pci: fix: BUG: unable to handle kernel NULL pointer dereference, IP: pci_create_slot+0x28/0x170

kkaneshige · Ingo Molnar · commit 0be9b16320ac · 2008-10-21T13:22:01.000+02:00
Fix the following kernel panic problem reported by Ingo Molnar. This seems to be introduced by f46753c. > [ 10.212026] pci_hotplug: PCI Hot Plug PCI Core version: 0.5 > [ 10.220030] initcall pci_hotplug_init+0x0/0x60 returned 0 after 7812 > usecs [ 10.224030] calling cpqhpc_init+0x0/0x70 @ 1 > [ 10.228026] cpqphp: Compaq Hot Plug PCI Controller Driver version: 0.9.8 > [ 10.236101] bus: 'pci': add driver compaq_pci_hotplug > [ 10.240123] bus: 'pci': driver_probe_device: matched device 0000:00:0b.0 > with driver compaq_pci_hotplug [ 10.252026] bus: 'pci': really_probe: > probing driver compaq_pci_hotplug with device 0000:00:0b.0 [ 10.260156] > compaq_pci_hotplug 0000:00:0b.0: PCI INT A -> GSI 26 (level, low) -> IRQ 26 > [ 10.268064] cpqphp: Hot Plug Subsystem Device ID: a2f8 > [ 10.276033] cpqphp: Initializing the PCI hot plug controller residing on > PCI bus 0 [ 10.280073] PCI: Using BIOS Interrupt Routing Table > [ 10.289396] PCI: Using BIOS Interrupt Routing Table > [ 10.294181] BUG: unable to handle kernel NULL pointer dereference at > 00000020 [ 10.302497] IP: [<c04ce708>] pci_create_slot+0x28/0x170 > [ 10.308022] *pde = 00000000 > [ 10.311199] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC > [ 10.312000] Dumping ftrace buffer: > [ 10.312000] (ftrace buffer empty) > [ 10.312000] > [ 10.312000] Pid: 1, comm: swapper Not tainted > (2.6.27-tip-03538-g2075f6f-dirty #2) ProLiant [ 10.312000] EIP: > 0060:[<c04ce708>] EFLAGS: 00010213 CPU: 1 > [ 10.312000] EIP is at pci_create_slot+0x28/0x170 > [ 10.312000] EAX: 00000246 EBX: 00000001 ECX: 03eb1000 EDX: c0f1396c > [ 10.312000] ESI: 00000001 EDI: 00000000 EBP: f705bcac ESP: f705bc80 > [ 10.312000] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 > [ 10.312000] Process swapper (pid: 1, ti=f705a000 task=f7060000 > task.ti=f705a000) [ 10.312000] Stack: > [ 10.312000] f705bc8c c04bf996 c0f13ae0 f705bc98 c0b296e2 c0f13b00 > f5a97040 c04d1cbb [ 10.312000] 00000001 00000000 ffffffef f705bcd4 > c04d2194 c04d61fd f620caf0 f6057e60 [ 10.312000] f6069a10 f6057e60 > 00000001 00000000 f6069a10 f705bdbc c04d6439 f5a97040 [ 10.312000] Call > Trace: > [ 10.312000] [<c04bf996>] ? _raw_spin_unlock+0x46/0x80 > [ 10.312000] [<c0b296e2>] ? _spin_unlock+0x22/0x30 > [ 10.312000] [<c04d1cbb>] ? get_slot_from_name+0x5b/0x70 > [ 10.312000] [<c04d2194>] ? pci_hp_register+0x74/0x330 > [ 10.312000] [<c04d61fd>] ? cpqhpc_probe+0x112d/0x1b90 > [ 10.312000] [<c04d6439>] ? cpqhpc_probe+0x1369/0x1b90 > [ 10.312000] [<c04ce859>] ? pci_match_id+0x9/0x90 > [ 10.312000] [<c04ceb1e>] ? pci_device_probe+0x5e/0x80 > [ 10.312000] [<c056bee0>] ? driver_probe_device+0xe0/0x1f0 > [ 10.312000] [<c056c06a>] ? __driver_attach+0x7a/0x80 > [ 10.312000] [<c056b459>] ? bus_for_each_dev+0x49/0x70 > [ 10.312000] [<c056bc6e>] ? driver_attach+0x1e/0x20 > [ 10.312000] [<c056bff0>] ? __driver_attach+0x0/0x80 > [ 10.312000] [<c056ba13>] ? bus_add_driver+0x1c3/0x240 > [ 10.312000] [<c04cea60>] ? pci_device_remove+0x0/0x40 > [ 10.312000] [<c056c224>] ? driver_register+0x54/0x130 > [ 10.312000] [<c04bfa62>] ? __spin_lock_init+0x32/0x60 > [ 10.312000] [<c0ffb1f0>] ? cpqhpc_init+0x0/0x70 > [ 10.312000] [<c04ced53>] ? __pci_register_driver+0x63/0xa0 > [ 10.312000] [<c0ffb1f0>] ? cpqhpc_init+0x0/0x70 > [ 10.312000] [<c0ffb22b>] ? cpqhpc_init+0x3b/0x70 > [ 10.312000] [<c0ffb1f0>] ? cpqhpc_init+0x0/0x70 > [ 10.312000] [<c0101032>] ? _stext+0x32/0x170 > [ 10.312000] [<c0ffb1f0>] ? cpqhpc_init+0x0/0x70 > [ 10.312000] [<c0109bf5>] ? native_sched_clock+0xd5/0x110 > [ 10.312000] [<c015acac>] ? lock_release_holdtime+0x7c/0xb0 > [ 10.312000] [<c04bf996>] ? _raw_spin_unlock+0x46/0x80 > [ 10.312000] [<c0b296e2>] ? _spin_unlock+0x22/0x30 > [ 10.312000] [<c01efe17>] ? proc_register+0x107/0x1c0 > [ 10.312000] [<c01efcb9>] ? __proc_create+0xe9/0x100 > [ 10.312000] [<c0176994>] ? register_irq_proc+0x14/0xd0 > [ 10.312000] [<c0fdb68d>] ? kernel_init+0x10d/0x170 > [ 10.312000] [<c0fdb580>] ? kernel_init+0x0/0x170 > [ 10.312000] [<c0104c3b>] ? kernel_thread_helper+0x7/0x10 > [ 10.312000] Code: 5b 5d c3 55 89 e5 57 56 53 83 ec 20 e8 56 65 c3 ff 89 > d6 89 c7 b8 40 39 f1 c0 89 4d ec e8 91 9f 65 00 83 fe ff 0f 84 7e 00 00 00 > <8b> 5f 20 83 eb 04 8b 53 04 0f 18 02 90 8d 4f 20 8d 43 04 39 c8 [ > 10.312000] EIP: [<c04ce708>] pci_create_slot+0x28/0x170 SS:ESP > The root cause of this problem seems that cpqphp driver calls pci_hp_register() wrongly. In current implementation, cpqphp driver passes 'ctrl->pci_dev->subordinate' as a second parameter for pci_hp_register(). But because hotplug slots and it's hotplug controller (exists as a pci funcion) are on the same bus, it should be 'ctrl->pci_dev->bus' instead. Signed-off-by: Kenji Kaneshige <kaneshige.kenji@jp.fujitsu.com> Cc: Yinghai Lu <yinghai@kernel.org> Cc: Alex Chiang <achiang@hp.com> Cc: Jesse Barnes <jbarnes@virtuousgeek.org> Signed-off-by: Ingo Molnar <mingo@elte.hu>
diff --git a/drivers/pci/hotplug/cpqphp_core.c b/drivers/pci/hotplug/cpqphp_core.c
@@ -435,7 +435,7 @@ static int ctrl_slot_setup(struct controller *ctrl,
 				slot->number, ctrl->slot_device_offset,
 				slot_number);
 		result = pci_hp_register(hotplug_slot,
-					 ctrl->pci_dev->subordinate,
+					 ctrl->pci_dev->bus,
 					 slot->device);
 		if (result) {
 			err("pci_hp_register failed with error %d\n", result);
