[PATCH 1/3] powerpc/eeh: Null check uses of eeh_pe_bus_get

[PATCH 1/3] powerpc/eeh: Null check uses of eeh_pe_bus_get

[Russell Currey]

eeh_pe_bus_get() can return NULL if a PCI bus isn't found for a given PE.
Some callers don't check this, and can cause a null pointer dereference
under certain circumstances.

Fix this by checking NULL everywhere eeh_pe_bus_get() is called.

Cc: stable #3.10+
Signed-off-by: Russell Currey <ruscur@russell.cc>
---
 arch/powerpc/kernel/eeh_driver.c             | 8 ++++++++
 arch/powerpc/platforms/powernv/eeh-powernv.c | 5 +++++
 2 files changed, 13 insertions(+)

diff --git a/arch/powerpc/kernel/eeh_driver.c b/arch/powerpc/kernel/eeh_driver.c
index 5f36e8a..29aa8d1 100644
--- a/arch/powerpc/kernel/eeh_driver.c
+++ b/arch/powerpc/kernel/eeh_driver.c
@@ -994,6 +994,14 @@ static void eeh_handle_special_event(void)
 				/* Notify all devices to be down */
 				eeh_pe_state_clear(pe, EEH_PE_PRI_BUS);
 				bus = eeh_pe_bus_get(phb_pe);
+				if (!bus) {
+					pr_err("%s: Cannot find PCI bus for "
+					       "PHB#%d-PE#%x\n",
+					       __func__,
+					       pe->phb->global_number,
+					       pe->addr);
+					break;
+				}
 				eeh_pe_dev_traverse(pe,
 					eeh_report_failure, NULL);
 				pci_hp_remove_devices(bus);
diff --git a/arch/powerpc/platforms/powernv/eeh-powernv.c b/arch/powerpc/platforms/powernv/eeh-powernv.c
index 86544ea..cb08e6a 100644
--- a/arch/powerpc/platforms/powernv/eeh-powernv.c
+++ b/arch/powerpc/platforms/powernv/eeh-powernv.c
@@ -1091,6 +1091,11 @@ static int pnv_eeh_reset(struct eeh_pe *pe, int option)
 	}
 
 	bus = eeh_pe_bus_get(pe);
+	if (!bus) {
+		pr_err("%s: Cannot find PCI bus for PHB#%d-PE#%x\n",
+			__func__, pe->phb->global_number, pe->addr);
+		return -EIO;
+	}
 	if (pe->type & EEH_PE_VF)
 		return pnv_eeh_reset_vf_pe(pe, option);
 
-- 
2.9.3

[PATCH 2/3] powernv/eeh: Skip finding bus for VF resets

[Russell Currey]

When the PE used in pnv_eeh_reset() is that of a VF,
pnv_eeh_reset_vf_pe() is used.  Unlike the other reset functions called
in pnv_eeh_reset(), the VF reset doesn't require a bus, and if a bus was
missing the function would error out before resetting the VF PE.

To avoid this, reorder the VF reset function to occur before finding and
checking the bus.

Cc: stable #3.10+
Signed-off-by: Russell Currey <ruscur@russell.cc>
---
 arch/powerpc/platforms/powernv/eeh-powernv.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/platforms/powernv/eeh-powernv.c b/arch/powerpc/platforms/powernv/eeh-powernv.c
index cb08e6a..68f1a85 100644
--- a/arch/powerpc/platforms/powernv/eeh-powernv.c
+++ b/arch/powerpc/platforms/powernv/eeh-powernv.c
@@ -1090,14 +1090,15 @@ static int pnv_eeh_reset(struct eeh_pe *pe, int option)
 		}
 	}
 
+	if (pe->type & EEH_PE_VF)
+		return pnv_eeh_reset_vf_pe(pe, option);
+
 	bus = eeh_pe_bus_get(pe);
 	if (!bus) {
 		pr_err("%s: Cannot find PCI bus for PHB#%d-PE#%x\n",
 			__func__, pe->phb->global_number, pe->addr);
 		return -EIO;
 	}
-	if (pe->type & EEH_PE_VF)
-		return pnv_eeh_reset_vf_pe(pe, option);
 
 	if (pci_is_root_bus(bus) ||
 	    pci_is_root_bus(bus->parent))
-- 
2.9.3

[PATCH 3/3] powerpc/eeh: Skip finding bus until after failure reporting

[Russell Currey]

In eeh_handle_special_event(), eeh_pe_bus_get() is called before calling
eeh_report_failure() on every device under a PE.  If a PE was missing a
bus for some reason, the error would occur before reporting failure, even
though eeh_report_failure() doesn't require a bus.

Fix this by moving the bus retrieval and error check after the
eeh_report_failure() calls.

