9d911d7903
An oops can occur if a user attempts to use both PCI logical hotplug and the ACPI physical hotplug driver (acpiphp) in this sequence, where $slot/address == $device. In other words, if acpiphp has claimed a PCI device, and that device is logically removed, then acpiphp may oops when it attempts to access it again. # echo 1 > /sys/bus/pci/devices/$device/remove # echo 0 > /sys/bus/pci/slots/$slot/power Unable to handle kernel NULL pointer dereference (address 0000000000000000) Call Trace: [<a000000100016390>] show_stack+0x50/0xa0 [<a000000100016c60>] show_regs+0x820/0x860 [<a00000010003b390>] die+0x190/0x2a0 [<a000000100066a40>] ia64_do_page_fault+0x8e0/0xa40 [<a00000010000c7a0>] ia64_native_leave_kernel+0x0/0x270 [<a0000001003b2660>] pci_remove_bus_device+0x120/0x260 [<a0000002060549f0>] acpiphp_disable_slot+0x410/0x540 [acpiphp] [<a0000002060505c0>] disable_slot+0xc0/0x120 [acpiphp] [<a0000002040d21c0>] power_write_file+0x1e0/0x2a0 [pci_hotplug] [<a0000001003bb820>] pci_slot_attr_store+0x60/0xa0 [<a000000100240f70>] sysfs_write_file+0x230/0x2c0 [<a000000100195750>] vfs_write+0x190/0x2e0 [<a0000001001961a0>] sys_write+0x80/0x100 [<a00000010000c600>] ia64_ret_from_syscall+0x0/0x20 [<a000000000010720>] __kernel_syscall_via_break+0x0/0x20 The root cause of this oops is that the logical remove ("echo 1 > /sys/bus/pci/devices/$device/remove") destroyed the pci_dev. The pci_dev struct itself wasn't deallocated because acpiphp kept a reference, but some of its fields became invalid. acpiphp doesn't have any real reason to keep a pointer to a pci_dev around. It can always derive it using pci_get_slot(). If a logical remove destroys the pci_dev, acpiphp won't find it and is thus prevented from causing mischief. Reviewed-by: Matthew Wilcox <willy@linux.intel.com> Reviewed-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com> Tested-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com> Reported-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com> Acked-by: Bjorn Helgaas <bjorn.helgaas@hp.com> Signed-off-by: Alex Chiang <achiang@hp.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
222 lines
6.2 KiB
C
222 lines
6.2 KiB
C
/*
|
|
* ACPI PCI Hot Plug Controller Driver
|
|
*
|
|
* Copyright (C) 1995,2001 Compaq Computer Corporation
|
|
* Copyright (C) 2001 Greg Kroah-Hartman (greg@kroah.com)
|
|
* Copyright (C) 2001 IBM Corp.
