Commit 5ee1f01f authored Aug 01, 2024 by Ganesh Goudar Committed by Li Zetao Aug 01, 2024

powerpc/eeh: avoid possible crash when edev->pdev changes

stable inclusion
from stable-v5.10.223
commit 033c51dfdbb6b79ab43fb3587276fa82d0a329e1
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAGELJ
CVE: CVE-2024-41020

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=033c51dfdbb6b79ab43fb3587276fa82d0a329e1



--------------------------------

[ Upstream commit a1216e62d039bf63a539bbe718536ec789a853dd ]

If a PCI device is removed during eeh_pe_report_edev(), edev->pdev
will change and can cause a crash, hold the PCI rescan/remove lock
while taking a copy of edev->pdev->bus.

Signed-off-by: Ganesh Goudar <ganeshgr@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20240617140240.580453-1-ganeshgr@linux.ibm.com


Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Li Zetao <lizetao1@huawei.com>

parent 614e062a

arch/powerpc/kernel/eeh_pe.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -849,6 +849,7 @@ struct pci_bus eeh_pe_bus_get(struct eeh_pe pe)
		{
		struct eeh_dev *edev;
		struct pci_dev *pdev;
		struct pci_bus *bus = NULL;

		if (pe->type & EEH_PE_PHB)
		return pe->phb->bus;
		@@ -859,9 +860,11 @@ struct pci_bus eeh_pe_bus_get(struct eeh_pe pe)

		/* Retrieve the parent PCI bus of first (top) PCI device */
		edev = list_first_entry_or_null(&pe->edevs, struct eeh_dev, entry);
		pci_lock_rescan_remove();
		pdev = eeh_dev_to_pci_dev(edev);
		if (pdev)
		return pdev->bus;
		bus = pdev->bus;
		pci_unlock_rescan_remove();

		return NULL;
		return bus;
		}