Cc: stable #3.10+
Signed-off-by: Russell Currey <ruscur@russell.cc>
---
 arch/powerpc/kernel/eeh_driver.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/powerpc/kernel/eeh_driver.c b/arch/powerpc/kernel/eeh_driver.c
index 29aa8d1..a62be72 100644
--- a/arch/powerpc/kernel/eeh_driver.c
+++ b/arch/powerpc/kernel/eeh_driver.c
@@ -993,6 +993,8 @@ static void eeh_handle_special_event(void)
 
 				/* Notify all devices to be down */
 				eeh_pe_state_clear(pe, EEH_PE_PRI_BUS);
+				eeh_pe_dev_traverse(pe,
+					eeh_report_failure, NULL);
 				bus = eeh_pe_bus_get(phb_pe);
 				if (!bus) {
 					pr_err("%s: Cannot find PCI bus for "
@@ -1002,8 +1004,6 @@ static void eeh_handle_special_event(void)
 					       pe->addr);
 					break;
 				}
-				eeh_pe_dev_traverse(pe,
-					eeh_report_failure, NULL);
 				pci_hp_remove_devices(bus);
 			}
 			pci_unlock_rescan_remove();
-- 
2.9.3

Re: [PATCH 1/3] powerpc/eeh: Null check uses of eeh_pe_bus_get

[Andrew Donnellan]

On 12/09/16 14:17, Russell Currey wrote:
> eeh_pe_bus_get() can return NULL if a PCI bus isn't found for a given PE.
> Some callers don't check this, and can cause a null pointer dereference
> under certain circumstances.
>
> Fix this by checking NULL everywhere eeh_pe_bus_get() is called.
>
> Cc: stable #3.10+
> Signed-off-by: Russell Currey <ruscur@russell.cc>

Looks good to me.

Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>

-- 
Andrew Donnellan              OzLabs, ADL Canberra
andrew.donnellan@au1.ibm.com  IBM Australia Limited

Re: [PATCH 3/3] powerpc/eeh: Skip finding bus until after failure reporting

[Andrew Donnellan]

On 12/09/16 14:17, Russell Currey wrote:
> In eeh_handle_special_event(), eeh_pe_bus_get() is called before calling
> eeh_report_failure() on every device under a PE.  If a PE was missing a
> bus for some reason, the error would occur before reporting failure, even
> though eeh_report_failure() doesn't require a bus.
>
> Fix this by moving the bus retrieval and error check after the
> eeh_report_failure() calls.
>
> Cc: stable #3.10+
> Signed-off-by: Russell Currey <ruscur@russell.cc>

Looks good to me.

Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>

-- 
Andrew Donnellan              OzLabs, ADL Canberra
andrew.donnellan@au1.ibm.com  IBM Australia Limited

Re: [PATCH 2/3] powernv/eeh: Skip finding bus for VF resets

[Andrew Donnellan]

On 12/09/16 14:17, Russell Currey wrote:
> When the PE used in pnv_eeh_reset() is that of a VF,
> pnv_eeh_reset_vf_pe() is used.  Unlike the other reset functions called
> in pnv_eeh_reset(), the VF reset doesn't require a bus, and if a bus was
> missing the function would error out before resetting the VF PE.
>
> To avoid this, reorder the VF reset function to occur before finding and
> checking the bus.
>
> Cc: stable #3.10+
> Signed-off-by: Russell Currey <ruscur@russell.cc>

Looks good to me. Personally I'd put all 3 of these patches into one, 
not that I care too much.

Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>

-- 
Andrew Donnellan              OzLabs, ADL Canberra
andrew.donnellan@au1.ibm.com  IBM Australia Limited

Re: [1/3] powerpc/eeh: Null check uses of eeh_pe_bus_get

[Michael Ellerman]

On Mon, 2016-12-09 at 04:17:22 UTC, Russell Currey wrote:
> eeh_pe_bus_get() can return NULL if a PCI bus isn't found for a given PE.
> Some callers don't check this, and can cause a null pointer dereference
> under certain circumstances.
> 
> Fix this by checking NULL everywhere eeh_pe_bus_get() is called.
> 
> Cc: stable #3.10+

This looks like it's a fix for 8a6b1bc70dbb ("powerpc/eeh: EEH core to handle
special event") ?

Which was merged in v3.11-rc1.

If so I'll add a fixes line pointing at that commit and update the stable tag to
v3.11+.

cheers

Re: [1/3] powerpc/eeh: Null check uses of eeh_pe_bus_get

[Russell Currey]

On Wed, 2016-09-21 at 14:02 +1000, Michael Ellerman wrote:
> On Mon, 2016-12-09 at 04:17:22 UTC, Russell Currey wrote:
> > 
> > eeh_pe_bus_get() can return NULL if a PCI bus isn't found for a given PE.
> > Some callers don't check this, and can cause a null pointer dereference
> > under certain circumstances.
> > 
> > Fix this by checking NULL everywhere eeh_pe_bus_get() is called.
> > 
> > Cc: stable #3.10+
> 
> This looks like it's a fix for 8a6b1bc70dbb ("powerpc/eeh: EEH core to handle
> special event") ?
> 
> Which was merged in v3.11-rc1.
> 
> If so I'll add a fixes line pointing at that commit and update the stable tag
> to
> v3.11+.

Thanks.

Also, the other two patches in this series shouldn't go to stable, that was my
mistake.

> 
> cheers

Re: [1/3] powerpc/eeh: Null check uses of eeh_pe_bus_get

[Michael Ellerman]

On Mon, 2016-12-09 at 04:17:22 UTC, Russell Currey wrote:
> eeh_pe_bus_get() can return NULL if a PCI bus isn't found for a given PE.
> Some callers don't check this, and can cause a null pointer dereference
> under certain circumstances.
> 
> Fix this by checking NULL everywhere eeh_pe_bus_get() is called.
> 
> Fixes: 8a6b1bc70dbb ("powerpc/eeh: EEH core to handle special event")
> Cc: stable@vger.kernel.org # v3.11+
> Signed-off-by: Russell Currey <ruscur@russell.cc>
> Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>

Series applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/04fec21c06e35b169a83e75a84

cheers