git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Zijun Hu <quic_zijuhu@quicinc.com>
	Thu, 7 Nov 2024 00:53:08 +0000 (08:53 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 9 Dec 2024 09:41:07 +0000 (10:41 +0100)
commit	c74a1df6c2a2df7dd45c3fc1a5edc29a075dcf22
tree	9fb22d5bef22f40011b1665ee1f30dad48eb6622	tree
parent	5946dc018befa1342ceb5d52893868d7cbbb456e	commit \| diff

PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy()

commit 4acc902ed3743edd4ac2d3846604a99d17104359 upstream.

pci_epc_destroy() invokes pci_bus_release_domain_nr() to release the PCI
domain ID, but there are two issues:

  - 'epc->dev' is passed to pci_bus_release_domain_nr() which was already
    freed by device_unregister(), leading to a use-after-free issue.

  - Domain ID corresponds to the EPC device parent, so passing 'epc->dev'
    is also wrong.

Fix these issues by passing 'epc->dev.parent' to
pci_bus_release_domain_nr() and also do it before device_unregister().

Fixes: 0328947c5032 ("PCI: endpoint: Assign PCI domain number for endpoint controllers")
Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20241107-epc_rfc-v2-1-da5b6a99a66f@quicinc.com
[mani: reworded subject and description]
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>