Re: [PATCH] PCI: check bridge->bus in pci_host_common_remove

From: Bjorn Helgaas
Date: Tue Nov 19 2024 - 13:07:48 EST


On Mon, Oct 28, 2024 at 04:46:43PM +0800, Peng Fan (OSS) wrote:
> From: Peng Fan <peng.fan@xxxxxxx>
>
> When PCI node was created using an overlay and the overlay is
> reverted/destroyed, the "linux,pci-domain" property no longer exists,
> so of_get_pci_domain_nr will return failure. Then
> of_pci_bus_release_domain_nr will actually use the dynamic IDA, even
> if the IDA was allocated in static IDA. So the flow is as below:
> A: of_changeset_revert
> pci_host_common_remove
> pci_bus_release_domain_nr
> of_pci_bus_release_domain_nr
> of_get_pci_domain_nr # fails because overlay is gone
> ida_free(&pci_domain_nr_dynamic_ida)
>
> With driver calls pci_host_common_remove explicity, the flow becomes:
> B pci_host_common_remove
> pci_bus_release_domain_nr
> of_pci_bus_release_domain_nr
> of_get_pci_domain_nr # succeeds in this order
> ida_free(&pci_domain_nr_static_ida)
> A of_changeset_revert
> pci_host_common_remove
>
> With updated flow, the pci_host_common_remove will be called twice,
> so need to check 'bridge->bus' to avoid accessing invalid pointer.

If/when you post a v2 of this, please:

- Update the subject to say *why* this change is desirable.

- Follow the capitalization convention (use "git log --oneline" to
discover it).

- Add "()" after function names in the text (no need in the call
tree because that's obviously all functions).

- Mention the user-visible problem this fixes, e.g., do you see an
oops because of a NULL pointer dereference?