]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
projects / thirdparty / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b8e40c9)
pds_core: quiesce DMA before freeing resources
authorNikhil P. Rao <nikhil.rao@amd.com>
Thu, 4 Jun 2026 21:36:37 +0000 (21:36 +0000)
committerJakub Kicinski <kuba@kernel.org>
Tue, 9 Jun 2026 00:19:56 +0000 (17:19 -0700)
pdsc_teardown() frees DMA buffers but does not disable bus mastering,
leaving the device able to perform DMA after the buffers are freed.
This can lead to use-after-free if the device writes to freed memory.

Add pci_clear_master() to pdsc_teardown() to disable bus mastering
before freeing resources, ensuring all DMA is quiesced.

Add pci_set_master() to pdsc_setup() to re-enable bus mastering,
which is needed for the firmware recovery path since pdsc_teardown()
now disables it.

Signed-off-by: Nikhil P. Rao <nikhil.rao@amd.com>
Link: https://patch.msgid.link/20260604213637.3844317-1-nikhil.rao@amd.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
drivers/net/ethernet/amd/pds_core/core.c patch | blob | blame | history

diff --git a/drivers/net/ethernet/amd/pds_core/core.c b/drivers/net/ethernet/amd/pds_core/core.c
index 705cab7b07273df913c04a3a1f8d81ccde010992..38a2446571afabe14439ebd607dfe416eafbbfdf 100644 (file)
--- a/drivers/net/ethernet/amd/pds_core/core.c
+++ b/drivers/net/ethernet/amd/pds_core/core.c
@@ -446,6 +446,8 @@ int pdsc_setup(struct pdsc *pdsc, bool init)
 {
        int err;
 
+       pci_set_master(pdsc->pdev);
+
        err = pdsc_dev_init(pdsc);
        if (err)
                return err;
@@ -480,6 +482,8 @@ void pdsc_teardown(struct pdsc *pdsc, bool removing)
        if (pdsc->adminqcq.work.func)
                cancel_work_sync(&pdsc->adminqcq.work);
 
+       pci_clear_master(pdsc->pdev);
+
        pdsc_core_uninit(pdsc);
 
        if (removing) {
A mirror of Linus' kernel repository