Re: [PATCH v2] PCI: hv: Fix panic by calling hv_pci_remove_slots() earlier
From: Bjorn Helgaas
Date: Tue Aug 06 2019 - 16:16:15 EST
Thanks for updating this. But you didn't update the subject line,
which is really still a little too low-level. Maybe Lorenzo will fix
this. Something like this, maybe?
PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
On Fri, Aug 02, 2019 at 10:50:20PM +0000, Dexuan Cui wrote:
>
> The slot must be removed before the pci_dev is removed, otherwise a panic
> can happen due to use-after-free.
>
> Fixes: 15becc2b56c6 ("PCI: hv: Add hv_pci_remove_slots() when we unload the driver")
> Signed-off-by: Dexuan Cui <decui@xxxxxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> ---
>
> Changes in v2:
> Improved the changelog accordign to the discussion with Bjorn Helgaas:
> https://lkml.org/lkml/2019/8/1/1173
> https://lkml.org/lkml/2019/8/2/1559
>
> drivers/pci/controller/pci-hyperv.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/pci/controller/pci-hyperv.c b/drivers/pci/controller/pci-hyperv.c
> index 6b9cc6e60a..68c611d 100644
> --- a/drivers/pci/controller/pci-hyperv.c
> +++ b/drivers/pci/controller/pci-hyperv.c
> @@ -2757,8 +2757,8 @@ static int hv_pci_remove(struct hv_device *hdev)
> /* Remove the bus from PCI's point of view. */
> pci_lock_rescan_remove();
> pci_stop_root_bus(hbus->pci_bus);
> - pci_remove_root_bus(hbus->pci_bus);
> hv_pci_remove_slots(hbus);
> + pci_remove_root_bus(hbus->pci_bus);
> pci_unlock_rescan_remove();
> hbus->state = hv_pcibus_removed;
> }
> --
> 1.8.3.1
>