Skip to content

Commit

Permalink
s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has c…
Browse files Browse the repository at this point in the history 
…hild VFs

With commit bcb5d6c ("s390/pci: introduce lock to synchronize state
of zpci_dev's") the code to ignore power off of a PF that has child VFs
was changed from a direct return to a goto to the unlock and
pci_dev_put() section. The change however left the existing pci_dev_put()
untouched resulting in a doubple put. This can subsequently cause a use
after free if the struct pci_dev is released in an unexpected state.
Fix this by removing the extra pci_dev_put().

Cc: stable@vger.kernel.org
Fixes: bcb5d6c ("s390/pci: introduce lock to synchronize state of zpci_dev's")
Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
Reviewed-by: Gerd Bayer <gbayer@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
  • Loading branch information
Niklas Schnelle authored and Heiko Carstens committed May 7, 2025
1 parent 42420c5 commit 05a2538
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion drivers/pci/hotplug/s390_pci_hpc.c
View file
Original file line number Diff line number Diff line change
@@ -59,7 +59,6 @@ static int disable_slot(struct hotplug_slot *hotplug_slot)

pdev = pci_get_slot(zdev->zbus->bus, zdev->devfn);
if (pdev && pci_num_vf(pdev)) {
pci_dev_put(pdev);
rc = -EBUSY;
goto out;
}

0 comments on commit 05a2538

Please sign in to comment.