diff options
author | Andrew Donnellan <andrew.donnellan@au1.ibm.com> | 2016-12-09 17:18:50 +1100 |
---|---|---|
committer | Michael Ellerman <mpe@ellerman.id.au> | 2017-01-25 13:34:24 +1100 |
commit | 14a3ae34bfd0bcb1cc12d55b06a8584c11fac6fc (patch) | |
tree | 398be4ce65d15bb67d66e5ef12a58e42a3668537 /drivers/misc/cxl/cxl.h | |
parent | d7b1946c7925a270062b2e0718aa57b42ba619c0 (diff) | |
download | op-kernel-dev-14a3ae34bfd0bcb1cc12d55b06a8584c11fac6fc.zip op-kernel-dev-14a3ae34bfd0bcb1cc12d55b06a8584c11fac6fc.tar.gz |
cxl: Prevent read/write to AFU config space while AFU not configured
During EEH recovery, we deconfigure all AFUs whilst leaving the
corresponding vPHB and virtual PCI device in place.
If something attempts to interact with the AFU's PCI config space (e.g.
running lspci) after the AFU has been deconfigured and before it's
reconfigured, cxl_pcie_{read,write}_config() will read invalid values from
the deconfigured struct cxl_afu and proceed to Oops when they try to
dereference pointers that have been set to NULL during deconfiguration.
Add a rwsem to struct cxl_afu so we can prevent interaction with config
space while the AFU is deconfigured.
Reported-by: Pradipta Ghosh <pradghos@in.ibm.com>
Suggested-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Cc: stable@vger.kernel.org # v4.9+
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Vaibhav Jain <vaibhav@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Diffstat (limited to 'drivers/misc/cxl/cxl.h')
-rw-r--r-- | drivers/misc/cxl/cxl.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/drivers/misc/cxl/cxl.h b/drivers/misc/cxl/cxl.h index b24d767..b4a43fd 100644 --- a/drivers/misc/cxl/cxl.h +++ b/drivers/misc/cxl/cxl.h @@ -418,6 +418,8 @@ struct cxl_afu { struct dentry *debugfs; struct mutex contexts_lock; spinlock_t afu_cntl_lock; + /* Used to block access to AFU config space while deconfigured */ + struct rw_semaphore configured_rwsem; /* AFU error buffer fields and bin attribute for sysfs */ u64 eb_len, eb_offset; |