[PATCH 3/3] PCI: hv: delete the device earlier from hbus->children for hot-remove
From: Dexuan Cui
Date: Thu Nov 10 2016 - 06:54:01 EST
After we send a PCI_EJECTION_COMPLETE message to the host, the host will
immediately send us a PCI_BUS_RELATIONS message with
relations->device_count == 0, so pci_devices_present_work(), running on
another thread, can find the being-ejected device, mark
the hpdev->reported_missing to true, and run list_move_tail()/list_del()
for the device -- this races hv_eject_device_work() -> list_del().
The patch moves the list_del() in hv_eject_device_work() to an earlier
place, i.e. before we send PCI_EJECTION_COMPLETE, so later the
pci_devices_present_work() can't see the device.
Signed-off-by: Dexuan Cui <decui@xxxxxxxxxxxxx>
CC: Jake Oshins <jakeo@xxxxxxxxxxxxx>
Cc: KY Srinivasan <kys@xxxxxxxxxxxxx>
CC: Haiyang Zhang <haiyangz@xxxxxxxxxxxxx>
CC: Vitaly Kuznetsov <vkuznets@xxxxxxxxxx>
---
drivers/pci/host/pci-hyperv.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c
index 7590ad0..fe5179d 100644
--- a/drivers/pci/host/pci-hyperv.c
+++ b/drivers/pci/host/pci-hyperv.c
@@ -1582,6 +1582,10 @@ static void hv_eject_device_work(struct work_struct *work)
pci_dev_put(pdev);
}
+ spin_lock_irqsave(&hpdev->hbus->device_list_lock, flags);
+ list_del(&hpdev->list_entry);
+ spin_unlock_irqrestore(&hpdev->hbus->device_list_lock, flags);
+
memset(&ctxt, 0, sizeof(ctxt));
ejct_pkt = (struct pci_eject_response *)&ctxt.pkt.message;
ejct_pkt->message_type.type = PCI_EJECTION_COMPLETE;
@@ -1590,10 +1594,6 @@ static void hv_eject_device_work(struct work_struct *work)
sizeof(*ejct_pkt), (unsigned long)&ctxt.pkt,
VM_PKT_DATA_INBAND, 0);
- spin_lock_irqsave(&hpdev->hbus->device_list_lock, flags);
- list_del(&hpdev->list_entry);
- spin_unlock_irqrestore(&hpdev->hbus->device_list_lock, flags);
-
put_pcichild(hpdev, hv_pcidev_ref_childlist);
put_pcichild(hpdev, hv_pcidev_ref_pnp);
put_hvpcibus(hpdev->hbus);
--
2.7.4