linux/drivers/pci/remove.c
Brian Norris 5c8418cf40 PCI/pwrctrl: Unregister platform device only if one actually exists
If a PCI device has an associated device_node with power supplies,
pci_bus_add_device() creates platform devices for use by pwrctrl.  When the
PCI device is removed, pci_stop_dev() uses of_find_device_by_node() to
locate the related platform device, then unregisters it.

But when we remove a PCI device with no associated device node,
dev_of_node(dev) is NULL, and of_find_device_by_node(NULL) returns the
first device with "dev->of_node == NULL".  The result is that we (a)
mistakenly unregister a completely unrelated platform device, leading to
issues like the first trace below, and (b) dereference the NULL pointer
from dev_of_node() when clearing OF_POPULATED, as in the second trace.

Unregister a platform device only if there is one associated with this PCI
device.  This resolves issues seen when doing:

  # echo 1 > /sys/bus/pci/devices/.../remove

Sample issue from unregistering the wrong platform device:

  WARNING: CPU: 0 PID: 5095 at drivers/regulator/core.c:5885 regulator_unregister+0x140/0x160
  Call trace:
   regulator_unregister+0x140/0x160
   devm_rdev_release+0x1c/0x30
   release_nodes+0x68/0x100
   devres_release_all+0x98/0xf8
   device_unbind_cleanup+0x20/0x70
   device_release_driver_internal+0x1f4/0x240
   device_release_driver+0x20/0x40
   bus_remove_device+0xd8/0x170
   device_del+0x154/0x380
   device_unregister+0x28/0x88
   of_device_unregister+0x1c/0x30
   pci_stop_bus_device+0x154/0x1b0
   pci_stop_and_remove_bus_device_locked+0x28/0x48
   remove_store+0xa0/0xb8
   dev_attr_store+0x20/0x40
   sysfs_kf_write+0x4c/0x68

Later NULL pointer dereference for of_node_clear_flag(NULL, OF_POPULATED):

  Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0
  Call trace:
   pci_stop_bus_device+0x190/0x1b0
   pci_stop_and_remove_bus_device_locked+0x28/0x48
   remove_store+0xa0/0xb8
   dev_attr_store+0x20/0x40
   sysfs_kf_write+0x4c/0x68

Link: https://lore.kernel.org/r/20241126210443.4052876-1-briannorris@chromium.org
Fixes: 681725afb6b9 ("PCI/pwrctl: Remove pwrctl device without iterating over all children of pwrctl parent")
Reported-by: Saurabh Sengar <ssengar@linux.microsoft.com>
Closes: https://lore.kernel.org/r/1732890621-19656-1-git-send-email-ssengar@linux.microsoft.com
Signed-off-by: Brian Norris <briannorris@chromium.org>
[bhelgaas: commit log]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
2024-11-30 11:41:25 -06:00

