From: Sven Van Asbroeck <thesven73@gmail.com>
Date: Fri, 1 Mar 2019 16:54:19 +0000 (-0500)
Subject: PCI/PME: Fix possible use-after-free on remove
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=7cf58b79b3072029af127ae865ffc6f00f34b1f8;p=linux.git

PCI/PME: Fix possible use-after-free on remove

In remove(), ensure that the PME work cannot run after kfree() is called.
Otherwise, this could result in a use-after-free.

This issue was detected with the help of Coccinelle.

Signed-off-by: Sven Van Asbroeck <TheSven73@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: Sinan Kaya <okaya@kernel.org>
Cc: Frederick Lawler <fred@fredlawl.com>
Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
Cc: Keith Busch <keith.busch@intel.com>
Cc: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
---

diff --git a/drivers/pci/pcie/pme.c b/drivers/pci/pcie/pme.c
index efa5b552914b1..54d593d10396f 100644
--- a/drivers/pci/pcie/pme.c
+++ b/drivers/pci/pcie/pme.c
@@ -437,6 +437,7 @@ static void pcie_pme_remove(struct pcie_device *srv)
 
 	pcie_pme_disable_interrupt(srv->port, data);
 	free_irq(srv->irq, srv);
+	cancel_work_sync(&data->work);
 	kfree(data);
 }