diff options
| author | Niklas Schnelle <schnelle@linux.ibm.com> | 2025-05-22 15:13:13 +0300 | 
|---|---|---|
| committer | Heiko Carstens <hca@linux.ibm.com> | 2025-05-22 17:12:41 +0300 | 
| commit | 47c397844869ad0e6738afb5879c7492f4691122 (patch) | |
| tree | ebbc33af481a9573dd3f76ba3b86e964415cc19a /rust/helpers/refcount.c | |
| parent | d76f9633296785343d45f85199f4138cb724b6d2 (diff) | |
| download | linux-47c397844869ad0e6738afb5879c7492f4691122.tar.xz | |
s390/pci: Prevent self deletion in disable_slot()
As disable_slot() takes a struct zpci_dev from the Configured to the
Standby state. In Standby there is still a hotplug slot so this is not
usually a case of sysfs self deletion. This is important because self
deletion gets very hairy in terms of locking (see for example
recover_store() in arch/s390/pci/pci_sysfs.c).
Because the pci_dev_put() is not within the critical section of the
zdev->state_lock however, disable_slot() can turn into a case of self
deletion if zPCI device event handling slips between the mutex_unlock()
and the pci_dev_put(). If the latter is the last put and
zpci_release_device() is called this then tries to remove the hotplug
slot via zpci_exit_slot() which will try to remove the hotplug slot
directory the disable_slot() is part of i.e. self deletion.
Prevent this by widening the zdev->state_lock critical section to
include the pci_dev_put() which is then guaranteed to happen with the
struct zpci_dev still in Standby state ensuring it will not lead to
a zpci_release_device() call as at least the zPCI event handling code
still holds a reference.
Cc: stable@vger.kernel.org
Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve")
Reviewed-by: Gerd Bayer <gbayer@linux.ibm.com>
Tested-by: Gerd Bayer <gbayer@linux.ibm.com>
Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Diffstat (limited to 'rust/helpers/refcount.c')
0 files changed, 0 insertions, 0 deletions