197 lines
4.3 KiB
C

// SPDX-License-Identifier: GPL-2.0
#include <linux/pci.h>
#include <linux/module.h>
#include <linux/of.h>
#include <linux/of_platform.h>
#include <linux/platform_device.h>
#include "pci.h"
static void pci_free_resources(struct pci_dev *dev)
{
struct resource *res;
pci_dev_for_each_resource(dev, res) {
if (res->parent)
release_resource(res);
}
}
static void pci_pwrctrl_unregister(struct device *dev)
{
struct device_node *np;
struct platform_device *pdev;
np = dev_of_node(dev);
if (!np)
return;
pdev = of_find_device_by_node(np);
if (!pdev)
return;
of_device_unregister(pdev);
of_node_clear_flag(np, OF_POPULATED);
}
static void pci_stop_dev(struct pci_dev *dev)
{
pci_pme_active(dev, false);
if (!pci_dev_test_and_clear_added(dev))
return;
pci_pwrctrl_unregister(&dev->dev);
device_release_driver(&dev->dev);
pci_proc_detach_device(dev);
pci_remove_sysfs_dev_files(dev);
of_pci_remove_node(dev);
}
static void pci_destroy_dev(struct pci_dev *dev)
{
if (pci_dev_test_and_set_removed(dev))
return;
pci_npem_remove(dev);
device_del(&dev->dev);
down_write(&pci_bus_sem);
list_del(&dev->bus_list);
up_write(&pci_bus_sem);
pci_doe_destroy(dev);
pcie_aspm_exit_link_state(dev);
pci_bridge_d3_update(dev);
pci_free_resources(dev);
put_device(&dev->dev);
}
void pci_remove_bus(struct pci_bus *bus)
{
pci_proc_detach_bus(bus);
down_write(&pci_bus_sem);
list_del(&bus->node);
pci_bus_release_busn_res(bus);
up_write(&pci_bus_sem);
pci_remove_legacy_files(bus);
if (bus->ops->remove_bus)
bus->ops->remove_bus(bus);
pcibios_remove_bus(bus);
device_unregister(&bus->dev);
}
EXPORT_SYMBOL(pci_remove_bus);
static void pci_stop_bus_device(struct pci_dev *dev)
{
struct pci_bus *bus = dev->subordinate;
struct pci_dev *child, *tmp;
/*
* Stopping an SR-IOV PF device removes all the associated VFs,
* which will update the bus->devices list and confuse the
* iterator. Therefore, iterate in reverse so we remove the VFs
* first, then the PF.
*/
if (bus) {
list_for_each_entry_safe_reverse(child, tmp,
&bus->devices, bus_list)
pci_stop_bus_device(child);
}
pci_stop_dev(dev);
}
static void pci_remove_bus_device(struct pci_dev *dev)
{
struct pci_bus *bus = dev->subordinate;
struct pci_dev *child, *tmp;
if (bus) {
list_for_each_entry_safe(child, tmp,
&bus->devices, bus_list)
pci_remove_bus_device(child);
pci_remove_bus(bus);
dev->subordinate = NULL;
}
pci_destroy_dev(dev);
}
/**
* pci_stop_and_remove_bus_device - remove a PCI device and any children
* @dev: the device to remove
*
* Remove a PCI device from the device lists, informing the drivers
* that the device has been removed. We also remove any subordinate
* buses and children in a depth-first manner.
*
* For each device we remove, delete the device structure from the
* device lists, remove the /proc entry, and notify userspace
* (/sbin/hotplug).
*/
void pci_stop_and_remove_bus_device(struct pci_dev *dev)
{
pci_stop_bus_device(dev);
pci_remove_bus_device(dev);
}
EXPORT_SYMBOL(pci_stop_and_remove_bus_device);
void pci_stop_and_remove_bus_device_locked(struct pci_dev *dev)
{
pci_lock_rescan_remove();
pci_stop_and_remove_bus_device(dev);
pci_unlock_rescan_remove();
}
EXPORT_SYMBOL_GPL(pci_stop_and_remove_bus_device_locked);
void pci_stop_root_bus(struct pci_bus *bus)
{
struct pci_dev *child, *tmp;
struct pci_host_bridge *host_bridge;
if (!pci_is_root_bus(bus))
return;
host_bridge = to_pci_host_bridge(bus->bridge);
list_for_each_entry_safe_reverse(child, tmp,
&bus->devices, bus_list)
pci_stop_bus_device(child);
/* stop the host bridge */
device_release_driver(&host_bridge->dev);
}
EXPORT_SYMBOL_GPL(pci_stop_root_bus);
void pci_remove_root_bus(struct pci_bus *bus)
{
struct pci_dev *child, *tmp;
struct pci_host_bridge *host_bridge;
if (!pci_is_root_bus(bus))
return;
host_bridge = to_pci_host_bridge(bus->bridge);
list_for_each_entry_safe(child, tmp,
&bus->devices, bus_list)
pci_remove_bus_device(child);
#ifdef CONFIG_PCI_DOMAINS_GENERIC
/* Release domain_nr if it was dynamically allocated */
if (host_bridge->domain_nr == PCI_DOMAIN_NR_NOT_SET)
pci_bus_release_domain_nr(host_bridge->dev.parent, bus->domain_nr);
#endif
pci_remove_bus(bus);
host_bridge->bus = NULL;
/* remove the host bridge */
device_del(&host_bridge->dev);
}
EXPORT_SYMBOL_GPL(pci_remove_root_bus);