Re: [PATCH 3/3] PCI: pci_slot: grab refcount on slot's bus
From: Kenji Kaneshige
Date: Sun Mar 29 2009 - 22:26:21 EST
Alex Chiang wrote:
> If a logical hot unplug (remove) is performed on a physical PCI slot's
> parent bridge, and then pci_slot is unloaded, we will encounter an oops:
>
> [<ffffffff803a788a>] kobject_release+0x9a/0x290
> [<ffffffff803a77f0>] ? kobject_release+0x0/0x290
> [<ffffffff803a8ce7>] kref_put+0x37/0x80
> [<ffffffff803a76f7>] kobject_put+0x27/0x60
> [<ffffffff803bebcc>] ? pci_destroy_slot+0x3c/0xc0
> [<ffffffff803bebd5>] pci_destroy_slot+0x45/0xc0
> [<ffffffffa000f05c>] acpi_pci_slot_remove+0x5c/0x91 [pci_slot]
> [<ffffffff8040064b>] acpi_pci_unregister_driver+0x4b/0x62
> [<ffffffffa000f5c8>] acpi_pci_slot_exit+0x10/0x12 [pci_slot]
> [<ffffffff80276ce1>] sys_delete_module+0x161/0x250
>
> We need to grab a reference to the parent PCI bus, which will pin
> the bus and prevent it from being released until pci_slot is unloaded.
>
> Cc: lenb@xxxxxxxxxx
> Reported-by: Kenji Kaneshige <kaneshige.kenji@xxxxxxxxxxxxxx>
> Signed-off-by: Alex Chiang <achiang@xxxxxx>
> ---
>
> drivers/acpi/pci_slot.c | 5 +++++
> 1 files changed, 5 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/acpi/pci_slot.c b/drivers/acpi/pci_slot.c
> index cd1f446..c7ad9f2 100644
> --- a/drivers/acpi/pci_slot.c
> +++ b/drivers/acpi/pci_slot.c
> @@ -63,6 +63,7 @@ struct acpi_pci_slot {
> acpi_handle root_handle; /* handle of the root bridge */
> struct pci_slot *pci_slot; /* corresponding pci_slot */
> struct list_head list; /* node in the list of slots */
> + struct pci_bus *bus; /* bus the slot is on */
> };
I don't think we need an additional 'bus' field in the struct
acpi_pci_slot. At the register_slot(), we already know the
address of struct pci_bus. At the acpi_pci_slot_remove(), I
think we can get the address of struct pci_bus as follows.
if (slot->root_handle == handle) {
struct pci_bus *pbus = slot->pci_slot->bus;
list_del(&slot->list);
pci_destroy_slot(slot->pci_slot);
put_device(&pbus->dev);
kfree(slot);
}
Thanks,
Kenji Kaneshige
>
> static int acpi_pci_slot_add(acpi_handle handle);
> @@ -159,11 +160,14 @@ register_slot(acpi_handle handle, u32 lvl, void *context, void **rv)
>
> slot->root_handle = parent_context->root_handle;
> slot->pci_slot = pci_slot;
> + slot->bus = pci_bus;
> INIT_LIST_HEAD(&slot->list);
> mutex_lock(&slot_list_lock);
> list_add(&slot->list, &slot_list);
> mutex_unlock(&slot_list_lock);
>
> + get_device(&pci_bus->dev);
> +
> dbg("pci_slot: %p, pci_bus: %x, device: %d, name: %s\n",
> pci_slot, pci_bus->number, device, name);
>
> @@ -316,6 +320,7 @@ acpi_pci_slot_remove(acpi_handle handle)
> if (slot->root_handle == handle) {
> list_del(&slot->list);
> pci_destroy_slot(slot->pci_slot);
> + put_device(&slot->bus->dev);
> kfree(slot);
> }
> }
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-pci" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/