RE: [PATCH 2/2 v3] pci-hyperv: lock pci bus on device eject
From: KY Srinivasan
Date: Tue Oct 04 2016 - 16:49:37 EST
> -----Original Message-----
> From: Long Li
> Sent: Monday, October 3, 2016 11:43 PM
> To: KY Srinivasan <kys@xxxxxxxxxxxxx>; Haiyang Zhang
> <haiyangz@xxxxxxxxxxxxx>; Bjorn Helgaas <bhelgaas@xxxxxxxxxx>
> Cc: devel@xxxxxxxxxxxxxxxxxxxxxx; linux-pci@xxxxxxxxxxxxxxx; linux-
> kernel@xxxxxxxxxxxxxxx; Long Li <longli@xxxxxxxxxxxxx>
> Subject: [PATCH 2/2 v3] pci-hyperv: lock pci bus on device eject
>
> This sender failed our fraud detection checks and may not be who they
> appear to be. Learn about spoofing at http://aka.ms/LearnAboutSpoofing
>
> From: Long Li <longli@xxxxxxxxxxxxx>
>
> A PCI_EJECT message can arrive at the same time we are calling
> pci_scan_child_bus in the workqueue for the previous PCI_BUS_RELATIONS
> message or in create_root_hv_pci_bus(), in this case we could potentailly
> modify the bus from multiple places. Properly lock the bus access.
>
> Thanks Dexuan Cui <decui@xxxxxxxxxxxxx> for pointing out the race
> condition in create_root_hv_pci_bus().
>
> Signed-off-by: Long Li <longli@xxxxxxxxxxxxx>
> Tested-by: Cathy Avery <cavery@xxxxxxxxxx>
> Reported-by: Xiaofeng Wang <xiaofwan@xxxxxxxxxx>
Acked-by: KY Srinivasan <kys@xxxxxxxxxxxxx>
> ---
> drivers/pci/host/pci-hyperv.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/drivers/pci/host/pci-hyperv.c b/drivers/pci/host/pci-hyperv.c
> index 4a37598..33c75c9 100644
> --- a/drivers/pci/host/pci-hyperv.c
> +++ b/drivers/pci/host/pci-hyperv.c
> @@ -1198,9 +1198,11 @@ static int create_root_hv_pci_bus(struct
> hv_pcibus_device *hbus)
> hbus->pci_bus->msi = &hbus->msi_chip;
> hbus->pci_bus->msi->dev = &hbus->hdev->device;
>
> + pci_lock_rescan_remove();
> pci_scan_child_bus(hbus->pci_bus);
> pci_bus_assign_resources(hbus->pci_bus);
> pci_bus_add_devices(hbus->pci_bus);
> + pci_unlock_rescan_remove();
> hbus->state = hv_pcibus_installed;
> return 0;
> }
> @@ -1590,8 +1592,10 @@ static void hv_eject_device_work(struct
> work_struct *work)
> pdev = pci_get_domain_bus_and_slot(hpdev->hbus->sysdata.domain,
> 0,
> wslot);
> if (pdev) {
> + pci_lock_rescan_remove();
> pci_stop_and_remove_bus_device(pdev);
> pci_dev_put(pdev);
> + pci_unlock_rescan_remove();
> }
>
> memset(&ctxt, 0, sizeof(ctxt));
> --
> 1.8.5.6