Re: [PATCH] PCI: Fix use-after-free of slot->bus on hot remove

[Mika Westerberg <mika.westerberg@linux.intel.com>]

On Fri, Oct 11, 2024 at 12:12:39PM +0200, Lukas Wunner wrote:
> On Fri, Oct 11, 2024 at 08:41:15AM +0300, Mika Westerberg wrote:
> > On Thu, Oct 10, 2024 at 07:10:34PM +0200, Lukas Wunner wrote:
> > > Dennis reports a boot crash on recent Lenovo laptops with a USB4 dock.
> > > 
> > > Since commit 0fc70886569c ("thunderbolt: Reset USB4 v2 host router") and
> > > commit 59a54c5f3dbd ("thunderbolt: Reset topology created by the boot
> > > firmware"), USB4 v2 and v1 Host Routers are reset on probe of the
> > > thunderbolt driver.
> > > 
> > > The reset clears the Presence Detect State and Data Link Layer Link Active
> > > bits at the USB4 Host Router's Root Port and thus causes hot removal of
> > > the dock.
> > 
> > Can't this happen also simply unplug at some part of the PCIe topology?
> > I don't think this is specific to TB/USB4.
> 
> The crash seems to occur because the boot-time invocation of
> pci_bus_add_devices() races with pciehp's pci_stop_and_remove_bus_device().
> 
> In principle, yes, on a non-USB4 system you could unplug the dock exactly
> when pci_bus_add_devices() is running and cause the same crash, even though
> the Host Router is not reset.  But that's very hard to reproduce.
> You need to unplug at just the right moment.
> 
> In this case however the reset of the Host Router seems to reliably
> reproduce the conditions to cause the crash, so I thought it's worth
> calling that out explicitly.  USB4 Host Routers are readily available
> in the field and becoming more and more commonplace, so chances that
> users experience the crash are high -- specifically if they're booting
> a USB4 system with attached Thunderbolt devices.

Yeah agree, makes sense.