PCI/AER: Restore pci_ops pointer while calling original pci_ops
authorDavid Daney <david.daney@cavium.com>
Tue, 22 Dec 2015 21:44:51 +0000 (13:44 -0800)
committerBjorn Helgaas <bhelgaas@google.com>
Thu, 4 Feb 2016 20:26:27 +0000 (14:26 -0600)
commit7e8fbdc628760857369af05636ed4ddc4fc8569b
treeff25b6c3c10cad84a2b441c9532846756a4a7dc1
parent3b0a6d1a1b3335fde9cbbc659568ed619b07d24a
PCI/AER: Restore pci_ops pointer while calling original pci_ops

The aer_inject module intercepts config space accesses by replacing the
bus->ops pointer.  If it forwards accesses to the original pci_ops, and
those original ops use bus->ops, they see the aer_pci_ops instead of their
own pci_ops, which can cause a crash.

For example, pci_generic_config_read() uses the bus->ops->map_bus pointer.
If bus->ops is set to aer_pci_ops, which doesn't supply .map_bus,
pci_generic_config_read() will dereference an invalid pointer and cause a
crash.

Temporarily restore the original bus->ops pointer while calling ops->read()
or ops->write().  Callers of these functions already hold pci_lock, which
prevents other users of bus->ops until we're finished.

[bhelgaas: changelog]
Signed-off-by: David Daney <david.daney@cavium.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
drivers/pci/pcie/aer/aer_inject.c