------- Comment From <email address hidden> 2021-10-29 06:01 EDT-------
Ok, so for focal master-next we didn't yet have the earlier commits
2a671f77ee49 ("s390/pci: fix use after free of zpci_dev")
0b13525c20fe ("s390/pci: fix leak of PCI device structure")
so I had to backport those in addition to
a46044a92add s390/pci: fix zpci_zdev_put() on reserve
That said I tested first with the current focal kernel and similar to what I mentioned on the stable list for v5.10.x[0] the original scenario that caused the crash does not cause a crash there. I think this is due to the common code not
keeping a reference to function 0 around after it is removed. I guess this is
also why this was never seen during the initial multi-function support development. However even if I don't know how to trigger the problem on focal it is still there. Should some code keep a reference to the PCI device after removal we would run
into the same crash trying to access it. We also do still leak the PCI device
structure on removal without these patches.
------- Comment From <email address hidden> 2021-10-29 06:01 EDT-------
Ok, so for focal master-next we didn't yet have the earlier commits
2a671f77ee49 ("s390/pci: fix use after free of zpci_dev")
0b13525c20fe ("s390/pci: fix leak of PCI device structure")
so I had to backport those in addition to
a46044a92add s390/pci: fix zpci_zdev_put() on reserve
That said I tested first with the current focal kernel and similar to what I mentioned on the stable list for v5.10.x[0] the original scenario that caused the crash does not cause a crash there. I think this is due to the common code not
keeping a reference to function 0 around after it is removed. I guess this is
also why this was never seen during the initial multi-function support development. However even if I don't know how to trigger the problem on focal it is still there. Should some code keep a reference to the PCI device after removal we would run
into the same crash trying to access it. We also do still leak the PCI device
structure on removal without these patches.
[0] https:/ /lore.<email address hidden>/