|
|
* Copyright (C) 2002 Hiroshi Aono (h-aono@ap.jp.nec.com)
|
|
* Copyright (C) 2002,2003 Takayoshi Kochi (t-kochi@bq.jp.nec.com)
|
|
* Copyright (C) 2002,2003 NEC Corporation
|
|
* Copyright (C) 2003-2005 Matthew Wilcox (matthew.wilcox@hp.com)
|
|
* Copyright (C) 2003-2005 Hewlett Packard
|
|
*
|
|
* All rights reserved.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or (at
|
|
* your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
|
|
* NON INFRINGEMENT. See the GNU General Public License for more
|
|
* details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
*
|
|
* Send feedback to <gregkh@us.ibm.com>,
|
|
* <t-kochi@bq.jp.nec.com>
|
|
*
|
|
*/
|
|
|
|
#ifndef _ACPIPHP_H
|
|
#define _ACPIPHP_H
|
|
|
|
#include <linux/acpi.h>
|
|
#include <linux/kobject.h>
|
|
#include <linux/mutex.h>
|
|
#include <linux/pci_hotplug.h>
|
|
|
|
#define dbg(format, arg...) \
|
|
do { \
|
|
if (acpiphp_debug) \
|
|
printk(KERN_DEBUG "%s: " format, \
|
|
MY_NAME , ## arg); \
|
|
} while (0)
|
|
#define err(format, arg...) printk(KERN_ERR "%s: " format, MY_NAME , ## arg)
|
|
#define info(format, arg...) printk(KERN_INFO "%s: " format, MY_NAME , ## arg)
|
|
#define warn(format, arg...) printk(KERN_WARNING "%s: " format, MY_NAME , ## arg)
|
|
|
|
struct acpiphp_bridge;
|
|
struct acpiphp_slot;
|
|
|
|
/*
|
|
* struct slot - slot information for each *physical* slot
|
|
*/
|
|
struct slot {
|
|
struct hotplug_slot *hotplug_slot;
|
|
struct acpiphp_slot *acpi_slot;
|
|
struct hotplug_slot_info info;
|
|
};
|
|
|
|
static inline const char *slot_name(struct slot *slot)
|
|
{
|
|
return hotplug_slot_name(slot->hotplug_slot);
|
|
}
|
|
|
|
/*
|
|
* struct acpiphp_bridge - PCI bridge information
|
|
*
|
|
* for each bridge device in ACPI namespace
|
|
*/
|
|
struct acpiphp_bridge {
|
|
struct list_head list;
|
|
acpi_handle handle;
|
|
struct acpiphp_slot *slots;
|
|
|
|
/* Ejectable PCI-to-PCI bridge (PCI bridge and PCI function) */
|
|
struct acpiphp_func *func;
|
|
|
|
int type;
|
|
int nr_slots;
|
|
|
|
u32 flags;
|
|
|
|
/* This bus (host bridge) or Secondary bus (PCI-to-PCI bridge) */
|
|
struct pci_bus *pci_bus;
|
|
|
|
/* PCI-to-PCI bridge device */
|
|
struct pci_dev *pci_dev;
|
|
|
|
/* ACPI 2.0 _HPP parameters */
|
|
struct hotplug_params hpp;
|
|
|
|
spinlock_t res_lock;
|
|
};
|
|
|
|
|
|
/*
|
|
* struct acpiphp_slot - PCI slot information
|
|
*
|
|
* PCI slot information for each *physical* PCI slot
|
|
*/
|
|
struct acpiphp_slot {
|
|
struct acpiphp_slot *next;
|
|
struct acpiphp_bridge *bridge; /* parent */
|
|
struct list_head funcs; /* one slot may have different
|
|
objects (i.e. for each function) */
|
|
struct slot *slot;
|
|
struct mutex crit_sect;
|
|
|
|
u8 device; /* pci device# */
|
|
|
|
unsigned long long sun; /* ACPI _SUN (slot unique number) */
|
|
u32 flags; /* see below */
|
|
};
|
|
|
|
|
|
/*
|
|
* struct acpiphp_func - PCI function information
|
|
*
|
|
* PCI function information for each object in ACPI namespace
|
|
* typically 8 objects per slot (i.e. for each PCI function)
|
|
*/
|
|
struct acpiphp_func {
|
|
struct acpiphp_slot *slot; /* parent */
|
