lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Feb 2019 14:57:30 -0500 From: Sven Van Asbroeck <thesven73@...il.com> To: Bjorn Helgaas <bhelgaas@...gle.com> Cc: linux-pci@...r.kernel.org, linux-kernel@...r.kernel.org, Sinan Kaya <okaya@...nel.org>, Frederick Lawler <fred@...dlawl.com>, Mika Westerberg <mika.westerberg@...ux.intel.com>, Keith Busch <keith.busch@...el.com> Subject: [PATCH] PCIE/PME: fix possible use-after-free on remove In remove(), ensure that the pme work cannot run after kfree() is called. Otherwise, this could result in a use-after-free. This issue was detected with the help of Coccinelle. Cc: Sinan Kaya <okaya@...nel.org> Cc: Frederick Lawler <fred@...dlawl.com> Cc: Mika Westerberg <mika.westerberg@...ux.intel.com> Cc: Keith Busch <keith.busch@...el.com> Signed-off-by: Sven Van Asbroeck <TheSven73@...il.com> --- drivers/pci/pcie/pme.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/pci/pcie/pme.c b/drivers/pci/pcie/pme.c index 0dbcf429089f..87823f669ccc 100644 --- a/drivers/pci/pcie/pme.c +++ b/drivers/pci/pcie/pme.c @@ -427,9 +427,12 @@ static int pcie_pme_resume(struct pcie_device *srv) */ static void pcie_pme_remove(struct pcie_device *srv) { + struct pcie_pme_service_data *data = get_service_data(srv); + pcie_pme_suspend(srv); free_irq(srv->irq, srv); - kfree(get_service_data(srv)); + cancel_work_sync(&data->work); + kfree(data); } static int pcie_pme_runtime_suspend(struct pcie_device *srv) -- 2.17.1
Powered by blists - more mailing lists