linux-hyperv.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2] PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier
@ 2019-08-02 22:50 Dexuan Cui
  2019-08-06 20:16 ` Bjorn Helgaas
  0 siblings, 1 reply; 4+ messages in thread
From: Dexuan Cui @ 2019-08-02 22:50 UTC (permalink / raw)
  To: lorenzo.pieralisi, bhelgaas, linux-pci, Michael Kelley,
	Stephen Hemminger
  Cc: linux-hyperv, linux-kernel, driverdev-devel, Sasha Levin,
	Haiyang Zhang, KY Srinivasan, olaf, apw, jasowang, vkuznets,
	marcelo.cerri, jackm, Dexuan Cui


The slot must be removed before the pci_dev is removed, otherwise a panic
can happen due to use-after-free.

Fixes: 15becc2b56c6 ("PCI: hv: Add hv_pci_remove_slots() when we unload the driver")
Signed-off-by: Dexuan Cui <decui@microsoft.com>
Cc: stable@vger.kernel.org
---

Changes in v2:
  Improved the changelog accordign to the discussion with Bjorn Helgaas:
	  https://lkml.org/lkml/2019/8/1/1173
	  https://lkml.org/lkml/2019/8/2/1559

 drivers/pci/controller/pci-hyperv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/pci/controller/pci-hyperv.c b/drivers/pci/controller/pci-hyperv.c
index 6b9cc6e60a..68c611d 100644
--- a/drivers/pci/controller/pci-hyperv.c
+++ b/drivers/pci/controller/pci-hyperv.c
@@ -2757,8 +2757,8 @@ static int hv_pci_remove(struct hv_device *hdev)
 		/* Remove the bus from PCI's point of view. */
 		pci_lock_rescan_remove();
 		pci_stop_root_bus(hbus->pci_bus);
-		pci_remove_root_bus(hbus->pci_bus);
 		hv_pci_remove_slots(hbus);
+		pci_remove_root_bus(hbus->pci_bus);
 		pci_unlock_rescan_remove();
 		hbus->state = hv_pcibus_removed;
 	}
-- 
1.8.3.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH v2] PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier
  2019-08-02 22:50 [PATCH v2] PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier Dexuan Cui
@ 2019-08-06 20:16 ` Bjorn Helgaas
  2019-08-06 20:41   ` Dexuan Cui
  0 siblings, 1 reply; 4+ messages in thread
From: Bjorn Helgaas @ 2019-08-06 20:16 UTC (permalink / raw)
  To: Dexuan Cui
  Cc: lorenzo.pieralisi, linux-pci, Michael Kelley, Stephen Hemminger,
	linux-hyperv, linux-kernel, driverdev-devel, Sasha Levin,
	Haiyang Zhang, KY Srinivasan, olaf, apw, jasowang, vkuznets,
	marcelo.cerri, jackm

Thanks for updating this.  But you didn't update the subject line,
which is really still a little too low-level.  Maybe Lorenzo will fix
this.  Something like this, maybe?

  PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it

On Fri, Aug 02, 2019 at 10:50:20PM +0000, Dexuan Cui wrote:
> 
> The slot must be removed before the pci_dev is removed, otherwise a panic
> can happen due to use-after-free.
> 
> Fixes: 15becc2b56c6 ("PCI: hv: Add hv_pci_remove_slots() when we unload the driver")
> Signed-off-by: Dexuan Cui <decui@microsoft.com>
> Cc: stable@vger.kernel.org
> ---
> 
> Changes in v2:
>   Improved the changelog accordign to the discussion with Bjorn Helgaas:
> 	  https://lkml.org/lkml/2019/8/1/1173
> 	  https://lkml.org/lkml/2019/8/2/1559
> 
>  drivers/pci/controller/pci-hyperv.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/pci/controller/pci-hyperv.c b/drivers/pci/controller/pci-hyperv.c
> index 6b9cc6e60a..68c611d 100644
> --- a/drivers/pci/controller/pci-hyperv.c
> +++ b/drivers/pci/controller/pci-hyperv.c
> @@ -2757,8 +2757,8 @@ static int hv_pci_remove(struct hv_device *hdev)
>  		/* Remove the bus from PCI's point of view. */
>  		pci_lock_rescan_remove();
>  		pci_stop_root_bus(hbus->pci_bus);
> -		pci_remove_root_bus(hbus->pci_bus);
>  		hv_pci_remove_slots(hbus);
> +		pci_remove_root_bus(hbus->pci_bus);
>  		pci_unlock_rescan_remove();
>  		hbus->state = hv_pcibus_removed;
>  	}
> -- 
> 1.8.3.1
> 

