linux/arch/s390
Niklas Schnelle a46044a92a s390/pci: fix zpci_zdev_put() on reserve
Since commit 2a671f77ee ("s390/pci: fix use after free of zpci_dev")
the reference count of a zpci_dev is incremented between
pcibios_add_device() and pcibios_release_device() which was supposed to
prevent the zpci_dev from being freed while the common PCI code has
access to it. It was missed however that the handling of zPCI
availability events assumed that once zpci_zdev_put() was called no
later availability event would still see the device. With the previously
mentioned commit however this assumption no longer holds and we must
make sure that we only drop the initial long-lived reference the zPCI
subsystem holds exactly once.

Do so by introducing a zpci_device_reserved() function that handles when
a device is reserved. Here we make sure the zpci_dev will not be
considered for further events by removing it from the zpci_list.

This also means that the device actually stays in the
ZPCI_FN_STATE_RESERVED state between the time we know it has been
reserved and the final reference going away. We thus need to consider it
a real state instead of just a conceptual state after the removal. The
final cleanup of PCI resources, removal from zbus, and destruction of
the IOMMU stays in zpci_release_device() to make sure holders of the
reference do see valid data until the release.

Fixes: 2a671f77ee ("s390/pci: fix use after free of zpci_dev")
Cc: stable@vger.kernel.org
Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
2021-10-04 09:49:10 +02:00
..
appldata s390/appldata: use struct_size() helper 2020-06-29 16:32:34 +02:00
boot Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
configs s390: update defconfigs 2021-09-15 14:29:21 +02:00
crypto s390/archrandom: add parameter check for s390_arch_random_generate 2021-04-21 12:32:12 +02:00
hypfs s390: rename dma section to amode31 2021-08-05 14:10:53 +02:00
include s390/pci: fix zpci_zdev_put() on reserve 2021-10-04 09:49:10 +02:00
kernel 2nd batch of s390 updates for 5.15 merge window 2021-09-09 12:55:12 -07:00
kvm KVM: x86: Query vcpu->vcpu_idx directly and drop its accessor 2021-09-22 10:33:11 -04:00
lib arch: remove compat_alloc_user_space 2021-09-08 15:32:35 -07:00
mm 2nd batch of s390 updates for 5.15 merge window 2021-09-09 12:55:12 -07:00
net bpf, s390: Fix potential memory leak about jit_data 2021-10-04 09:49:10 +02:00
pci s390/pci: fix zpci_zdev_put() on reserve 2021-10-04 09:49:10 +02:00
purgatory s390: enable KCSAN 2021-07-30 17:09:23 +02:00
tools s390/disassembler: add instructions 2021-07-27 09:39:19 +02:00
Kbuild s390/numa: move code to arch/s390/kernel 2020-08-11 18:16:55 +02:00
Kconfig s390: remove WARN_DYNAMIC_STACK 2021-09-15 14:29:21 +02:00
Kconfig.debug tracing: Refactor TRACE_IRQFLAGS_SUPPORT in Kconfig 2021-08-16 11:37:21 -04:00
Makefile s390: remove WARN_DYNAMIC_STACK 2021-09-15 14:29:21 +02:00