However, ASPM Control sysfs is still visible to other children even if it
has been removed by any child function, and careless use it will
trigger use-after-free error, e.g.:
# lspci -tv
-[0000:16]---00.0-[17]--+-00.0 Device 19e5:0222
\-00.1 Device 19e5:0222
# echo 1 > /sys/bus/pci/devices/0000:17:00.0/remove // pcie_link_state will be released
# echo 1 > /sys/bus/pci/devices/0000:17:00.1/link/l1_aspm // will trigger error
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030
Call trace:
aspm_attr_store_common.constprop.0+0x10c/0x154
l1_aspm_store+0x24/0x30
dev_attr_store+0x20/0x34
sysfs_kf_write+0x4c/0x5c
We can solve this problem by updating the ASPM Control sysfs of all
children immediately after ASPM Control have been freed.
Fixes: 456d8aa37d0f ("PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free")
Signed-off-by: Jay Fang <f.fangjian@xxxxxxxxxx>
---
drivers/pci/pcie/aspm.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
index cee2365e54b8..eee9e6739924 100644
--- a/drivers/pci/pcie/aspm.c
+++ b/drivers/pci/pcie/aspm.c
@@ -1262,6 +1262,8 @@ void pcie_aspm_exit_link_state(struct pci_dev *pdev)
pcie_config_aspm_path(parent_link);
}
+ pcie_aspm_update_sysfs_visibility(parent);
+
mutex_unlock(&aspm_lock);
up_read(&pci_bus_sem);
}
--
2.33.0
