diff options
| author | Sven Van Asbroeck <thesven73@gmail.com> | 2019-03-01 11:54:19 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-11-06 13:05:38 +0100 |
| commit | a897f54e921c223a8a936a96b96b9ae2a7206386 (patch) | |
| tree | 6eaf0356b417452b16e271a4383bded7ba4bc82a | |
| parent | 0e23eeb0fc58f03e06ca026f17c70949d43b15fb (diff) | |
| download | linux-stable-a897f54e921c223a8a936a96b96b9ae2a7206386.tar.gz | |
PCI/PME: Fix possible use-after-free on remove
[ Upstream commit 7cf58b79b3072029af127ae865ffc6f00f34b1f8 ]
In remove(), ensure that the PME work cannot run after kfree() is called.
Otherwise, this could result in a use-after-free.
This issue was detected with the help of Coccinelle.
Signed-off-by: Sven Van Asbroeck <TheSven73@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Sinan Kaya <okaya@kernel.org>
Cc: Frederick Lawler <fred@fredlawl.com>
Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
Cc: Keith Busch <keith.busch@intel.com>
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
| -rw-r--r-- | drivers/pci/pcie/pme.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/pci/pcie/pme.c b/drivers/pci/pcie/pme.c index e85c5a8206c4..6ac17f0c4077 100644 --- a/drivers/pci/pcie/pme.c +++ b/drivers/pci/pcie/pme.c @@ -437,6 +437,7 @@ static void pcie_pme_remove(struct pcie_device *srv) pcie_pme_disable_interrupt(srv->port, data); free_irq(srv->irq, srv); + cancel_work_sync(&data->work); kfree(data); } |