From 898dbfb10f855cfe0359f978178f977ec75b154e Mon Sep 17 00:00:00 2001
From: Eddie James <eajames@linux.ibm.com>
Date: Wed, 25 Sep 2024 10:55:23 -0500
Subject: [PATCH] net/ncsi: Disable the ncsi work before freeing the associated
 structure

BugLink: https://bugs.launchpad.net/bugs/2089884

[ Upstream commit a0ffa68c70b367358b2672cdab6fa5bc4c40de2c ]

The work function can run after the ncsi device is freed, resulting
in use-after-free bugs or kernel panic.

Fixes: 2d283bdd079c ("net/ncsi: Resource management")
Signed-off-by: Eddie James <eajames@linux.ibm.com>
Link: https://patch.msgid.link/20240925155523.1017097-1-eajames@linux.ibm.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[koichiroden: the patch series "workqueue: Implement disable/enable_work()"
[1] is not included in this tree, so as a second-best option, call
cancel_work_sync() instead of disable_work_sync()
[1]: https://lore.kernel.org/lkml/20240221174333.700197-1-tj@kernel.org/]
Signed-off-by: Koichiro Den <koichiro.den@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
---
 net/ncsi/ncsi-manage.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/ncsi/ncsi-manage.c b/net/ncsi/ncsi-manage.c
index 5ecf611c8820..3eda24eac668 100644
--- a/net/ncsi/ncsi-manage.c
+++ b/net/ncsi/ncsi-manage.c
@@ -1954,6 +1954,8 @@ void ncsi_unregister_dev(struct ncsi_dev *nd)
 	list_del_rcu(&ndp->node);
 	spin_unlock_irqrestore(&ncsi_dev_lock, flags);
 
+	cancel_work_sync(&ndp->work);
+
 	kfree(ndp);
 }
 EXPORT_SYMBOL_GPL(ncsi_unregister_dev);