powerpc/powernv: Fix crash on releasing compound PE

Michael Ellerman patch-notifications at ellerman.id.au
Thu Sep 8 19:47:53 AEST 2016 

On Tue, 2016-06-09 at 04:16:44 UTC, Gavin Shan wrote:
> The compound PE is created to accommodate the devices attached to
> one specific PCI bus that consume multiple M64 segments. The compound
> PE is made up of one master PE and possibly multiple slave PEs. The
> slave PEs should be destroyed when releasing the master PE. A kernel
> crash happens when derferencing @pe->pdev on releasing the slave PE
> in pnv_ioda_deconfigure_pe().
> 
>   # echo 0 > /sys/bus/pci/slots/C7/power
>   iommu: Removing device 0000:01:00.1 from group 0
>   iommu: Removing device 0000:01:00.0 from group 0
>   Unable to handle kernel paging request for data at address 0x00000010
>   Faulting instruction address: 0xc00000000005d898
>   cpu 0x1: Vector: 300 (Data Access) at [c000000fe8217620]
>       pc: c00000000005d898: pnv_ioda_release_pe+0x288/0x610
>       lr: c00000000005dbdc: pnv_ioda_release_pe+0x5cc/0x610
>       sp: c000000fe82178a0
>      msr: 9000000000009033
>      dar: 10
>    dsisr: 40000000
>     current = 0xc000000fe815ab80
>     paca    = 0xc00000000ff00400	 softe: 0	 irq_happened: 0x01
>       pid   = 2709, comm = sh
>   Linux version 4.8.0-rc5-gavin-00006-g745efdb (gwshan at gwshan) \
>   (gcc version 4.9.3 (Buildroot 2016.02-rc2-00093-g5ea3bce) ) #586 SMP \
>   Tue Sep 6 13:37:29 AEST 2016
>   enter ? for help
>   [c000000fe8217940] c00000000005d684 pnv_ioda_release_pe+0x74/0x610
>   [c000000fe82179e0] c000000000034460 pcibios_release_device+0x50/0x70
>   [c000000fe8217a10] c0000000004aba80 pci_release_dev+0x50/0xa0
>   [c000000fe8217a40] c000000000704898 device_release+0x58/0xf0
>   [c000000fe8217ac0] c000000000470510 kobject_release+0x80/0xf0
>   [c000000fe8217b00] c000000000704dd4 put_device+0x24/0x40
>   [c000000fe8217b20] c0000000004af94c pci_remove_bus_device+0x12c/0x150
>   [c000000fe8217b60] c000000000034244 pci_hp_remove_devices+0x94/0xd0
>   [c000000fe8217ba0] c0000000004ca444 pnv_php_disable_slot+0x64/0xb0
>   [c000000fe8217bd0] c0000000004c88c0 power_write_file+0xa0/0x190
>   [c000000fe8217c50] c0000000004c248c pci_slot_attr_store+0x3c/0x60
>   [c000000fe8217c70] c0000000002d6494 sysfs_kf_write+0x94/0xc0
>   [c000000fe8217cb0] c0000000002d50f0 kernfs_fop_write+0x180/0x260
>   [c000000fe8217d00] c0000000002334a0 __vfs_write+0x40/0x190
>   [c000000fe8217d90] c000000000234738 vfs_write+0xc8/0x240
>   [c000000fe8217de0] c000000000236250 SyS_write+0x60/0x110
>   [c000000fe8217e30] c000000000009524 system_call+0x38/0x108
> 
> It fixes the kernel crash by bypassing releasing resources (DMA,
> IO and memory segments, PELTM) because there are no resources assigned
> to the slave PE.
> 
> Fixes: c5f7700bbd2e ("powerpc/powernv: Dynamically release PE")
> Reported-by: Frederic Barrat <fbarrat at linux.vnet.ibm.com>
> Signed-off-by: Gavin Shan <gwshan at linux.vnet.ibm.com>

Applied to powerpc fixes, thanks.

https://git.kernel.org/powerpc/c/b314427a52fd8daa1215d30e56

cheers

More information about the Linuxppc-dev mailing list