Bug 60604 - list corruption & null pointer dereference in pciehp_unconfigure_device()
Summary: list corruption & null pointer dereference in pciehp_unconfigure_device()
Status: RESOLVED CODE_FIX
Alias: None
Product: Drivers
Classification: Unclassified
Component: PCI (show other bugs)
Hardware: All Linux
: P1 normal
Assignee: drivers_pci@kernel-bugs.osdl.org
URL: https://lkml.kernel.org/r/CAE9FiQUPNi...
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-22 18:08 UTC by Bjorn Helgaas
Modified: 2013-09-10 20:53 UTC (History)
0 users

See Also:
Kernel Version: 3.10
Subsystem:
Regression: Yes
Bisected commit-id:

Attachments
log showing crash (18.78 KB, text/plain)
2013-07-22 18:08 UTC, Bjorn Helgaas 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Bjorn Helgaas 2013-07-22 18:08:18 UTC 
Created attachment 106986 [details]
log showing crash

Reported by Yinghai Lu <yinghai@kernel.org>.

Hot-removing an SR-IOV device causes a null pointer dereference in pciehp_unconfigure_device():

# echo -n 0 > /sys/bus/pci/slots/2/power
...
WARNING: CPU: 20 PID: 25098 at include/linux/kref.h:47 kobject_get+0x40/0x60()
...
WARNING: CPU: 20 PID: 25098 at lib/list_debug.c:56 __list_del_entry+0x63/0xe0()
list_del corruption, ffff8880263dd000->prev is LIST_POISON2 (dead000000200200)
...
BUG: unable to handle kernel NULL pointer dereference at           (null)
IP: [<ffffffff8154e815>] pciehp_unconfigure_device+0x165/0x190
Comment 1 Bjorn Helgaas 2013-09-10 20:53:36 UTC 
This should be fixed by 29ed1f29b6 ("PCI: pciehp: Fix null pointer deref when hot-removing SR-IOV device"), which appeared in v3.11.

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29ed1f29b68a8395d5679b3c4e38352b617b3236
Note You need to log in before you can comment on or make changes to this bug.