PCI: Initialize spinlock in new_id_store()

[PATCH] PCI: Initialize spinlock in new_id_store()
Posted by Zhenzhong Duan 1 month, 4 weeks ago
new_id_store() creates a dummy pci_dev structure but doesn't initialize
driver_override.lock in device structure. The lock is taken by
device_match_driver_override() during PCI ID existence checking, then
below lock corruption is reported if spinlock debug is enabled.

  BUG: spinlock bad magic on CPU#74, vfio_pci.sh/4575
   lock: 0xff1100018fd3e158, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0
  Call Trace:
   <TASK>
   dump_stack_lvl+0x51/0x80
   do_raw_spin_lock+0x64/0xc0
   pci_match_device+0x22/0x180
   new_id_store+0x184/0x1e0
   kernfs_fop_write_iter+0x13a/0x1e0
   vfs_write+0x31b/0x440
   ksys_write+0x67/0xe0
   do_syscall_64+0xa5/0x12c0
   entry_SYSCALL_64_after_hwframe+0x76/0x7e

The call trace is harmless as the whole driver_override structure is
initialized to zero.

Fixes: 10a4206a2401 ("PCI: use generic driver_override infrastructure")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
---
 drivers/pci/pci-driver.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c
index dd9075403987..9c3d4606721a 100644
--- a/drivers/pci/pci-driver.c
+++ b/drivers/pci/pci-driver.c
@@ -213,6 +213,9 @@ static ssize_t new_id_store(struct device_driver *driver, const char *buf,
 		pdev->subsystem_device = subdevice;
 		pdev->class = class;
 
+		/* Initialize driver_override.lock as device_match_driver_override() takes it. */
+		spin_lock_init(&pdev->dev.driver_override.lock);
+
 		if (pci_match_device(pdrv, pdev))
 			retval = -EEXIST;
 
-- 
2.47.3