linux/drivers/pci
Rob Herring 9885440b16 PCI: Fix pci_host_bridge struct device release/free handling
The PCI code has several paths where the struct pci_host_bridge is freed
directly. This is wrong because it contains a struct device which is
refcounted and should be freed using put_device(). This can result in
use-after-free errors. I think this problem has existed since 2012 with
commit 7b54366358 ("PCI: add generic device into pci_host_bridge
struct"). It generally hasn't mattered as most host bridge drivers are
still built-in and can't unbind.

The problem is a struct device should never be freed directly once
device_initialize() is called and a ref is held, but that doesn't happen
until pci_register_host_bridge(). There's then a window between allocating
the host bridge and pci_register_host_bridge() where kfree should be used.
This is fragile and requires callers to do the right thing. To fix this, we
need to split device_register() into device_initialize() and device_add()
calls, so that the host bridge struct is always freed by using a
put_device().

devm_pci_alloc_host_bridge() is using devm_kzalloc() to allocate struct
pci_host_bridge which will be freed directly. Instead, we can use a custom
devres action to call put_device().

Link: https://lore.kernel.org/r/20200513223859.11295-2-robh@kernel.org
Reported-by: Anders Roxell <anders.roxell@linaro.org>
Tested-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
2020-05-14 16:36:35 -05:00
..
controller pci-v5.7-changes 2020-04-03 14:25:02 -07:00
endpoint PCI: dwc: Fix dw_pcie_ep_raise_msix_irq() to get correct MSI-X table address 2020-04-02 17:57:10 +01:00
hotplug powerpc updates for 5.7 2020-04-05 11:12:59 -07:00
pcie pci-v5.7-changes 2020-04-03 14:25:02 -07:00
switch pci/switchtec: Replace completion wait queue usage for poll 2020-03-21 16:00:20 +01:00
access.c PCI/AER: Save AER Capability for suspend/resume 2019-10-18 17:05:42 -05:00
ats.c PCI/ATS: Export symbols of PASID functions 2020-03-18 21:32:25 +00:00
bus.c
ecam.c
host-bridge.c
iov.c PCI/IOV: Fix memory leak in pci_iov_add_virtfn() 2019-12-09 15:51:32 -06:00
irq.c
Kconfig Merge branch 'pci/trivial' 2019-11-28 08:54:55 -06:00
Makefile PCI: Allow building PCIe things without PCIEPORTBUS 2019-11-21 07:52:33 -06:00
mmap.c
msi.c remove ioremap_nocache and devm_ioremap_nocache 2020-01-06 09:45:59 +01:00
of.c PCI: Make devm_of_pci_get_host_bridge_resources() static 2019-11-20 17:00:14 +00:00
p2pdma.c PCI/P2PDMA: Add Intel Sky Lake-E Root Ports B, C, D to the whitelist 2020-03-18 18:09:07 -05:00
pci-acpi.c Merge branch 'pci/misc' 2020-04-02 14:26:38 -05:00
pci-bridge-emul.c PCI: pci-bridge-emul: Use new constant PCI_STATUS_ERROR_BITS 2020-03-04 14:21:00 -08:00
pci-bridge-emul.h PCI: pci-bridge-emul: Fix big-endian support 2019-10-17 12:42:48 +01:00
pci-driver.c PCI/PM: Add missing link delays required by the PCIe spec 2019-11-20 17:37:24 -06:00
pci-label.c
pci-mid.c PCI: intel-mid: Convert to new X86 CPU match macros 2020-03-24 21:35:06 +01:00
pci-pf-stub.c
pci-stub.c
pci-sysfs.c Merge branch 'pci/misc' 2020-04-02 14:26:38 -05:00
pci.c pci-v5.7-changes 2020-04-03 14:25:02 -07:00
pci.h Merge branch 'pci/enumeration' 2020-04-02 14:26:32 -05:00
probe.c PCI: Fix pci_host_bridge struct device release/free handling 2020-05-14 16:36:35 -05:00
proc.c proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
quirks.c Merge branch 'pci/virtualization' 2020-04-02 14:26:45 -05:00
remove.c PCI: Fix pci_host_bridge struct device release/free handling 2020-05-14 16:36:35 -05:00
rom.c PCI: Use ioremap(), not phys_to_virt() for platform ROM 2020-03-30 09:52:23 -05:00
search.c Merge branch 'pci/host-vmd' 2020-01-29 17:00:02 -06:00
setup-bus.c PCI: Add support for root bus sizing 2020-03-30 09:52:34 -05:00
setup-irq.c
setup-res.c
slot.c PCI: Add pci_speed_string() 2020-03-10 14:05:33 -05:00
syscall.c
vc.c Merge branch 'pci/trivial' 2019-09-23 16:10:31 -05:00
vpd.c PCI/VPD: Prevent VPD access for Amazon's Annapurna Labs Root Port 2019-09-16 14:10:09 +01:00
xen-pcifront.c