^ permalink raw reply	[flat|nested] 4+ messages in thread
* RE: [PATCH v2] PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier
  2019-08-06 20:16 ` Bjorn Helgaas
@ 2019-08-06 20:41   ` Dexuan Cui
  2019-08-12 13:06     ` Lorenzo Pieralisi
  0 siblings, 1 reply; 4+ messages in thread
From: Dexuan Cui @ 2019-08-06 20:41 UTC (permalink / raw)
  To: Bjorn Helgaas
  Cc: lorenzo.pieralisi, linux-pci, Michael Kelley, Stephen Hemminger,
	linux-hyperv, linux-kernel, driverdev-devel, Sasha Levin,
	Haiyang Zhang, KY Srinivasan, olaf, apw, jasowang, vkuznets,
	marcelo.cerri, jackm

> From: linux-hyperv-owner@vger.kernel.org
> <linux-hyperv-owner@vger.kernel.org> On Behalf Of Bjorn Helgaas
> Sent: Tuesday, August 6, 2019 1:16 PM
> To: Dexuan Cui <decui@microsoft.com>
> 
> Thanks for updating this.  But you didn't update the subject line,
> which is really still a little too low-level.  Maybe Lorenzo will fix
> this.  Something like this, maybe?
> 
>   PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it

This is better. Thanks!

I hope Lorenzo can help to fix this so I could avoid a v3. :-)

Thanks,
-- Dexuan

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH v2] PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier
  2019-08-06 20:41   ` Dexuan Cui
@ 2019-08-12 13:06     ` Lorenzo Pieralisi
  0 siblings, 0 replies; 4+ messages in thread
From: Lorenzo Pieralisi @ 2019-08-12 13:06 UTC (permalink / raw)
  To: Dexuan Cui
  Cc: Bjorn Helgaas, linux-pci, Michael Kelley, Stephen Hemminger,
	linux-hyperv, linux-kernel, driverdev-devel, Sasha Levin,
	Haiyang Zhang, KY Srinivasan, olaf, apw, jasowang, vkuznets,
	marcelo.cerri, jackm

On Tue, Aug 06, 2019 at 08:41:17PM +0000, Dexuan Cui wrote:
> > From: linux-hyperv-owner@vger.kernel.org
> > <linux-hyperv-owner@vger.kernel.org> On Behalf Of Bjorn Helgaas
> > Sent: Tuesday, August 6, 2019 1:16 PM
> > To: Dexuan Cui <decui@microsoft.com>
> > 
> > Thanks for updating this.  But you didn't update the subject line,
> > which is really still a little too low-level.  Maybe Lorenzo will fix
> > this.  Something like this, maybe?
> > 
> >   PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
> 
> This is better. Thanks!
> 
> I hope Lorenzo can help to fix this so I could avoid a v3. :-)

You should have fixed it yourself, this time I will.

Thanks,
Lorenzo

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-08-12 13:06 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-02 22:50 [PATCH v2] PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier Dexuan Cui
2019-08-06 20:16 ` Bjorn Helgaas
2019-08-06 20:41   ` Dexuan Cui
2019-08-12 13:06     ` Lorenzo Pieralisi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).