• Lukas Wunner's avatar
    PCI: pciehp: Fix unprotected list iteration in IRQ handler · 1204e35b
    Lukas Wunner authored
    Commit b440bde7 ("PCI: Add pci_ignore_hotplug() to ignore hotplug
    events for a device") iterates over the devices on a hotplug port's
    subordinate bus in pciehp's IRQ handler without acquiring pci_bus_sem.
    It is thus possible for a user to cause a crash by concurrently
    manipulating the device list, e.g. by disabling slot power via sysfs
    on a different CPU or by initiating a remove/rescan via sysfs.
    
    This can't be fixed by acquiring pci_bus_sem because it may sleep.
    The simplest fix is to avoid the list iteration altogether and just
    check the ignore_hotplug flag on the port itself.  This works because
    pci_ignore_hotplug() sets the flag both on the device as well as on its
    parent bridge.
    
    We do lose the ability to print the name of the device blocking hotplug
    in the debug message, but that's probably bearable.
    
    Fixes: b440bde7 ("PCI: Add pci_ignore_hotplug() to ignore hotplug events for a device")
    Signed-off-by: default avatarLukas Wunner <lukas@wunner.de>
    Signed-off-by: default avatarBjorn Helgaas <bhelgaas@google.com>
    Cc: stable@vger.kernel.org
    1204e35b
pciehp_hpc.c 23.9 KB