From patchwork Mon Apr 9 22:04:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Keith Busch X-Patchwork-Id: 896426 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=linux-pci-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=intel.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40Kkmf1k7Jz9s1X for ; Tue, 10 Apr 2018 08:02:09 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751549AbeDIWCH (ORCPT ); Mon, 9 Apr 2018 18:02:07 -0400 Received: from mga11.intel.com ([192.55.52.93]:41629 "EHLO mga11.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751505AbeDIWCG (ORCPT ); Mon, 9 Apr 2018 18:02:06 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 09 Apr 2018 15:01:54 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,429,1517904000"; d="scan'208";a="32362554" Received: from unknown (HELO localhost.lm.intel.com) ([10.232.112.44]) by orsmga008.jf.intel.com with ESMTP; 09 Apr 2018 15:01:53 -0700 From: Keith Busch To: Linux PCI , Bjorn Helgaas Cc: Alex_Gagniuc@Dellteam.com, Scott Bauer , Keith Busch Subject: [PATCH 0/4] PCI/AER: Use-after-free fix Date: Mon, 9 Apr 2018 16:04:40 -0600 Message-Id: <20180409220444.6632-1-keith.busch@intel.com> X-Mailer: git-send-email 2.13.6 Sender: linux-pci-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pci@vger.kernel.org AER error handling walks the PCI topology below a root port, saving pointers of the pci_dev structs affected by the error along the way. At the same time, the pcie hotplug driver could be freeing those very same structures, causing the AER driver to reference freed memory. This series fixes this by synchroniziing the aer driver with the pci hotplug driver during. The final patch is the one that ultimately provides the locking by having AER lock the same pci lock rescan/remove mutex as the pciehp driver. The first three patches are prepping to make it safe for the aer bottom half handler to hold that lock. Keith Busch (4): PCI/AER: Remove unused parameters PCI/AER: Replace struct pcie_device with pci_dev PCI/AER: Reference count aer structures PCI/AER: Lock pci topology when scanning errors drivers/pci/pcie/aer/aerdrv.c | 28 +++++++++++++++++++++------- drivers/pci/pcie/aer/aerdrv.h | 9 +++------ drivers/pci/pcie/aer/aerdrv_core.c | 38 +++++++++++++++++--------------------- 3 files changed, 41 insertions(+), 34 deletions(-) Tested-by: Alexandru Gagniuc