From patchwork Thu Aug 20 09:23:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 265698 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 313C3C433E3 for ; Thu, 20 Aug 2020 10:22:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0102A20738 for ; Thu, 20 Aug 2020 10:22:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597918937; bh=Ihlg5gtctDVm2xDUIMMHWVH+lViW3wLRwTsxbd0cDkk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=ItYdJi0KOnPn39oubcMyUP1BDREdMpyXBHH7LPyjb7SEJTfBBMWfGu332YrostOSB nz01ytguXWcCfC9ERA69b9hzspSaoM8bMFcJbFIW0HX88d8yzI/49BaRLDvDHYDohb QTKwMV+NWmH17aD5A9EtA84jSpLEpQpAvyPb7Wwg= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728948AbgHTKWP (ORCPT ); Thu, 20 Aug 2020 06:22:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:49698 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731608AbgHTKWN (ORCPT ); Thu, 20 Aug 2020 06:22:13 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2B0F620658; Thu, 20 Aug 2020 10:22:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597918932; bh=Ihlg5gtctDVm2xDUIMMHWVH+lViW3wLRwTsxbd0cDkk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=S5EPJ0Cp6TfPcm4PrCYZbRs33XyRhg1rOryN/M1vmyM+QhWPPLI05KyEwWvb7zpf0 ET5vSs2BW4WaHZcBQ/M26WJO6N5uDFjNeKnnzylY05rDfhV9kJH1Ep604gPiv49Art nbtHikPxIA/p/f1BI9yiL1P1SU4K/1Go3WgUN31w= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Vasily Averin , "Rafael J. Wysocki" Subject: [PATCH 4.4 120/149] PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() Date: Thu, 20 Aug 2020 11:23:17 +0200 Message-Id: <20200820092131.511561023@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200820092125.688850368@linuxfoundation.org> References: <20200820092125.688850368@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Rafael J. Wysocki commit dae68d7fd4930315389117e9da35b763f12238f9 upstream. If context is not NULL in acpiphp_grab_context(), but the is_going_away flag is set for the device's parent, the reference counter of the context needs to be decremented before returning NULL or the context will never be freed, so make that happen. Fixes: edf5bf34d408 ("ACPI / dock: Use callback pointers from devices' ACPI hotplug contexts") Reported-by: Vasily Averin Cc: 3.15+ # 3.15+ Signed-off-by: Rafael J. Wysocki Signed-off-by: Greg Kroah-Hartman --- drivers/pci/hotplug/acpiphp_glue.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) --- a/drivers/pci/hotplug/acpiphp_glue.c +++ b/drivers/pci/hotplug/acpiphp_glue.c @@ -136,13 +136,21 @@ static struct acpiphp_context *acpiphp_g struct acpiphp_context *context; acpi_lock_hp_context(); + context = acpiphp_get_context(adev); - if (!context || context->func.parent->is_going_away) { - acpi_unlock_hp_context(); - return NULL; + if (!context) + goto unlock; + + if (context->func.parent->is_going_away) { + acpiphp_put_context(context); + context = NULL; + goto unlock; } + get_bridge(context->func.parent); acpiphp_put_context(context); + +unlock: acpi_unlock_hp_context(); return context; }