Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp3043138rwb; Mon, 7 Aug 2023 07:27:26 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFP24XLh/SDQeLHrpXLQtA6kDWuBRP7QpNJwZAhex04BTadscUm2qK+rzNENlisgEGj+XzU X-Received: by 2002:a17:903:11c6:b0:1b8:90bd:d157 with SMTP id q6-20020a17090311c600b001b890bdd157mr11287997plh.26.1691418445995; Mon, 07 Aug 2023 07:27:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691418445; cv=none; d=google.com; s=arc-20160816; b=LBqpKKeNOkkhskaf4zUFpd6enrrtaKjQc/qLYlxRk+ONQvpKDPDbtnLhqlv9cFyzbQ 1Fy8kXdx1b9c4vvloMw4wwZ2x1DtAiyjzsA9MJ1pxhOJszoqafcy/sSpoQk8JCZPe510 wy8zL6xh/2k5pXHoGs8uXfr+h1dcIa9SjfJjsiOPnioxqLZeO5vljuWvmvFo4VxvN6cP pOevc9c87orjsJ1llauSgqQ0eYB1yFhrGEWq1owUxLA1VWH+k22RlUrEBt+TEpDXklpX YBG5peFmSGF/uEq7t68IQJ1PB1TeLlfmF360uY8sjQNEAva5tV3DrpIRuL7pymyv2riD O52w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=jme0rhfzh6JhD99ZB8QzeloyQi3m6yoYS6ZHD9wuvr8=; fh=5dQnoa+ee3UBG7aPfF5s2oWKZCv35JqSnRgBixiQIoE=; b=kPWsYDNGV3NvNZcKCUqICon6gZVJ/amvC5iqx9c/gYxCJvFG0LnfkTJ0RwgTzAVX0x ZQZliru3+oXzHPMhh73/8vh1M8mNKBA8gM7exTnG2yi+It9zCDJSWH+x16OroNcPTg+U CV3EMbg/PSz5482FxBIR+lZheZnxK/VYC9wQsVg7/YRFdIlXmeDSsasLOkkMi2FqSjIJ oYzeD+/8dlpzaf5C9nXtqRlWXT9TEFsp2KWniFA615q4//9Ps2pM/tfZ9Cjv9lMxavUc OZhz/Na4FzWeySe7fu4lxnTLxU+2lV4Dv99rUnpJemrhnoB5s7qhNKNj8R0loOfiCsOP euHA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=a6IePgmJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id kw11-20020a170902f90b00b001bbc2ac51bdsi5385972plb.352.2023.08.07.07.27.13; Mon, 07 Aug 2023 07:27:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=a6IePgmJ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233247AbjHGNIv (ORCPT + 99 others); Mon, 7 Aug 2023 09:08:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55520 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232907AbjHGNIu (ORCPT ); Mon, 7 Aug 2023 09:08:50 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B7791701 for ; Mon, 7 Aug 2023 06:07:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1691413670; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=jme0rhfzh6JhD99ZB8QzeloyQi3m6yoYS6ZHD9wuvr8=; b=a6IePgmJ8TUo0/05KHF6PBSiS6vjHiM4cz4Xeg/LDabRinThIW4sIxfoIXt/+jE464CMQz AfkwLEfGVy3kBu2NuJzxnzaqaQmNCXvcY5yiGuE7yAEuSXoYwsTGfvjpBrwJQwi7ZDOCPa mLchtT4Rvg2WgiyrLQ029oOk/Pc/DkM= Received: from mail-ej1-f70.google.com (mail-ej1-f70.google.com [209.85.218.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-596-ymxZUC97NSKsTe91quUnZg-1; Mon, 07 Aug 2023 09:07:48 -0400 X-MC-Unique: ymxZUC97NSKsTe91quUnZg-1 Received: by mail-ej1-f70.google.com with SMTP id a640c23a62f3a-94a355cf318so361147066b.2 for ; Mon, 07 Aug 2023 06:07:48 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691413668; x=1692018468; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jme0rhfzh6JhD99ZB8QzeloyQi3m6yoYS6ZHD9wuvr8=; b=lsq28bzU7SRwMVoe9dh3CGbAj26hifHN/k43cZ+WUGn9hjMUFCtOEDMP6tyijEfvm4 ek2JDqSV0ctG1GadqNiwpDLi6DezF0oZCjpr0gZ4WruOHa8su8dq7CRsEYOxGFf3ZYel TB+8/SXARnh7iu9sw3rm4SIfmAgjbHevGuDAQV2d60SQ0hoiZ/VxDM5LuhroIJ3R2QPw dzSRf6J26I0y8ZEmfasppXunkRlwRUapjgsHtHHbSS7Ifq5lkydMw2NOYZ2Nc8j6XDPK IPTs5F7zrTXE7p+Cv+0148HnXenr9AaJ2C7/n4IMcKestq624zceDUyoq3Sn3uOo9d+8 c6mg== X-Gm-Message-State: AOJu0YyqBKHsQUhRZ6M6HhgF9H3TvDoRZBusP9eMIRnJ6vD+lmVXXLac /3fOuW8z/R2lILfKCaSmM1FmoO1OByLjJfXgJZmqEDKC5VctqarTgCw/g/b18cL/6wLK3ybwggO 2M2tTtbBGnynHGv/BgCpMc88/ X-Received: by 2002:a17:906:1099:b0:99c:9e69:6a1c with SMTP id u25-20020a170906109900b0099c9e696a1cmr8450752eju.67.1691413667811; Mon, 07 Aug 2023 06:07:47 -0700 (PDT) X-Received: by 2002:a17:906:1099:b0:99c:9e69:6a1c with SMTP id u25-20020a170906109900b0099c9e696a1cmr8450735eju.67.1691413667517; Mon, 07 Aug 2023 06:07:47 -0700 (PDT) Received: from imammedo.users.ipa.