrome: cros_ec_debugfs: detach log reader wq from devm Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 28/97] ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 29/97] nilfs2: fix lockdep warnings in page operations for btree nodes Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 30/97] nilfs2: fix lockdep warnings during disk space reclamation Greg Kroah-Hartman
2022-05-23 17:05 ` [PATCH 5.10 31/97] Revert "swiotlb: fix info leak with DMA_FROM_DEVICE" Greg Kroah-Hartman
2022-05-23 18:25 ` [PATCH 5.10 00/97] 5.10.118-rc1 review Florian Fainelli
2022-05-23 21:36 ` Daniel Díaz
2022-05-25 7:16 ` Greg Kroah-Hartman
2022-05-23 22:56 ` Shuah Khan
2022-05-24 9:24 ` Fox Chen
2022-05-24 14:49 ` Sudip Mukherjee
2022-05-24 15:25 ` Pavel Machek
2022-05-24 20:04 ` Guenter Roeck
2022-05-25 1:05 ` Samuel Zou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220523165815.319610610@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=gor@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mjrosato@linux.ibm.com \
--cc=sashal@kernel.org \
--cc=schnelle@linux.ibm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.