| Message ID | PU1P153MB01693F32F6BB02F9655CC84EBFD90@PU1P153MB0169.APCP153.PROD.OUTLOOK.COM (mailing list archive) |
|---|---|
| State | Mainlined, archived |
| Commit | 533ca1feed98b0bf024779a14760694c7cb4d431 |
| Headers | show |
| Series | [v2] PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier | expand |
Thanks for updating this. But you didn't update the subject line, which is really still a little too low-level. Maybe Lorenzo will fix this. Something like this, maybe? PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it On Fri, Aug 02, 2019 at 10:50:20PM +0000, Dexuan Cui wrote: > > The slot must be removed before the pci_dev is removed, otherwise a panic > can happen due to use-after-free. > > Fixes: 15becc2b56c6 ("PCI: hv: Add hv_pci_remove_slots() when we unload the driver") > Signed-off-by: Dexuan Cui <decui@microsoft.com> > Cc: stable@vger.kernel.org > --- > > Changes in v2: > Improved the changelog accordign to the discussion with Bjorn Helgaas: > https://lkml.org/lkml/2019/8/1/1173 > https://lkml.org/lkml/2019/8/2/1559 > > drivers/pci/controller/pci-hyperv.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/pci/controller/pci-hyperv.c b/drivers/pci/controller/pci-hyperv.c > index 6b9cc6e60a..68c611d 100644 > --- a/drivers/pci/controller/pci-hyperv.c > +++ b/drivers/pci/controller/pci-hyperv.c > @@ -2757,8 +2757,8 @@ static int hv_pci_remove(struct hv_device *hdev) > /* Remove the bus from PCI's point of view. */ > pci_lock_rescan_remove(); > pci_stop_root_bus(hbus->pci_bus); > - pci_remove_root_bus(hbus->pci_bus); > hv_pci_remove_slots(hbus); > + pci_remove_root_bus(hbus->pci_bus); > pci_unlock_rescan_remove(); > hbus->state = hv_pcibus_removed; > } > -- > 1.8.3.1 >
> From: linux-hyperv-owner@vger.kernel.org > <linux-hyperv-owner@vger.kernel.org> On Behalf Of Bjorn Helgaas > Sent: Tuesday, August 6, 2019 1:16 PM > To: Dexuan Cui <decui@microsoft.com> > > Thanks for updating this. But you didn't update the subject line, > which is really still a little too low-level. Maybe Lorenzo will fix > this. Something like this, maybe? > > PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it This is better. Thanks! I hope Lorenzo can help to fix this so I could avoid a v3. :-) Thanks, -- Dexuan
On Tue, Aug 06, 2019 at 08:41:17PM +0000, Dexuan Cui wrote: > > From: linux-hyperv-owner@vger.kernel.org > > <linux-hyperv-owner@vger.kernel.org> On Behalf Of Bjorn Helgaas > > Sent: Tuesday, August 6, 2019 1:16 PM > > To: Dexuan Cui <decui@microsoft.com> > > > > Thanks for updating this. But you didn't update the subject line, > > which is really still a little too low-level. Maybe Lorenzo will fix > > this. Something like this, maybe? > > > > PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it > > This is better. Thanks! > > I hope Lorenzo can help to fix this so I could avoid a v3. :-) You should have fixed it yourself, this time I will. Thanks, Lorenzo
diff --git a/drivers/pci/controller/pci-hyperv.c b/drivers/pci/controller/pci-hyperv.c index 6b9cc6e60a..68c611d 100644 --- a/drivers/pci/controller/pci-hyperv.c +++ b/drivers/pci/controller/pci-hyperv.c @@ -2757,8 +2757,8 @@ static int hv_pci_remove(struct hv_device *hdev) /* Remove the bus from PCI's point of view. */ pci_lock_rescan_remove(); pci_stop_root_bus(hbus->pci_bus); - pci_remove_root_bus(hbus->pci_bus); hv_pci_remove_slots(hbus); + pci_remove_root_bus(hbus->pci_bus); pci_unlock_rescan_remove(); hbus->state = hv_pcibus_removed; }
The slot must be removed before the pci_dev is removed, otherwise a panic can happen due to use-after-free. Fixes: 15becc2b56c6 ("PCI: hv: Add hv_pci_remove_slots() when we unload the driver") Signed-off-by: Dexuan Cui <decui@microsoft.com> Cc: stable@vger.kernel.org --- Changes in v2: Improved the changelog accordign to the discussion with Bjorn Helgaas: https://lkml.org/lkml/2019/8/1/1173 https://lkml.org/lkml/2019/8/2/1559 drivers/pci/controller/pci-hyperv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)