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id y16-20020a170906071000b00992d122af63sm5190783ejb.89.2023.08.07.06.07.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 06:07:46 -0700 (PDT) Date: Mon, 7 Aug 2023 15:07:46 +0200 From: Igor Mammedov To: Bjorn Helgaas Cc: linux-kernel@vger.kernel.org, terraluna977@gmail.com, bhelgaas@google.com, linux-pci@vger.kernel.org, mst@redhat.com, rafael@kernel.org, linux-acpi@vger.kernel.org Subject: Re: [PATCH 1/1] PCI: acpiphp:: use pci_assign_unassigned_bridge_resources() only if bus->self not NULL Message-ID: <20230807150746.71ca1df3@imammedo.users.ipa.redhat.com> In-Reply-To: <20230804232709.GA174043@bhelgaas> References: <20230726123518.2361181-2-imammedo@redhat.com> <20230804232709.GA174043@bhelgaas> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; x86_64-redhat-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 4 Aug 2023 18:27:09 -0500 Bjorn Helgaas wrote: > On Wed, Jul 26, 2023 at 02:35:18PM +0200, Igor Mammedov wrote: > > Commit [1] switched acpiphp hotplug to use > > pci_assign_unassigned_bridge_resources() > > which depends on bridge being available, however in some cases > > when acpiphp is in use, enable_slot() can get a slot without > > bridge associated. > > acpiphp is *always* in use if we get to enable_slot(), so that doesn't > really add information here. > > > 1. legitimate case of hotplug on root bus > > (likely not exiting on real hw, but widely used in virt world) > > 2. broken firmware, that sends 'Bus check' events to non > > existing root ports (Dell Inspiron 7352/0W6WV0), which somehow > > endup at acpiphp:enable_slot(..., bridge = 0) and with bus > > without bridge assigned to it. how about following commit message (incorporating all feed back in this thread): -- cut -- Commit [1] switched acpiphp hotplug to use pci_assign_unassigned_bridge_resources() which depends on bridge being available, however in case when acpiphp is enabled [2], enable_slot() can be called without bridge associated. 1. legitimate case of hotplug on root bus (widely used in virt world) 2. a (misbehaving) firmware, that sends 'Bus check' events to non existing root ports (Dell Inspiron 7352/0W6WV0), which endup at acpiphp:enable_slot(..., bridge = 0) where bus has not bridge assigned to it. acpihp doesn't know that it's a bridge, and bus specific 'PCI subsystem' can't argument ACPI context with bridge information since the PCI device to get this data from is/was not available. Issue is easy to reproduce with QEMU's 'pc' machine, which supports PCI hotplug on hostbridge slots. To reproduce boot kernel at commit [1] in VM started with following CLI (assuming guest root fs is installed on sda1 partition): # qemu-system-x86_64 -M pc -m 1G -enable-kvm -cpu host \ -monitor stdio -serial file:serial.log \ -kernel arch/x86/boot/bzImage \ -append "root=/dev/sda1 console=ttyS0" \ guest_disk.img once guest OS is fully booted at qemu prompt: (qemu) device_add e1000 (check serial.log) it will cause NULL pointer dereference at: void pci_assign_unassigned_bridge_resources(struct pci_dev *bridge) { struct pci_bus *parent = bridge->subordinate; [ 612.277651] BUG: