[PATCH net v2 0/2] pds_core: fix use-after-free on workqueue during remove
From: Nikhil P. Rao <hidden>
Date: 2026-06-29 20:04:24
This series fixes a use-after-free on the workqueue during driver remove. Patch 1 fixes a pre-existing deadlock between the PCI reset worker and pdsc_remove() that was identified during review of v1. Patch 2 is the reworked UAF fix that moves destroy_workqueue() after pdsc_teardown() and adds proper work synchronization. v2: - Fix deadlock between pci_reset_thread and remove (new patch 1/2) found by sashiko AI review of v1 - Rework UAF fix: move destroy_workqueue() after pdsc_teardown() instead of setting wq to NULL (addresses NULL deref found by sashiko) - Add cancel_work_sync() after free_irq() to drain ISR-queued work - Reorder adminqcq/notifyqcq freeing to avoid accessing freed notifyqcq v1: https://lore.kernel.org/netdev/20260610025952.196470-1-nikhil.rao@amd.com/ (local) Nikhil P. Rao (2): pds_core: fix deadlock between reset thread and remove pds_core: fix use-after-free on workqueue during remove drivers/net/ethernet/amd/pds_core/adminq.c | 15 +++++++++++---- drivers/net/ethernet/amd/pds_core/core.c | 21 ++++++++++++++------- drivers/net/ethernet/amd/pds_core/main.c | 5 +++-- 3 files changed, 28 insertions(+), 13 deletions(-) -- 2.43.0