Commit [1] switched hotplug to pci_assign_unassigned_bridge_resources()
which requires bridge being available, however in S3 suspend/resume
cycle acpipcihp might receive device check event from firmware and
in case bus->self == NULL, it would make kernel crash with NULL pointer
dereference.
The issue was triggered on Dell Inspiron 7352/0W6WV0 laptop with
following sequence:
1. suspend to RAM
2. wake up
3. suspend to RAM. which immediately wakes up and following
backtrace is observed:
[ 612.277651] BUG: kernel NULL pointer dereference, address: 0000000000000018
[...]
[ 612.277735] Call Trace:
[ 612.277739] <TASK>
[ 612.277741] ? __die+0x1a/0x60
[ 612.277749] ? page_fault_oops+0x158/0x430
[ 612.277755] ? prb_read_valid+0x12/0x20
[ 612.277759] ? console_unlock+0x4d/0x100
[ 612.277765] ? __irq_work_queue_local+0x27/0x60
[ 612.277771] ? irq_work_queue+0x2b/0x50
[ 612.277776] ? exc_page_fault+0x357/0x600
[ 612.277781] ? dev_printk_emit+0x7e/0xa0
[ 612.277786] ? asm_exc_page_fault+0x22/0x30
[ 612.277792] ? __pfx_pci_conf1_read+0x10/0x10
[ 612.277798] ? pci_assign_unassigned_bridge_resources+0x1f/0x260
[ 612.277804] ? pcibios_allocate_dev_resources+0x3c/0x2a0
[ 612.277809] enable_slot+0x21f/0x3e0
[ 612.277816] acpiphp_hotplug_notify+0x13d/0x260
[ 612.277822] ? __pfx_acpiphp_hotplug_notify+0x10/0x10
[ 612.277827] acpi_device_hotplug+0xbc/0x540
[ 612.277834] acpi_hotplug_work_fn+0x15/0x20
[ 612.277839] process_one_work+0x1f7/0x370
[ 612.277845] worker_thread+0x45/0x3b0
[ 612.277850] ? __pfx_worker_thread+0x10/0x10
[ 612.277854] kthread+0xdc/0x110
[ 612.277860] ? __pfx_kthread+0x10/0x10
[ 612.277866] ret_from_fork+0x28/0x40
[ 612.277871] ? __pfx_kthread+0x10/0x10
[ 612.277876] ret_from_fork_asm+0x1b/0x30
Fix it by reverting to __pci_bus_assign_resources() usage instead of
pci_assign_unassigned_bridge_resources() when bus doesn't have bridge
assigned to it.
1) 40613da52b13fb21 (PCI: acpiphp: Reassign resources on bridge if necessary)
Signed-off-by: Igor Mammedov <[email protected]>
---
v2: fix inverted bus->self condition
---
drivers/pci/hotplug/acpiphp_glue.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/pci/hotplug/acpiphp_glue.c b/drivers/pci/hotplug/acpiphp_glue.c
index c0ffb1389fda..816555ab9171 100644
--- a/drivers/pci/hotplug/acpiphp_glue.c
+++ b/drivers/pci/hotplug/acpiphp_glue.c
@@ -499,6 +499,7 @@ pci_info(bus, "enable_slot bus: bridge: %d, bus->self: %p\n", bridge, bus->self)
acpiphp_native_scan_bridge(dev);
}
} else {
+ LIST_HEAD(add_list);
int max, pass;
acpiphp_rescan_slot(slot);
@@ -512,10 +513,18 @@ pci_info(bus, "enable_slot bus: bridge: %d, bus->self: %p\n", bridge, bus->self)
if (pass && dev->subordinate) {
check_hotplug_bridge(slot, dev);
pcibios_resource_survey_bus(dev->subordinate);
+ if (!bus->self)
+ __pci_bus_size_bridges(dev->subordinate, &add_list);
}
}
}
- pci_assign_unassigned_bridge_resources(bus->self);
+ if (bus->self) {
+pci_info(bus->self, "enable_slot: pci_assign_unassigned_bridge_resources:\n");
+ pci_assign_unassigned_bridge_resources(bus->self);
+ } else {
+pci_info(bus, "enable_slot: __pci_bus_assign_resources:\n");
+ __pci_bus_assign_resources(bus, &add_list, NULL);
+ }
}
acpiphp_sanitize_bus(bus);
--
2.39.3