PCI: pciehp: Fix infinite loop in IRQ handler upon power fault

stable inclusion from linux-4.19.233 commit ff27f7d0333cff89ec85c419f431aca1b38fb16a category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5646A CVE: NA -------------------------------- commit 23584c1e upstream. The Power Fault Detected bit in the Slot Status register differs from all other hotplug events in that it is sticky: It can only be cleared after turning off slot power. Per PCIe r5.0, sec. 6.7.1.8: If a power controller detects a main power fault on the hot-plug slot, it must automatically set its internal main power fault latch [...]. The main power fault latch is cleared when software turns off power to the hot-plug slot. The stickiness used to cause interrupt storms and infinite loops which were fixed in 2009 by commits 5651c48c ("PCI pciehp: fix power fault interrupt storm problem") and 99f0169c ("PCI: pciehp: enable software notification on empty slots"). Unfortunately in 2020 the infinite loop issue was inadvertently reintroduced by commit 8edf5332 ("PCI: pciehp: Fix MSI interrupt race"): The hardirq handler pciehp_isr() clears the PFD bit until pciehp's power_fault_detected flag is set. That happens in the IRQ thread pciehp_ist(), which never learns of the event because the hardirq handler is stuck in an infinite loop. Fix by setting the power_fault_detected flag already in the hardirq handler. Link: https://bugzilla.kernel.org/show_bug.cgi?id=214989 Link: https://lore.kernel.org/linux-pci/DM8PR11MB5702255A6A92F735D90A4446868B9@DM8PR11MB5702.namprd11.prod.outlook.com Fixes: 8edf5332 ("PCI: pciehp: Fix MSI interrupt race") Link: https://lore.kernel.org/r/66eaeef31d4997ceea357ad93259f290ededecfd.1637187226.git.lukas@wunner.deReported-by: N Joseph Bao <joseph.bao@intel.com> Tested-by: N Joseph Bao <joseph.bao@intel.com> Signed-off-by: N Lukas Wunner <lukas@wunner.de> Signed-off-by: N Bjorn Helgaas <bhelgaas@google.com> Cc: stable@vger.kernel.org # v4.19+ Cc: Stuart Hayes <stuart.w.hayes@gmail.com> [sudip: adjust context] Signed-off-by: N Sudip Mukherjee <sudipm.mukherjee@gmail.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yongqiang Liu <liuyongqiang13@huawei.com>

PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
stable inclusion from linux-4.19.233 commit ff27f7d0333cff89ec85c419f431aca1b38fb16a category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5646A CVE: NA -------------------------------- commit 23584c1e upstream. The Power Fault Detected bit in the Slot Status register differs from all other hotplug events in that it is sticky: It can only be cleared after turning off slot power. Per PCIe r5.0, sec. 6.7.1.8: If a power controller detects a main power fault on the hot-plug slot, it must automatically set its internal main power fault latch [...]. The main power fault latch is cleared when software turns off power to the hot-plug slot. The stickiness used to cause interrupt storms and infinite loops which were fixed in 2009 by commits 5651c48c ("PCI pciehp: fix power fault interrupt storm problem") and 99f0169c ("PCI: pciehp: enable software notification on empty slots"). Unfortunately in 2020 the infinite loop issue was inadvertently reintroduced by commit 8edf5332 ("PCI: pciehp: Fix MSI interrupt race"): The hardirq handler pciehp_isr() clears the PFD bit until pciehp's power_fault_detected flag is set. That happens in the IRQ thread pciehp_ist(), which never learns of the event because the hardirq handler is stuck in an infinite loop. Fix by setting the power_fault_detected flag already in the hardirq handler. Link: https://bugzilla.kernel.org/show_bug.cgi?id=214989 Link: https://lore.kernel.org/linux-pci/DM8PR11MB5702255A6A92F735D90A4446868B9@DM8PR11MB5702.namprd11.prod.outlook.com Fixes: 8edf5332 ("PCI: pciehp: Fix MSI interrupt race") Link: https://lore.kernel.org/r/66eaeef31d4997ceea357ad93259f290ededecfd.1637187226.git.lukas@wunner.deReported-by: N Joseph Bao <joseph.bao@intel.com> Tested-by: N Joseph Bao <joseph.bao@intel.com> Signed-off-by: N Lukas Wunner <lukas@wunner.de> Signed-off-by: N Bjorn Helgaas <bhelgaas@google.com> Cc: stable@vger.kernel.org # v4.19+ Cc: Stuart Hayes <stuart.w.hayes@gmail.com> [sudip: adjust context] Signed-off-by: N Sudip Mukherjee <sudipm.mukherjee@gmail.com> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yongqiang Liu <liuyongqiang13@huawei.com>
e0440916 · Lukas Wunner · Yongqiang Liu · 856bec9c · e0440916
显示空白变更内容
内联并排

Showing with 4 addition and 3 deletion

drivers/pci/hotplug/pciehp_hpc.c drivers/pci/hotplug/pciehp_hpc.c +4 -3

未找到文件。
--- a/drivers/pci/hotplug/pciehp_hpc.c
+++ b/drivers/pci/hotplug/pciehp_hpc.c
@@ -609,6 +609,8 @@ static irqreturn_t pciehp_isr(int irq, void *dev_id)
 	 */
 	if (ctrl->power_fault_detected)
 		status &= ~PCI_EXP_SLTSTA_PFD;
+	else if (status & PCI_EXP_SLTSTA_PFD)
+		ctrl->power_fault_detected = true;
 	events |= status;
 	if (!events) {
@@ -618,7 +620,7 @@ static irqreturn_t pciehp_isr(int irq, void *dev_id)
 	}
 	if (status) {
-		pcie_capability_write_word(pdev, PCI_EXP_SLTSTA, events);
+		pcie_capability_write_word(pdev, PCI_EXP_SLTSTA, status);
 		/*
 		 * In MSI mode, all event bits must be zero before the port
@@ -706,8 +708,7 @@ static irqreturn_t pciehp_ist(int irq, void *dev_id)
 	}
 	/* Check Power Fault Detected */
-	if ((events & PCI_EXP_SLTSTA_PFD) && !ctrl->power_fault_detected) {
+	if (events & PCI_EXP_SLTSTA_PFD) {
-		ctrl->power_fault_detected = 1;
 		ctrl_err(ctrl, "Slot(%s): Power fault\n", slot_name(slot));
 		pciehp_set_attention_status(slot, 1);
 		pciehp_green_led_off(slot);