> From: Michael Kelley <mikelley@xxxxxxxxxxxxx> > > @@ -1880,6 +1880,7 @@ static void hv_pci_devices_present(struct > hv_pcibus_device > > *hbus, > > static void hv_eject_device_work(struct work_struct *work) > > { > > struct pci_eject_response *ejct_pkt; > > + struct hv_pcibus_device *hbus; > > struct hv_pci_dev *hpdev; > > struct pci_dev *pdev; > > unsigned long flags; > > @@ -1890,6 +1891,7 @@ static void hv_eject_device_work(struct > work_struct *work) > > } ctxt; > > > > hpdev = container_of(work, struct hv_pci_dev, wrk); > > + hbus = hpdev->hbus; > > In the lines of code following this new assignment, there are four uses of > hpdev->hbus besides the one at the bottom of the function that causes the > use-after-free error. With 'hbus' now available as a local variable, it looks > rather strange to have those other places still using hpdev->hbus. I'm > thinking > they should be shortened to just 'hbus' for consistency, even though such > changes aren't directly related to fixing the bug. > > Michael Ok, let me post a v2 for this. