The slot must be removed before the pci_dev is removed, otherwise a panic
can happen due to use-after-free.
Fixes: 15becc2b56c6 ("PCI: hv: Add hv_pci_remove_slots() when we unload the driver")
Signed-off-by: Dexuan Cui <[email protected]>
Cc: [email protected]
---
Changes in v2:
Improved the changelog accordign to the discussion with Bjorn Helgaas:
https://lkml.org/lkml/2019/8/1/1173
https://lkml.org/lkml/2019/8/2/1559
drivers/pci/controller/pci-hyperv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/pci/controller/pci-hyperv.c b/drivers/pci/controller/pci-hyperv.c
index 6b9cc6e60a..68c611d 100644
--- a/drivers/pci/controller/pci-hyperv.c
+++ b/drivers/pci/controller/pci-hyperv.c
@@ -2757,8 +2757,8 @@ static int hv_pci_remove(struct hv_device *hdev)
/* Remove the bus from PCI's point of view. */
pci_lock_rescan_remove();
pci_stop_root_bus(hbus->pci_bus);
- pci_remove_root_bus(hbus->pci_bus);
hv_pci_remove_slots(hbus);
+ pci_remove_root_bus(hbus->pci_bus);
pci_unlock_rescan_remove();
hbus->state = hv_pcibus_removed;
}
--
1.8.3.1
Thanks for updating this. But you didn't update the subject line,
which is really still a little too low-level. Maybe Lorenzo will fix
this. Something like this, maybe?
PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
On Fri, Aug 02, 2019 at 10:50:20PM +0000, Dexuan Cui wrote:
>
> The slot must be removed before the pci_dev is removed, otherwise a panic
> can happen due to use-after-free.
>
> Fixes: 15becc2b56c6 ("PCI: hv: Add hv_pci_remove_slots() when we unload the driver")
> Signed-off-by: Dexuan Cui <[email protected]>
> Cc: [email protected]
> ---
>
> Changes in v2:
> Improved the changelog accordign to the discussion with Bjorn Helgaas:
> https://lkml.org/lkml/2019/8/1/1173
> https://lkml.org/lkml/2019/8/2/1559
>
> drivers/pci/controller/pci-hyperv.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/pci/controller/pci-hyperv.c b/drivers/pci/controller/pci-hyperv.c
> index 6b9cc6e60a..68c611d 100644
> --- a/drivers/pci/controller/pci-hyperv.c
> +++ b/drivers/pci/controller/pci-hyperv.c
> @@ -2757,8 +2757,8 @@ static int hv_pci_remove(struct hv_device *hdev)
> /* Remove the bus from PCI's point of view. */
> pci_lock_rescan_remove();
> pci_stop_root_bus(hbus->pci_bus);
> - pci_remove_root_bus(hbus->pci_bus);
> hv_pci_remove_slots(hbus);
> + pci_remove_root_bus(hbus->pci_bus);
> pci_unlock_rescan_remove();
> hbus->state = hv_pcibus_removed;
> }
> --
> 1.8.3.1
>
> From: [email protected]
> <[email protected]> On Behalf Of Bjorn Helgaas
> Sent: Tuesday, August 6, 2019 1:16 PM
> To: Dexuan Cui <[email protected]>
>
> Thanks for updating this. But you didn't update the subject line,
> which is really still a little too low-level. Maybe Lorenzo will fix
> this. Something like this, maybe?
>
> PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
This is better. Thanks!
I hope Lorenzo can help to fix this so I could avoid a v3. :-)
Thanks,
-- Dexuan
On Tue, Aug 06, 2019 at 08:41:17PM +0000, Dexuan Cui wrote:
> > From: [email protected]
> > <[email protected]> On Behalf Of Bjorn Helgaas
> > Sent: Tuesday, August 6, 2019 1:16 PM
> > To: Dexuan Cui <[email protected]>
> >
> > Thanks for updating this. But you didn't update the subject line,
> > which is really still a little too low-level. Maybe Lorenzo will fix
> > this. Something like this, maybe?
> >
> > PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
>
> This is better. Thanks!
>
> I hope Lorenzo can help to fix this so I could avoid a v3. :-)
You should have fixed it yourself, this time I will.
Thanks,
Lorenzo