Re: [RFC PATCH v1 01/22] PCI: use pci_get_domain_bus_and_slot() toavoid race conditions

From: Bjorn Helgaas
Date: Tue Sep 11 2012 - 18:01:11 EST

On Tue, Aug 7, 2012 at 10:10 AM, Jiang Liu <liuj97@xxxxxxxxx> wrote:
> There's a typical usage pattern to search a PCI device under a specific
> PCI bus (domian, busno) as below:
> struct pci_bus *pci_bus = pci_find_bus(domain, busno);
> struct pci_dev *pci_dev = pci_get_slot(pci_bus, devfn);
>
> The above code has a race window between pci_find_bus() and pci_get_slot()
> if PCI hotplug operations happen between them which removes the pci_bus.
> So use PCI hotplug safe interface pci_get_domain_bus_and_slot() instead,
> which also reduces code complexity.

This makes sense to me. If we support hotplug, it's fundamentally
unsafe to keep a struct pci_bus * without having a reference or some
way to make sure it doesn't go away. I think we should try to
eradicate all uses of pci_find_bus() and pci_find_next_bus().

> Signed-off-by: Jiang Liu <liuj97@xxxxxxxxx>
> ---
> arch/ia64/sn/kernel/io_common.c | 4 +---
> drivers/gpu/vga/vgaarb.c | 15 +++------------
> drivers/pci/hotplug/cpcihp_generic.c | 8 ++------
> drivers/pci/iov.c | 8 ++------
> drivers/pci/xen-pcifront.c | 10 ++--------
> 5 files changed, 10 insertions(+), 35 deletions(-)
>
> diff --git a/arch/ia64/sn/kernel/io_common.c b/arch/ia64/sn/kernel/io_common.c
> index fbb5f2f..8630875 100644
> --- a/arch/ia64/sn/kernel/io_common.c
> +++ b/arch/ia64/sn/kernel/io_common.c
> @@ -229,7 +229,6 @@ void sn_pci_fixup_slot(struct pci_dev *dev, struct pcidev_info *pcidev_info,
> {
> int segment = pci_domain_nr(dev->bus);
> struct pcibus_bussoft *bs;
> - struct pci_bus *host_pci_bus;
> struct pci_dev *host_pci_dev;
> unsigned int bus_no, devfn;
>
> @@ -245,8 +244,7 @@ void sn_pci_fixup_slot(struct pci_dev *dev, struct pcidev_info *pcidev_info,
>
> bus_no = (pcidev_info->pdi_slot_host_handle >> 32) & 0xff;
> devfn = pcidev_info->pdi_slot_host_handle & 0xffffffff;
> - host_pci_bus = pci_find_bus(segment, bus_no);
> - host_pci_dev = pci_get_slot(host_pci_bus, devfn);
> + host_pci_dev = pci_get_domain_bus_and_slot(segment, bus_no, devfn);
>
> pcidev_info->host_pci_dev = host_pci_dev;
> pcidev_info->pdi_linux_pcidev = dev;
> diff --git a/drivers/gpu/vga/vgaarb.c b/drivers/gpu/vga/vgaarb.c
> index 3df8fc0..b6852b7 100644
> --- a/drivers/gpu/vga/vgaarb.c
> +++ b/drivers/gpu/vga/vgaarb.c
> @@ -1066,7 +1066,6 @@ static ssize_t vga_arb_write(struct file *file, const char __user * buf,
> }
>
> } else if (strncmp(curr_pos, "target ", 7) == 0) {
> - struct pci_bus *pbus;
> unsigned int domain, bus, devfn;
> struct vga_device *vgadev;
>
> @@ -1085,19 +1084,11 @@ static ssize_t vga_arb_write(struct file *file, const char __user * buf,
> pr_debug("vgaarb: %s ==> %x:%x:%x.%x\n", curr_pos,
> domain, bus, PCI_SLOT(devfn), PCI_FUNC(devfn));
>
> - pbus = pci_find_bus(domain, bus);
