Re: PCI/VPD: recursive loop issue with lspci

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Bjorn,

On 2021/10/26 2:06, Bjorn Helgaas wrote:
On Tue, Oct 26, 2021 at 12:51:07AM +0900, Kunihiko Hayashi wrote:
Hi all,

I found that "lspci -vv" causes a recursive loop in the linux-next
kernel.
As a result, the kernel crashed on stack overflow.

This issue was reproduced using Akebi96 board with UniPhier LD20 and
DWC3 PCIe
controller, and R8169 ethernet card.

# lspci -s 01:00.0 -vv
01:00.0 Class 0200: Device 10ec:8168 (rev 06)
[   19.152157] Insufficient stack space to handle exception!
...
[   19.152449] Hardware name: Akebi96 (DT)
[   19.152455] Call trace:
[   19.152458]  dump_backtrace+0x0/0x1b0
[   19.152484]  show_stack+0x20/0x30
[   19.152503]  dump_stack_lvl+0x68/0x84
[   19.152525]  dump_stack+0x18/0x34
[   19.152542]  panic+0x154/0x34c
[   19.152556]  nmi_panic+0x94/0x98
[   19.152577]  panic_bad_stack+0xec/0x100
[   19.152590]  handle_bad_stack+0x38/0x68
[   19.152606]  __bad_stack+0x8c/0x90
[   19.152620]  pci_vpd_read+0xc/0x1f8
[   19.152639]  pci_vpd_size+0x58/0x1a0
[   19.152651]  pci_vpd_read+0x1a0/0x1f8
[   19.152669]  __pci_read_vpd+0x94/0xc0
[   19.152681]  pci_vpd_size+0x58/0x1a0
[   19.152692]  pci_vpd_read+0x1a0/0x1f8
[   19.152710]  __pci_read_vpd+0x94/0xc0
[   19.152722]  pci_vpd_size+0x58/0x1a0
[   19.152734]  pci_vpd_read+0x1a0/0x1f8
[   19.152752]  __pci_read_vpd+0x94/0xc0
...
[   19.155039]  pci_vpd_size+0x58/0x1a0
[   19.155051]  pci_vpd_read+0x1a0/0x1f8
[   19.155069]  __pci_read_vpd+0x94/0xc0
[   19.155081]  pci_vpd_size+0x58/0x1a0
[   19.155093]  pci_vpd_read+0x1a0/0x1f8
[   19.155111]  __pci_read_vpd+0x94/0xc0
[   19.155124]  pci_vpd_size+0x58/0x1a0
[   19.155136]  pci_vpd_read+0x1a0/0x1f8
[   19.155153]  __pci_read_vpd+0x94/0xc0
[   19.155166]  vpd_read+0x28/0x38
[   19.155177]  sysfs_kf_bin_read+0x74/0x98

In the following commit, initialization of dev->vpd.len has been
removed.

     commit 80484b7f8db101119928c73e7ce09ae6be54e45c
         PCI/VPD: Use pci_read_vpd_any() in pci_vpd_size()

When calling pci_read_vpd_any(), if dev->vpd.len is zero, pci_vpd_size()
will continue to be called recursively.

     pci_vpd_available()			// dev->vpd.len == 0
      -> pci_vpd_size()
         -> pci_read_vpd_any()
            -> __pci_read_vpd()
               -> pci_vpd_read()
                  -> pci_vpd_available()	// dev->vpd.len == 0
                     -> pci_vpd_size()
                        ...

This issue didn't occur before applying this commit.
Does anyone run into the same issue?

Likely this patch:

   https://lore.kernel.org/r/6211be8a-5d10-8f3a-6d33-af695dc35caf@xxxxxxxxx

which I obviously need to move to the top of my list.  If you can
confirm that this fixes it, that would be awesome!

Thank you for your information.
I confirmed that the issue was fixed after applying the patch.

Thank you,

---
Best Regards
Kunihiko Hayashi



[Index of Archives]     [DMA Engine]     [Linux Coverity]     [Linux USB]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Greybus]

  Powered by Linux