On Mon, 2021-10-25 at 11:11 +0200, Greg KH wrote:
> On Mon, Oct 25, 2021 at 11:00:26AM +0200, Niklas Schnelle wrote:
> > commit a46044a92add6a400f4dada7b943b30221f7cc80 upstream.
> >
> > Since commit 2a671f77ee49 ("s390/pci: fix use after free of zpci_dev")
> > the reference count of a zpci_dev is incremented between
> > pcibios_add_device() and pcibios_release_device() which was supposed to
> > prevent the zpci_dev from being freed while the common PCI code has
> > access to it. It was missed however that the handling of zPCI
> > availability events assumed that once zpci_zdev_put() was called no
> > later availability event would still see the device. With the previously
> > mentioned commit however this assumption no longer holds and we must
> > make sure that we only drop the initial long-lived reference the zPCI
> > subsystem holds exactly once.
> >
> > Do so by introducing a zpci_device_reserved() function that handles when
> > a device is reserved. Here we make sure the zpci_dev will not be
> > considered for further events by removing it from the zpci_list.
> >
> > This also means that the device actually stays in the
> > ZPCI_FN_STATE_RESERVED state between the time we know it has been
> > reserved and the final reference going away. We thus need to consider it
> > a real state instead of just a conceptual state after the removal. The
> > final cleanup of PCI resources, removal from zbus, and destruction of
> > the IOMMU stays in zpci_release_device() to make sure holders of the
> > reference do see valid data until the release.
> >
> > Fixes: 2a671f77ee49 ("s390/pci: fix use after free of zpci_dev")
> > Cc: stable@xxxxxxxxxxxxxxx
> > Signed-off-by: Niklas Schnelle <schnelle@xxxxxxxxxxxxx>
> > Signed-off-by: Vasily Gorbik <gor@xxxxxxxxxxxxx>
> > Link: https://lore.kernel.org/r/20211012093425.2247924-1-schnelle@xxxxxxxxxxxxx
> > ---
> > arch/s390/include/asm/pci.h | 3 ++
> > arch/s390/pci/pci.c | 45 ++++++++++++++++++++++++++----
> > arch/s390/pci/pci_event.c | 4 +--
> > drivers/pci/hotplug/s390_pci_hpc.c | 9 +-----
> > 4 files changed, 46 insertions(+), 15 deletions(-)
>
> Does not apply:
>
> Applying patch s390-pci-fix-zpci_zdev_put-on-reserve.patch
> patching file arch/s390/include/asm/pci.h
> patching file arch/s390/pci/pci.c
> Hunk #3 FAILED at 835.
> Hunk #4 succeeded at 843 (offset 1 line).
> 1 out of 4 hunks FAILED -- rejects in file arch/s390/pci/pci.c
> patching file arch/s390/pci/pci_event.c
> patching file drivers/pci/hotplug/s390_pci_hpc.c
>
>
> What did you make this against?
>
> Ah, that's due to another patch we have in the queue right now. I'll go
> fix this up by hand, thanks!
>
> greg k-h
Yes it's due to "s390/pci: cleanup resources only if necessary" you
need to drop that and keep this one.