> - pr_debug("vgaarb: pbus %p\n", pbus);
> - if (pbus == NULL) {
> - pr_err("vgaarb: invalid PCI domain and/or bus address %x:%x\n",
> - domain, bus);
> - ret_val = -ENODEV;
> - goto done;
> - }
> - pdev = pci_get_slot(pbus, devfn);
> + pdev = pci_get_domain_bus_and_slot(domain, bus, devfn);
> pr_debug("vgaarb: pdev %p\n", pdev);
> if (!pdev) {
> - pr_err("vgaarb: invalid PCI address %x:%x\n",
> - bus, devfn);
> + pr_err("vgaarb: invalid PCI address %x:%x:%x\n",
> + domain, bus, devfn);
> ret_val = -ENODEV;
> goto done;
> }
> diff --git a/drivers/pci/hotplug/cpcihp_generic.c b/drivers/pci/hotplug/cpcihp_generic.c
> index 81af764..a6a71c4 100644
> --- a/drivers/pci/hotplug/cpcihp_generic.c
> +++ b/drivers/pci/hotplug/cpcihp_generic.c
> @@ -154,12 +154,8 @@ static int __init cpcihp_generic_init(void)
> if(!r)
> return -EBUSY;
>
> - bus = pci_find_bus(0, bridge_busnr);
> - if (!bus) {
> - err("Invalid bus number %d", bridge_busnr);
> - return -EINVAL;
> - }
> - dev = pci_get_slot(bus, PCI_DEVFN(bridge_slot, 0));
> + dev = pci_get_domain_bus_and_slot(0, bridge_busnr,
> + PCI_DEVFN(bridge_slot, 0));
> if(!dev || dev->hdr_type != PCI_HEADER_TYPE_BRIDGE) {
> err("Invalid bridge device %s", bridge);
> pci_dev_put(dev);
> diff --git a/drivers/pci/iov.c b/drivers/pci/iov.c
> index 74bbaf8..c7d2969 100644
> --- a/drivers/pci/iov.c
> +++ b/drivers/pci/iov.c
> @@ -152,15 +152,11 @@ failed1:
> static void virtfn_remove(struct pci_dev *dev, int id, int reset)
> {
> char buf[VIRTFN_ID_LEN];
> - struct pci_bus *bus;
> struct pci_dev *virtfn;
> struct pci_sriov *iov = dev->sriov;
>
> - bus = pci_find_bus(pci_domain_nr(dev->bus), virtfn_bus(dev, id));
> - if (!bus)
> - return;
> -
> - virtfn = pci_get_slot(bus, virtfn_devfn(dev, id));
> + virtfn = pci_get_domain_bus_and_slot(pci_domain_nr(dev->bus),
> + virtfn_bus(dev, id), virtfn_devfn(dev, id));
> if (!virtfn)
> return;
>
> diff --git a/drivers/pci/xen-pcifront.c b/drivers/pci/xen-pcifront.c
> index d6cc62c..def8d0b 100644
> --- a/drivers/pci/xen-pcifront.c
> +++ b/drivers/pci/xen-pcifront.c
> @@ -982,7 +982,6 @@ static int pcifront_detach_devices(struct pcifront_device *pdev)
> int err = 0;
> int i, num_devs;
> unsigned int domain, bus, slot, func;
> - struct pci_bus *pci_bus;
> struct pci_dev *pci_dev;
> char str[64];
>
> @@ -1032,13 +1031,8 @@ static int pcifront_detach_devices(struct pcifront_device *pdev)
> goto out;
> }
>
> - pci_bus = pci_find_bus(domain, bus);
> - if (!pci_bus) {
> - dev_dbg(&pdev->xdev->dev, "Cannot get bus %04x:%02x\n",
> - domain, bus);
> - continue;
> - }
> - pci_dev = pci_get_slot(pci_bus, PCI_DEVFN(slot, func));
> + pci_dev = pci_get_domain_bus_and_slot(domain, bus,
> + PCI_DEVFN(slot, func));
> if (!pci_dev) {
> dev_dbg(&pdev->xdev->dev,
> "Cannot get PCI device %04x:%02x:%02x.%d\n",
> --
> 1.7.9.5
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/