Linux-PCI Archive on
 help / color / Atom feed
From: Sven Van Asbroeck <>
To: Bjorn Helgaas <>
	Sinan Kaya <>,
	Frederick Lawler <>,
	Mika Westerberg <>,
	Keith Busch <>,
	"Rafael J . Wysocki" <>
Subject: [PATCH v2] PCIE/PME: fix possible use-after-free on remove
Date: Fri,  1 Mar 2019 11:54:19 -0500
Message-ID: <> (raw)

In remove(), ensure that the pme work cannot run after kfree()
is called. Otherwise, this could result in a use-after-free.

This issue was detected with the help of Coccinelle.

Cc: Sinan Kaya <>
Cc: Frederick Lawler <>
Cc: Mika Westerberg <>
Cc: Keith Busch <>
Cc: Rafael J. Wysocki <>
Signed-off-by: Sven Van Asbroeck <>
 drivers/pci/pcie/pme.c | 1 +
 1 file changed, 1 insertion(+)

	rebased against Bjorn Helgaas's pcm/pm branch at

diff --git a/drivers/pci/pcie/pme.c b/drivers/pci/pcie/pme.c
index efa5b552914b..54d593d10396 100644
--- a/drivers/pci/pcie/pme.c
+++ b/drivers/pci/pcie/pme.c
@@ -437,6 +437,7 @@ static void pcie_pme_remove(struct pcie_device *srv)
 	pcie_pme_disable_interrupt(srv->port, data);
 	free_irq(srv->irq, srv);
+	cancel_work_sync(&data->work);

             reply index

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-03-01 16:54 Sven Van Asbroeck [this message]
2019-03-02  0:11 ` Bjorn Helgaas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-PCI Archive on

Archives are clonable:
	git clone --mirror linux-pci/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-pci linux-pci/ \
	public-inbox-index linux-pci

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone