Bug 161866 - Race condition accessing PCI config space
Race condition accessing PCI config space
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
x86_64 Linux
high Severity high
: ---
: ---
Assigned To: Jim Paradis
Brian Brock
Depends On:
Blocks: 168424
  Show dependency treegraph
Reported: 2005-06-27 18:14 EDT by David Milburn
Modified: 2007-11-30 17:07 EST (History)
5 users (show)

See Also:
Fixed In Version: RHSA-2006-0144
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-03-15 11:08:41 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch to synchronize access to PCI config space (4.30 KB, patch)
2005-06-27 18:15 EDT, David Milburn
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2006:0144 qe-ready SHIPPED_LIVE Moderate: Updated kernel packages available for Red Hat Enterprise Linux 3 Update 7 2006-03-15 00:00:00 EST

  None (edit)
Description David Milburn 2005-06-27 18:14:24 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050302 Firefox/1.0.1 Fedora/1.0.1-1.3.2

Description of problem:
CF8/CFC cycles may get intermingled creating a race condition. It is possible to have two CF8 writes before a CFC access, customer has seen a particular case when acpi_os_write_pci_configuration() is calling pci_conf1_write() which is protected by pci_config_lock, while a driver (tg3 in this case) is calling pci_conf1_write_config_dword() which is not protected. 

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Load tg3 driver on EM64T.

Actual Results:  FSB trace showed several places where the system has CF8/CFC cycles which are getting intermingled.

Expected Results:  PCI access should be protected.

Additional info:

Attaching patch provided by the customer, they have verified that the patch fixes the problem.
Comment 1 David Milburn 2005-06-27 18:15:45 EDT
Created attachment 116037 [details]
Patch to synchronize access to PCI config space
Comment 2 John W. Linville 2005-06-28 10:42:51 EDT
Patch looks pretty sane to me, and fairly close to the x86 version.  Not sure 
why they added NULL checks of *value for the pci_*_read_config_byte and 
pci_*_read_config_word but not to the pci_*_read_config_dword versions, but 
other than that, it looks fine... 
Comment 13 Samuel Benjamin 2005-10-05 14:20:57 EDT
Please add PM and QE acks to add this fix into U7. Thanks.
Comment 18 Ernie Petrides 2005-10-20 01:43:17 EDT
A fix for this problem has just been committed to the RHEL3 U7
patch pool this evening (in kernel version 2.4.21-37.6.EL).
Comment 23 Red Hat Bugzilla 2006-03-15 11:08:41 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.