With upstream kernel booted on a PowerNV system with OpenCAPI device,
below crash is observed:
[ 1.568588] PowerPC PowerNV PCI Hotplug Driver version: 0.1
[ 1.569722] BUG: Kernel NULL pointer dereference at 0x00000074
[ 1.569811] Faulting instruction address: 0xc000000000b75fd0
[ 1.569890] Oops: Kernel access of bad area, sig: 11 [#1]
[ 1.569963] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA PowerNV
[ 1.570037] Modules linked in:
[ 1.570099] CPU: 250 UID: 0 PID: 1 Comm: swapper/248 Not tainted
7.1.0-rc4+ #1 PREEMPTLAZY
[ 1.570207] Hardware name: 9105-22A Power11 (raw) 0x820200
opal:v7.1-142-gbbc276524497 PowerNV
[ 1.570325] NIP: c000000000b75fd0 LR: c000000000b75fbc CTR:
000000003008a65c
[ 1.570411] REGS: c000c0000688f6f0 TRAP: 0380 Not tainted (7.1.0-rc4+)
[ 1.570494] MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE> CR:
28000284 XER: 20040000
[ 1.570636] CFAR: c00000000019f9e8 IRQMASK: 0
...
[ 1.571492] NIP [c000000000b75fd0] pnv_php_get_adapter_state+0x60/0x154
[ 1.571604] LR [c000000000b75fbc] pnv_php_get_adapter_state+0x4c/0x154
[ 1.571690] Call Trace:
[ 1.571725] [c000c0000688f990] [c000000000b75fbc]
pnv_php_get_adapter_state+0x4c/0x154 (unreliable)
[ 1.571783] [c000c0000688fa20] [c000000000b78bd0]
pnv_php_enable+0x94/0x378
[ 1.571951] [c000c0000688fac0] [c000000000b7912c]
pnv_php_register_one.isra.0+0x11c/0x1e0
[ 1.572077] [c000c0000688fb00] [c000000002091318]
pnv_php_init+0x168/0x1b0
[ 1.572111] [c000c0000688fb80] [c00000000001103c]
do_one_initcall+0x5c/0x450
[ 1.572162] [c000c0000688fc70] [c000000002006abc]
do_initcalls+0x15c/0x29c
[ 1.572283] [c000c0000688fd30] [c000000002006ec4]
kernel_init_freeable+0x224/0x3e0
[ 1.572484] [c000c0000688fde0] [c000000000011578] kernel_init+0x30/0x268
[ 1.572562] [c000c0000688fe50] [c00000000000debc]
ret_from_kernel_user_thread+0x14/0x1c
[ 1.572667] ---- interrupt: 0 at 0x0
[ 1.572720] Code: 38810065 e90d0c78 f9010068 39000000 99210065 e8630020
4b6299c9 60000000 2c030000 418000ac e87f0058 89410065 <a1230074> 55290636
2c090060 41820044
This NULL pointer dereference happens due to the call to
'pci_pcie_type(php_slot->pdev)' without checking if php_slot->pdev is
NULL.
This occurs for hotplug slots on root buses where bus->self == NULL,
such as OpenCAPI PHB direct slots. An added debug print (not part of
this patch) confirmed it was opencapi:
[ 1.617227] pnv_php: slot 'OPENCAPI-0009' has NULL pdev (bus 0009:00,
parent=NO (root bus))
[ 1.617308] pnv_php: slot 'OPENCAPI-0009'
dn->full_name='pciex@603a000000000', compatible='ibm,power10-pau-opencapi-pciex'
Add a NULL check for this.
Cc: [email protected]
Fixes: 80f9fc236279 ("PCI: pnv_php: Work around switches with broken presence
detection")
Signed-off-by: Aditya Gupta <[email protected]>
---
drivers/pci/hotplug/pnv_php.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/pci/hotplug/pnv_php.c b/drivers/pci/hotplug/pnv_php.c
index ff92a5c301b8..21ce7ead9e19 100644
--- a/drivers/pci/hotplug/pnv_php.c
+++ b/drivers/pci/hotplug/pnv_php.c
@@ -414,7 +414,8 @@ static int pnv_php_get_adapter_state(struct hotplug_slot
*slot, u8 *state)
*/
ret = pnv_pci_get_presence_state(php_slot->id, &presence);
if (ret >= 0) {
- if (pci_pcie_type(php_slot->pdev) == PCI_EXP_TYPE_DOWNSTREAM &&
+ if (php_slot->pdev &&
+ pci_pcie_type(php_slot->pdev) ==
PCI_EXP_TYPE_DOWNSTREAM &&
presence == OPAL_PCI_SLOT_EMPTY) {
/*
* Similar to pciehp_hpc, check whether the Link Active
--
2.54.0