|
struct acpiphp_bridge *bridge; /* Ejectable PCI-to-PCI bridge */
|
|
|
|
struct list_head sibling;
|
|
struct notifier_block nb;
|
|
acpi_handle handle;
|
|
|
|
u8 function; /* pci function# */
|
|
u32 flags; /* see below */
|
|
};
|
|
|
|
/*
|
|
* struct acpiphp_attention_info - device specific attention registration
|
|
*
|
|
* ACPI has no generic method of setting/getting attention status
|
|
* this allows for device specific driver registration
|
|
*/
|
|
struct acpiphp_attention_info
|
|
{
|
|
int (*set_attn)(struct hotplug_slot *slot, u8 status);
|
|
int (*get_attn)(struct hotplug_slot *slot, u8 *status);
|
|
struct module *owner;
|
|
};
|
|
|
|
struct acpiphp_ioapic {
|
|
struct pci_dev *dev;
|
|
u32 gsi_base;
|
|
struct list_head list;
|
|
};
|
|
|
|
/* PCI bus bridge HID */
|
|
#define ACPI_PCI_HOST_HID "PNP0A03"
|
|
|
|
/* PCI BRIDGE type */
|
|
#define BRIDGE_TYPE_HOST 0
|
|
#define BRIDGE_TYPE_P2P 1
|
|
|
|
/* ACPI _STA method value (ignore bit 4; battery present) */
|
|
#define ACPI_STA_PRESENT (0x00000001)
|
|
#define ACPI_STA_ENABLED (0x00000002)
|
|
#define ACPI_STA_SHOW_IN_UI (0x00000004)
|
|
#define ACPI_STA_FUNCTIONING (0x00000008)
|
|
#define ACPI_STA_ALL (0x0000000f)
|
|
|
|
/* bridge flags */
|
|
#define BRIDGE_HAS_STA (0x00000001)
|
|
#define BRIDGE_HAS_EJ0 (0x00000002)
|
|
#define BRIDGE_HAS_HPP (0x00000004)
|
|
#define BRIDGE_HAS_PS0 (0x00000010)
|
|
#define BRIDGE_HAS_PS1 (0x00000020)
|
|
#define BRIDGE_HAS_PS2 (0x00000040)
|
|
#define BRIDGE_HAS_PS3 (0x00000080)
|
|
|
|
/* slot flags */
|
|
|
|
#define SLOT_POWEREDON (0x00000001)
|
|
#define SLOT_ENABLED (0x00000002)
|
|
#define SLOT_MULTIFUNCTION (0x00000004)
|
|
|
|
/* function flags */
|
|
|
|
#define FUNC_HAS_STA (0x00000001)
|
|
#define FUNC_HAS_EJ0 (0x00000002)
|
|
#define FUNC_HAS_PS0 (0x00000010)
|
|
#define FUNC_HAS_PS1 (0x00000020)
|
|
#define FUNC_HAS_PS2 (0x00000040)
|
|
#define FUNC_HAS_PS3 (0x00000080)
|
|
#define FUNC_HAS_DCK (0x00000100)
|
|
|
|
/* function prototypes */
|
|
|
|
/* acpiphp_core.c */
|
|
extern int acpiphp_register_attention(struct acpiphp_attention_info*info);
|
|
extern int acpiphp_unregister_attention(struct acpiphp_attention_info *info);
|
|
extern int acpiphp_register_hotplug_slot(struct acpiphp_slot *slot);
|
|
extern void acpiphp_unregister_hotplug_slot(struct acpiphp_slot *slot);
|
|
|
|
/* acpiphp_glue.c */
|
|
extern int acpiphp_glue_init (void);
|
|
extern void acpiphp_glue_exit (void);
|
|
extern int acpiphp_get_num_slots (void);
|
|
typedef int (*acpiphp_callback)(struct acpiphp_slot *slot, void *data);
|
|
|
|
extern int acpiphp_enable_slot (struct acpiphp_slot *slot);
|
|
extern int acpiphp_disable_slot (struct acpiphp_slot *slot);
|
|
extern int acpiphp_eject_slot (struct acpiphp_slot *slot);
|
|
extern u8 acpiphp_get_power_status (struct acpiphp_slot *slot);
|
|
extern u8 acpiphp_get_attention_status (struct acpiphp_slot *slot);
|
|
extern u8 acpiphp_get_latch_status (struct acpiphp_slot *slot);
|
|
extern u8 acpiphp_get_adapter_status (struct acpiphp_slot *slot);
|
|
|
|
/* variables */
|
|
extern int acpiphp_debug;
|
|
|
|
#endif /* _ACPIPHP_H */
|