[PATCH 05/12] PCI: use generic driver_override infrastructure
Danilo Krummrich
dakr at kernel.org
Tue Mar 31 03:28:48 AEDT 2026
On Thu Mar 26, 2026 at 7:08 PM CET, Bjorn Helgaas wrote:
> On Tue, Mar 24, 2026 at 01:59:09AM +0100, Danilo Krummrich wrote:
>> When a driver is probed through __driver_attach(), the bus' match()
>> callback is called without the device lock held, thus accessing the
>> driver_override field without a lock, which can cause a UAF.
>>
>> Fix this by using the driver-core driver_override infrastructure taking
>> care of proper locking internally.
>>
>> Note that calling match() from __driver_attach() without the device lock
>> held is intentional. [1]
>>
>> Link: https://lore.kernel.org/driver-core/DGRGTIRHA62X.3RY09D9SOK77P@kernel.org/ [1]
>> Reported-by: Gui-Dong Han <hanguidong02 at gmail.com>
>> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220789
>> Fixes: 782a985d7af2 ("PCI: Introduce new device binding path using pci_dev.driver_override")
>> Signed-off-by: Danilo Krummrich <dakr at kernel.org>
>> ---
>> drivers/pci/pci-driver.c | 11 +++++++----
>> drivers/pci/pci-sysfs.c | 28 ----------------------------
>> drivers/pci/probe.c | 1 -
>> include/linux/pci.h | 6 ------
>
> For the above:
>
> Acked-by: Bjorn Helgaas <bhelgaas at google.com>
>
> "driver_override" is mentioned several places in
> Documentation/ABI/testing/sysfs-bus-*. I assume this series doesn't
> change the behavior documented there?
Correct, none of this is altered.
More information about the Linuxppc-dev
mailing list