Re: [PATCH v2 1/3] PCI/sysfs: Fix null pointer dereference during hotplug

From: Bjorn Helgaas
Date: Mon Dec 29 2025 - 12:31:16 EST

Next message: Ryota Sakamoto: "Re: [PATCH] gfs2: Fix use-after-free in gfs2_fill_super"
Previous message: Manivannan Sadhasivam via B4 Relay: "[PATCH v3 6/7] PCI: qcom: Drop the assert_perst() callbacks"
In reply to: Ziming Du: "[PATCH v2 1/3] PCI/sysfs: Fix null pointer dereference during hotplug"
Next in thread: duziming: "Re: [PATCH v2 1/3] PCI/sysfs: Fix null pointer dereference during hotplug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 24, 2025 at 05:27:17PM +0800, Ziming Du wrote:
> During the concurrent process of creating and rescanning in VF, the
> resource files for the same pci_dev may be created twice. The second
> creation attempt fails, resulting the res_attr in pci_dev to kfree(),
> but the pointer is not set to NULL. This will subsequently lead to
> dereferencing a null pointer when removing the device.
>
> When we perform the following operation:
> echo $vfcount > /sys/class/net/"$pfname"/device/sriov_numvfs &

Is the value of $vfcount relevant here? Can you use the actual values
here instead of the variables so this is more useful to others?

> sleep 0.5
> echo 1 > /sys/bus/pci/rescan
> pci_remove "$pfname"
> system will crash as follows:

Next message: Ryota Sakamoto: "Re: [PATCH] gfs2: Fix use-after-free in gfs2_fill_super"
Previous message: Manivannan Sadhasivam via B4 Relay: "[PATCH v3 6/7] PCI: qcom: Drop the assert_perst() callbacks"
In reply to: Ziming Du: "[PATCH v2 1/3] PCI/sysfs: Fix null pointer dereference during hotplug"
Next in thread: duziming: "Re: [PATCH v2 1/3] PCI/sysfs: Fix null pointer dereference during hotplug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]