Bug 164628 - pci_scan_device can cause master abort
Summary: pci_scan_device can cause master abort
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Kimball Murray
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks: 156322
TreeView+ depends on / blocked
 
Reported: 2005-07-29 14:25 UTC by Kimball Murray
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version: RHSA-2005-514
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-10-05 13:46:30 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:514 0 qe-ready SHIPPED_LIVE Important: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 2 2005-10-05 04:00:00 UTC

Description Kimball Murray 2005-07-29 14:25:08 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Description of problem:
pci_scan_device reads the header type from configuration space before checking if a valid vendor id can be read.  The vendor id should be read first to verify that a particular pci function exists.  Only after a valid vendor id is found should software then read other configuration registers. Failing to adhere to this order causes a master abort, which may be detected and reported on platforms whose pci bridges have that reporting capability.

Version-Release number of selected component (if applicable):
kernel-2.6.9-11

How reproducible:
Always

Steps to Reproduce:
1. Turn on error reporting in the pci bridge
2. insert a dual-port gigabit card in a pci hotplug slot
3. bringup the card using pci_scan_slot.
  

Actual Results:  bridge detects master abort from function 2 of the hotplug slot.  Function 2 does not exist.

Expected Results:  pci_scan_device should have returned from scanning function 2 without having read anything but vendor/device id.

Additional info:

This bug has been fixed upstream already.
Comment 1 Kimball Murray 2005-07-29 14:31:00 UTC 
Suggested fix:

--- linux-2.6.9/drivers/pci/probe.c     2005-06-24 13:01:57.000000000 -0400
+++ /root/cvs/stratus/kernel-2.6.9/linux-2.6.9/drivers/pci/probe.c     
2005-07-29 09:48:10.000000000 -0400
@@ -590,9 +590,6 @@
        u32 l;
        u8 hdr_type;

-       if (pci_bus_read_config_byte(bus, devfn, PCI_HEADER_TYPE, &hdr_type))
-               return NULL;
-
        if (pci_bus_read_config_dword(bus, devfn, PCI_VENDOR_ID, &l))
                return NULL;

@@ -601,6 +598,9 @@
            l == 0x0000ffff || l == 0xffff0000)
                return NULL;

+       if (pci_bus_read_config_byte(bus, devfn, PCI_HEADER_TYPE, &hdr_type))
+               return NULL;
+
        dev = kmalloc(sizeof(struct pci_dev), GFP_KERNEL);
        if (!dev)
                return NULL;
Comment 6 Red Hat Bugzilla 2005-10-05 13:46:30 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-514.html
Note You need to log in before you can comment on or make changes to this bug.