powerpc/eeh: Fix wrong argument passed to eeh_rmv_device()

Message ID	1466743750-28332-1-git-send-email-gwshan@linux.vnet.ibm.com (mailing list archive)
State	Accepted
Headers	show Return-Path: <linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org> Gateway: Authorized Use Only! Violators will be prosecuted for <linuxppc-dev@ozlabs.org> from <gwshan@linux.vnet.ibm.com>; Fri, 24 Jun 2016 14:49:15 +1000 Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 24 Jun 2016 14:49:13 +1000 From: Gavin Shan <gwshan@linux.vnet.ibm.com> To: linuxppc-dev@ozlabs.org Subject: [PATCH] powerpc/eeh: Fix wrong argument passed to eeh_rmv_device() Date: Fri, 24 Jun 2016 14:49:02 +1000 Message-Id: <1466743750-28332-1-git-send-email-gwshan@linux.vnet.ibm.com> Precedence: list Cc: Gavin Shan <gwshan@linux.vnet.ibm.com>, ppaidipe@in.ibm.com MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" <linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org>

Message ID

1466743750-28332-1-git-send-email-gwshan@linux.vnet.ibm.com (mailing list archive)

State

Accepted

Headers

From: Gavin Shan <gwshan@linux.vnet.ibm.com>
To: linuxppc-dev@ozlabs.org
Subject: [PATCH] powerpc/eeh: Fix wrong argument passed to eeh_rmv_device()
Date: Fri, 24 Jun 2016 14:49:02 +1000
Message-Id: <1466743750-28332-1-git-send-email-gwshan@linux.vnet.ibm.com>
Precedence: list
Cc: Gavin Shan <gwshan@linux.vnet.ibm.com>, ppaidipe@in.ibm.com
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org
Sender: "Linuxppc-dev"
	<linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org>

Commit Message

Gavin Shan June 24, 2016, 4:49 a.m. UTC

When calling eeh_rmv_device() in eeh_reset_device() for partial
hotplug case, @rmv_data instead of its address is the proper
argument. Otherwise, the stack frame is corrupted when writing
to @rmv_data (actually its address) in eeh_rmv_device(). It
results in kernel crash as observed.

This fixes the issue by passing @rmv_data, not its address to
eeh_rmv_device() in eeh_reset_device().

Cc: stable@vger.kernel.org # v4.6+
Fixes: 67086e32b564 ("powerpc/eeh: powerpc/eeh: Support error recovery for VF PE")
Reported-by: Pridhiviraj Paidipeddi <ppaidipe@in.ibm.com>
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
---
 arch/powerpc/kernel/eeh_driver.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Ellerman June 29, 2016, 6:43 a.m. UTC | #1

On Fri, 2016-24-06 at 04:49:02 UTC, Gavin Shan wrote:
> When calling eeh_rmv_device() in eeh_reset_device() for partial
> hotplug case, @rmv_data instead of its address is the proper
> argument. Otherwise, the stack frame is corrupted when writing
> to @rmv_data (actually its address) in eeh_rmv_device(). It
> results in kernel crash as observed.
> 
> This fixes the issue by passing @rmv_data, not its address to
> eeh_rmv_device() in eeh_reset_device().
> 
> Fixes: 67086e32b564 ("powerpc/eeh: powerpc/eeh: Support error recovery for VF PE")
> Reported-by: Pridhiviraj Paidipeddi <ppaidipe@in.ibm.com>
> Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>

Applied to powerpc fixes, thanks.

https://git.kernel.org/powerpc/c/cca0e542e02e48cce541a49c40

cheers

diff --git a/arch/powerpc/kernel/eeh_driver.c b/arch/powerpc/kernel/eeh_driver.c
index 389b0d3..5c0429f 100644
--- a/arch/powerpc/kernel/eeh_driver.c
+++ b/arch/powerpc/kernel/eeh_driver.c
@@ -648,7 +648,7 @@  static int eeh_reset_device(struct eeh_pe *pe, struct pci_bus *bus,
 			pci_unlock_rescan_remove();
 		}
 	} else if (frozen_bus) {
-		eeh_pe_dev_traverse(pe, eeh_rmv_device, &rmv_data);
+		eeh_pe_dev_traverse(pe, eeh_rmv_device, rmv_data);
 	}
 
 	/*

powerpc/eeh: Fix wrong argument passed to eeh_rmv_device()

Commit Message

Comments

Patch