From 4fb88c1a28a8dc302bdc09858e7cdafc97bef794 Mon Sep 17 00:00:00 2001
From: Matthew Wilcox <matthew@wil.cx>
Date: Sun, 17 Jan 2010 14:01:41 -0700
Subject: [PATCH] PCI: Make pci_scan_slot more robust

Yinghai pointed out that the new pci_scan_slot() crashes when called
on an ARI-capable slot that is empty.  Fix this by exiting early from
pci_scan_slot if there is no device in the slot.

Also make next_ari_func() robust against devices not existing in case
the ARI capability is corrupt.  ARI also requires that the devices be
listed in order, so if we find a function listed that is out of order,
stop scanning to prevent loops.

Signed-off-by: Matthew Wilcox <matthew@wil.cx>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
---
 drivers/pci/probe.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
index 9672760c7ade3..233d1c275d96a 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -1222,11 +1222,19 @@ EXPORT_SYMBOL(pci_scan_single_device);
 static unsigned next_ari_fn(struct pci_dev *dev, unsigned fn)
 {
 	u16 cap;
-	unsigned pos = pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ARI);
+	unsigned pos, next_fn;
+
+	if (!dev)
+		return 0;
+
+	pos = pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ARI);
 	if (!pos)
 		return 0;
 	pci_read_config_word(dev, pos + 4, &cap);
-	return cap >> 8;
+	next_fn = cap >> 8;
+	if (next_fn <= fn)
+		return 0;
+	return next_fn;
 }
 
 static unsigned next_trad_fn(struct pci_dev *dev, unsigned fn)
@@ -1271,12 +1279,14 @@ int pci_scan_slot(struct pci_bus *bus, int devfn)
 		return 0; /* Already scanned the entire slot */
 
 	dev = pci_scan_single_device(bus, devfn);
-	if (dev && !dev->is_added)	/* new device? */
+	if (!dev)
+		return 0;
+	if (!dev->is_added)
 		nr++;
 
 	if (pci_ari_enabled(bus))
 		next_fn = next_ari_fn;
-	else if (dev && dev->multifunction)
+	else if (dev->multifunction)
 		next_fn = next_trad_fn;
 
 	for (fn = next_fn(dev, 0); fn > 0; fn = next_fn(dev, fn)) {
-- 
GitLab