Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp845190imb; Fri, 1 Mar 2019 16:12:24 -0800 (PST) X-Google-Smtp-Source: APXvYqxRRfhPuSbMLdSkawpYaGEgaAt5mFEp4UwiNqH/KltczVt8r2dqLkzp/AwJez8eWi/txq9c X-Received: by 2002:a63:1544:: with SMTP id 4mr7663018pgv.290.1551485544877; Fri, 01 Mar 2019 16:12:24 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551485544; cv=none; d=google.com; s=arc-20160816; b=RQGtYUQO2FTYTlQbU6JwOTUbGaGVlSlrTsBSCMNuCmwZWqtewhT57gt1lAgEkHOWKf ltlZJLcVwEpoBCN9ivucFKcrpZ+w58CknhDMLjhh7HAPPHM8jxQ/5MAqI3nzsLMqsHY4 Bv6BI3RQZ6dmeAFP06sihSnhYPNXFZFEeiHj94Ozv7R1mZbdh7DPIO5v96/RKsFMAKiE UYJ1W6/P53wkhj1QzftuHtMBXh4IjDSEVI8IBn8G5ZBfvUJIOg/CDDlHRnHrlrHsWa3f /FPMFlXgeaVoQM395ZWatiHeXfm7UH2qsBSDqQhhz9KMS+hGICnLETQVLpRTunICCveO QINQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=yf2Qd0yvBbTqTKQt7/iLAZWttPAmpnMIz9ngCRDkoq4=; b=nnzDhmY6ICUESGpl11YvQBA/BlsAKnl4gX67dICmdHN9P98jn0lZYZx3TibVMtx/AF 6grw+PuqmyNB5xd3klTDhfPc8uoe6/v09XnaBSrtvtxT8f5gxaLyiKr5BEZmHwElKK0Y och5GES1hJf4P1JuDMEuYSOxemcbbu2Zh6xx6e8IQgL+WsHbd+7OdoMicCgKSXAbCRcL 5lzsy6tU014TuNi8fBxRaeC/QdSl+Nd6gQ2i2m/lKnU4PeFyapN6tEfSkIcVCXq4AGDu 1KmW44Oo0ezEp+SLe/gmtEzomYpas/HZlKd0QdGB3dEoChJyQmnKPZKlbUluwSvhE/GL vFcQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=d4oW+3gu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f3si21884184pfn.122.2019.03.01.16.12.08; Fri, 01 Mar 2019 16:12:24 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=d4oW+3gu; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726968AbfCBAL0 (ORCPT + 99 others); Fri, 1 Mar 2019 19:11:26 -0500 Received: from mail-wr1-f66.google.com ([209.85.221.66]:37043 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726053AbfCBAL0 (ORCPT ); Fri, 1 Mar 2019 19:11:26 -0500 Received: by mail-wr1-f66.google.com with SMTP id w6so24392383wrs.4 for ; Fri, 01 Mar 2019 16:11:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yf2Qd0yvBbTqTKQt7/iLAZWttPAmpnMIz9ngCRDkoq4=; b=d4oW+3gudsCiWfZmbRXbm4Z5boALNT2PhvAh9vt1i77yTtHtI5yWA3olQrntRi0R0B iYlPwF3LhfCNIm4OGrqu8U2iWNaEV8VPmOPaeZnu45oCUJfpyu6+S+2wkC7yzR7zQbKN jMWA1ZmB1CO8V3C7NB9nk8c9e6wi++HprTL7vs5FEPQ9KP5m36LaH4GhySu+TfMOLPNk btlhbPTt9NlrwXmd0soaUT8Ivhms+36qoLsi3AUGFzen4HHGLQK+vEKKDk5JAnYU+9JO lw0CwvhEs0Swg4Hg/+TANplJv9NXEidCvmCfp0KiovOTvHM7otWB/R6fF/18Cb49o78D EdVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yf2Qd0yvBbTqTKQt7/iLAZWttPAmpnMIz9ngCRDkoq4=; b=F9LuZsxKxJsnD74SM8iGVPniup+hyNYwKM+hQN3nSrBDj1BMqJg2TZskTdNtsoNej0 Nl4ktTXE2dHRAlOCdKZJuN0BsOleb2knJKPDn2GgtPyCBXNeh/iK4RKXKRg7o7IXnktk CES87bXNbxh0WLVC1VUg8PonPLwK4PIdyU0yUQUu0KUQ83jbwWh3g1RebOlm8MF7Dgmo O1+uJxb6/uSLD/e7BPE8sDOomFD9aTRjr/IG1ChICTFCWj8CL+HaN02pP7qGJBOLirrc e5hPJIzds9lvWo2siAGLofe1E6Ve4WhE8IHnyGpt0sPngWLArIMFbl2IVonmmqOEeCtq Ia/g== X-Gm-Message-State: APjAAAWtCp34PQ5c7sTmXB8l49/J5l0Jx6q14ArnP5vKS/71rIyl68er qhwzEl41OUDPdYiXfcMW/n5JX7zeD94/eU0Pz/KGdQ36Nw== X-Received: by 2002:a5d:4ac2:: with SMTP id y2mr4769718wrs.98.1551485484042; Fri, 01 Mar 2019 16:11:24 -0800 (PST) MIME-Version: 1.0 References: <20190301165419.16493-1-TheSven73@gmail.com> In-Reply-To: <20190301165419.16493-1-TheSven73@gmail.com> From: Bjorn Helgaas Date: Fri, 1 Mar 2019 18:11:12 -0600 Message-ID: Subject: Re: [PATCH v2] PCIE/PME: fix possible use-after-free on remove To: Sven Van Asbroeck Cc: Linux PCI , Linux Kernel Mailing List , Sinan Kaya , Frederick Lawler , Mika Westerberg , Keith Busch , "Rafael J . Wysocki" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 1, 2019 at 10:54 AM Sven Van Asbroeck wrote: > > In remove(), ensure that the pme work cannot run after kfree() > is called. Otherwise, this could result in a use-after-free. > > This issue was detected with the help of Coccinelle. > > Cc: Sinan Kaya > Cc: Frederick Lawler > Cc: Mika Westerberg > Cc: Keith Busch > Cc: Rafael J. Wysocki > Signed-off-by: Sven Van Asbroeck Applied to pci/pm for v5.1, thanks! > --- > drivers/pci/pcie/pme.c | 1 + > 1 file changed, 1 insertion(+) > > v2: > rebased against Bjorn Helgaas's pcm/pm branch at > git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci.git > > diff --git a/drivers/pci/pcie/pme.c b/drivers/pci/pcie/pme.c > index efa5b552914b..54d593d10396 100644 > --- a/drivers/pci/pcie/pme.c > +++ b/drivers/pci/pcie/pme.c > @@ -437,6 +437,7 @@ static void pcie_pme_remove(struct pcie_device *srv) > > pcie_pme_disable_interrupt(srv->port, data); > free_irq(srv->irq, srv); > + cancel_work_sync(&data->work); > kfree(data); > } > > -- > 2.17.1 >