Re: [PATCH v11 2/2] PCI: Fix AB-BA deadlock between device_lock and pci_rescan_remove_lock in remove_store

[Benjamin Block]

Hey Ionut,

On Thu, Mar 26, 2026 at 10:35:34AM +0200, Ionut Nechita (Wind River) wrote:
> remove_store() calls pci_stop_and_remove_bus_device_locked() which
> takes pci_rescan_remove_lock first, then device_lock during driver
> release.  Meanwhile, unbind_store() takes device_lock first (via
> device_driver_detach), and the driver's .remove() callback may call
> pci_disable_sriov() -> sriov_del_vfs() -> pci_lock_rescan_remove().
> 
> This creates an AB-BA deadlock:
> 
>   CPU0 (remove_store)               CPU1 (unbind_store)
>   --------------------              --------------------
>   pci_lock_rescan_remove()
>                                     device_lock()
>                                     driver .remove()
>                                       sriov_del_vfs()
>                                         pci_lock_rescan_remove()  <-- WAITS
>   pci_stop_bus_device()
>     device_release_driver()
>       device_lock()                                               <-- WAITS
> 
> Fix this by first marking the device as dead using kill_device() to
> prevent any new driver from binding, then calling device_release_driver()
> before pci_stop_and_remove_bus_device_locked().
> 
> Marking the device dead closes the race window between unbinding and
> removal where a new driver could theoretically bind: once the dead flag
> is set, the device core will refuse any new driver probe.
> 
> After device_release_driver() returns, the driver is already unbound,
> so the subsequent device_release_driver() call inside
> pci_stop_and_remove_bus_device_locked() becomes a no-op.
> 
> Fixes: a5338e365c45 ("PCI/IOV: Fix race between SR-IOV enable/disable and hotplug")
> Reported-by: Guenter Roeck <linux@xxxxxxxxxxxx>
> Closes: https://lore.kernel.org/linux-pci/0ca9e675-478c-411d-be32-e2d81439288f@xxxxxxxxxxxx/
> Reported-by: Benjamin Block <bblock@xxxxxxxxxxxxx>
> Closes: https://lore.kernel.org/linux-pci/20260317090149.GA3835708@xxxxxxxxxxxxxxxxxx/
> Suggested-by: Benjamin Block <bblock@xxxxxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Ionut Nechita <ionut.nechita@xxxxxxxxxxxxx>
> ---
>  drivers/pci/pci-sysfs.c | 30 +++++++++++++++++++++++++++++-
>  1 file changed, 29 insertions(+), 1 deletion(-)

sorry for the late response, it slipped past me that I haven't given this a
review yet.

It looks fine to me. It solves the report we had with the previous patch. I
also tested this, and so far it looks good in my (s390) setup.


Reviewed-by: Benjamin Block <bblock@xxxxxxxxxxxxx>
Tested-by: Benjamin Block <bblock@xxxxxxxxxxxxx>

-- 
Best Regards, Benjamin Block        /        Linux on IBM Z Kernel Development
IBM Deutschland Research & Development GmbH    /   https://www.ibm.com/privacy
Vors. Aufs.-R.: Wolfgang Wendt         /        Geschäftsführung: David Faller
Sitz der Ges.: Ehningen     /     Registergericht: AmtsG Stuttgart, HRB 243294