To fix an issue with PHB hotplug on pSeries machine (HPT/XIVE), commit
3a3181e16fbd introduced a PPC specific pcibios_remove_bus() routine to
clear all interrupt mappings when the bus is removed. This routine
frees an array allocated in pcibios_scan_phb().
This broke PHB hotplug on PowerNV because, when a PHB is removed and
re-scanned through sysfs, the PCI layer un-assigns and re-assigns
resources to the PHB but does not destroy and recreate the PCI
controller structure. Since pcibios_remove_bus() does not clear the
'irq_map' array pointer, a second removal of the PHB will try to free
the array a second time and corrupt memory.
Free the 'irq_map' array in pcibios_free_controller() to fix
corruption and clear interrupt mapping after it has been
disposed. This to avoid filling up the array with successive
remove/rescan of a bus.
Cc: "Oliver O'Halloran" <ooh...@gmail.com>
Cc: Alexey Kardashevskiy <a...@ozlabs.ru>
Fixes: 3a3181e16fbd ("powerpc/pci: unmap legacy INTx interrupts when a PHB is
removed")
Signed-off-by: Cédric Le Goater <c...@kaod.org>
---
Michael, I am not sure the Fixes tag is required. Feel free to drop
it.
---
arch/powerpc/kernel/pci-common.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/kernel/pci-common.c b/arch/powerpc/kernel/pci-common.c
index deb831f0ae13..6fc228e0359d 100644
--- a/arch/powerpc/kernel/pci-common.c
+++ b/arch/powerpc/kernel/pci-common.c
@@ -143,6 +143,8 @@ void pcibios_free_controller(struct pci_controller *phb)
list_del(&phb->list_node);
spin_unlock(&hose_spinlock);
+ kfree(phb->irq_map);
+
if (phb->is_dynamic)
kfree(phb);
}
@@ -450,10 +452,10 @@ static void pci_irq_map_dispose(struct pci_bus *bus)
pr_debug("PCI: Clearing interrupt mappings for PHB %04x:%02x...\n",
pci_domain_nr(bus), bus->number);
- for (i = 0; i < phb->irq_count; i++)
+ for (i = 0; i < phb->irq_count; i++) {
irq_dispose_mapping(phb->irq_map[i]);
-
- kfree(phb->irq_map);
+ phb->irq_map[i] = 0;
+ }
}
void pcibios_remove_bus(struct pci_bus *bus)
--
2.25.4
