On Mon, 2016-07-04 at 22:44 -0300, Mauricio Faria de Oliveira wrote: > It's possible to hit an oops/crash if pcibios_release_device() accesses the > phb struct and it had been freed earlier -- by pcibios_free_controller() -- > as the memory it pointed to can be reused. > > If after reuse 'phb->controller_ops.release_device' is non-NULL it will be > called, but it points to an invalid location (that function pointer is not > set anywhere in the code, so if it's non-NULL, that's not correct), and so > it hits an oops and the system crashes. > > The solution is to verify whether 'phb' is still in 'hose_list' before any > access to it in pcibios_release_device() -- as it is removed from the list > by pcibios_free_controller() -- and ensure it cannot be used after kfree(). > > That problem can happen with the pSeries platform's DLPAR remove operation > if references to devices are held until after the pcibios_free_controller() > function runs, and then released - exercising pcibios_release_device() path.
Have you considered instead adding a kref to the PHB and only freeing it when all devices have been freed ? Or it's too hard to tract device creation ? Ben. _______________________________________________ Linuxppc-dev mailing list Linuxppc-dev@lists.ozlabs.org https://lists.ozlabs.org/listinfo/linuxppc-dev
