summaryrefslogtreecommitdiffstats
path: root/drivers/s390/crypto/zcrypt_queue.c
diff options
context:
space:
mode:
authorHarald Freudenberger <freude@linux.ibm.com>2020-10-20 12:20:30 +0200
committerHeiko Carstens <hca@linux.ibm.com>2020-11-03 15:12:15 +0100
commit29c2680fd2bf3862ff5cf2957f198512493156f9 (patch)
treea02f668559b8c28884bbcf26586df66cd29c1b2e /drivers/s390/crypto/zcrypt_queue.c
parentLinux 5.10-rc2 (diff)
downloadlinux-29c2680fd2bf3862ff5cf2957f198512493156f9.tar.xz
linux-29c2680fd2bf3862ff5cf2957f198512493156f9.zip
s390/ap: fix ap devices reference counting
With the last rework of the AP bus scan function one get_device() is missing causing the reference counter to be one instance too low. Together with binding/unbinding device drivers to an ap device it may end up in an segfault because the ap device is freed but a device driver still assumes it's pointer to the ap device is valid: Unable to handle kernel pointer dereference in virtual kernel address space Failing address: 6b6b6b6b6b6b6000 TEID: 6b6b6b6b6b6b6803 Fault in home space mode while using kernel ASCE. Krnl PSW : 0404e00180000000 000000001472f3b6 (klist_next+0x7e/0x180) R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3 Call Trace: [<000000001472f3b6>] klist_next+0x7e/0x180 ([<000000001472f36a>] klist_next+0x32/0x180) [<00000000147c14de>] bus_for_each_dev+0x66/0xb8 [<0000000014aab0d4>] ap_scan_adapter+0xcc/0x6c0 [<0000000014aab74a>] ap_scan_bus+0x82/0x140 [<0000000013f3b654>] process_one_work+0x27c/0x478 [<0000000013f3b8b6>] worker_thread+0x66/0x368 [<0000000013f44e32>] kthread+0x17a/0x1a0 [<0000000014af23e4>] ret_from_fork+0x24/0x2c Kernel panic - not syncing: Fatal exception: panic_on_oops Fixed by adjusting the reference count with get_device() on the right place. Also now the device drivers don't need to adjust the ap device's reference counting any more. This is now done in the ap bus probe and remove functions. Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com> Fixes: 4f2fcccdb547 ("s390/ap: add card/queue deconfig state") Signed-off-by: Harald Freudenberger <freude@linux.ibm.com> Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Diffstat (limited to 'drivers/s390/crypto/zcrypt_queue.c')
-rw-r--r--drivers/s390/crypto/zcrypt_queue.c6
1 files changed, 1 insertions, 5 deletions
diff --git a/drivers/s390/crypto/zcrypt_queue.c b/drivers/s390/crypto/zcrypt_queue.c
index 3c207066313c..5062eae73d4a 100644
--- a/drivers/s390/crypto/zcrypt_queue.c
+++ b/drivers/s390/crypto/zcrypt_queue.c
@@ -180,7 +180,6 @@ int zcrypt_queue_register(struct zcrypt_queue *zq)
&zcrypt_queue_attr_group);
if (rc)
goto out;
- get_device(&zq->queue->ap_dev.device);
if (zq->ops->rng) {
rc = zcrypt_rng_device_add();
@@ -192,7 +191,6 @@ int zcrypt_queue_register(struct zcrypt_queue *zq)
out_unregister:
sysfs_remove_group(&zq->queue->ap_dev.device.kobj,
&zcrypt_queue_attr_group);
- put_device(&zq->queue->ap_dev.device);
out:
spin_lock(&zcrypt_list_lock);
list_del_init(&zq->list);
@@ -220,12 +218,10 @@ void zcrypt_queue_unregister(struct zcrypt_queue *zq)
list_del_init(&zq->list);
zcrypt_device_count--;
spin_unlock(&zcrypt_list_lock);
- zcrypt_card_put(zc);
if (zq->ops->rng)
zcrypt_rng_device_remove();
sysfs_remove_group(&zq->queue->ap_dev.device.kobj,
&zcrypt_queue_attr_group);
- put_device(&zq->queue->ap_dev.device);
- zcrypt_queue_put(zq);
+ zcrypt_card_put(zc);
}
EXPORT_SYMBOL(zcrypt_queue_unregister);