Thread (7 messages) 7 messages, 4 authors, 2d ago
WARM2d

[PATCH net v2 0/2] pds_core: fix use-after-free on workqueue during remove

From: Nikhil P. Rao <hidden>
Date: 2026-06-29 20:04:24

This series fixes a use-after-free on the workqueue during driver remove.

Patch 1 fixes a pre-existing deadlock between the PCI reset worker and
pdsc_remove() that was identified during review of v1.

Patch 2 is the reworked UAF fix that moves destroy_workqueue() after
pdsc_teardown() and adds proper work synchronization.

v2:
- Fix deadlock between pci_reset_thread and remove (new patch 1/2)
  found by sashiko AI review of v1
- Rework UAF fix: move destroy_workqueue() after pdsc_teardown()
  instead of setting wq to NULL (addresses NULL deref found by sashiko)
- Add cancel_work_sync() after free_irq() to drain ISR-queued work
- Reorder adminqcq/notifyqcq freeing to avoid accessing freed notifyqcq

v1: https://lore.kernel.org/netdev/20260610025952.196470-1-nikhil.rao@amd.com/ (local)

Nikhil P. Rao (2):
  pds_core: fix deadlock between reset thread and remove
  pds_core: fix use-after-free on workqueue during remove

 drivers/net/ethernet/amd/pds_core/adminq.c | 15 +++++++++++----
 drivers/net/ethernet/amd/pds_core/core.c   | 21 ++++++++++++++-------
 drivers/net/ethernet/amd/pds_core/main.c   |  5 +++--
 3 files changed, 28 insertions(+), 13 deletions(-)

--
2.43.0
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help