kernel NULL pointer dereference, address: 0000000000000018 [...] [ 612.277798] ? pci_assign_unassigned_bridge_resources+0x1f/0x260 [ 612.277804] ? pcibios_allocate_dev_resources+0x3c/0x2a0 [ 612.277809] enable_slot+0x21f/0x3e0 [ 612.277816] acpiphp_hotplug_notify+0x13d/0x260 [ 612.277822] ? __pfx_acpiphp_hotplug_notify+0x10/0x10 [ 612.277827] acpi_device_hotplug+0xbc/0x540 [ 612.277834] acpi_hotplug_work_fn+0x15/0x20 [ 612.277839] process_one_work+0x1f7/0x370 [ 612.277845] worker_thread+0x45/0x3b0 [ 612.277850] ? __pfx_worker_thread+0x10/0x10 [ 612.277854] kthread+0xdc/0x110 [ 612.277860] ? __pfx_kthread+0x10/0x10 [ 612.277866] ret_from_fork+0x28/0x40 [ 612.277871] ? __pfx_kthread+0x10/0x10 [ 612.277876] ret_from_fork_asm+0x1b/0x30 The issue was discovered on Dell Inspiron 7352/0W6WV0 laptop with following sequence: 1. suspend to RAM 2. wake up with the same backtrace being observed: 3. 2nd suspend to RAM attempt makes laptop freeze Fix it by using __pci_bus_assign_resources() instead of pci_assign_unassigned_bridge_resources() as we used to do but only in case when bus doesn't have a bridge associated (to cover for the case of ACPI event on hostbridge or non existing root port). That let us keep hotplug on root bus working like it used to be and at the same time keeps resource reassignment usable on root ports (and other 1st level bridges) that was fixed by [1]. 1) Fixes: 40613da52b13 ("PCI: acpiphp: Reassign resources on bridge if necessary") 2) CONFIG_HOTPLUG_PCI_ACPI=y -- cut -- if commit message is looking acceptable to you, I can respin amended patch with your suggestions taken in account. > IIUC, the Inspiron problem happens when: > > - acpiphp_context->bridge is NULL, so hotplug_event() calls > enable_slot() instead of acpiphp_check_bridge(), AND > > - acpiphp_slot->bus->self is also NULL, because enable_slot() calls > pci_assign_unassigned_bridge_resources() with that NULL pointer, > which dereferences "bridge->subordinate" > > But I can't figure out why acpiphp_context->bridge is NULL for RP07 > and RP08 (which don't exist), but not for RP03 (which does). > > I guess all the acpiphp_contexts (RP03, RP07, RP08) must be allocated in > acpiphp_add_context() by acpiphp_init_context(). > > Woody's lspci from [1] shows only one Root Port: > > 00:1c.0 Wildcat Point-LP PCI Express Root Port #3 > > The DSDT.DSL includes: > > Device (RP01) _ADR 0x001C0000 # 1c.0 > Device (RP02) _ADR 0x001C0001 # 1c.1 > Device (RP03) _ADR 0x001C0002 # 1c.2 > Device (RP04) _ADR 0x001C0003 # 1c.3 > Device (RP05) _ADR 0x001C0004 # 1c.4 > Device (RP06) _ADR 0x001C0005 # 1c.5 > Device (RP07) _ADR 0x001C0006 # 1c.6 > Device (RP08) _ADR 0x001C0007 # 1c.7 > > I can see why we might need a Bus Check after resume to see if > something got added while we were suspended. But I don't see why we > handle RP03 differently from RP07 and RP08. > > Can you help me out? I'm lost in a maze of twisty passages, all > alike. I'll try to trace call path and see where it leads (based on a guess in updated commit message: OS/nor ACPI has info if it's bridge when the device didn't exists during boot). (though, I don't think it should hold this patch. while it would be good to understand where bridge gets added in acpi context, it's not directly relevant to the fixing hotplug on hostbridge and buscheck events on non-existing root-ports) > Bjorn > > [1] https://lore.kernel.org/r/92150d8d-8a3a-d600-a996-f60a8e4c876c@gmail.com >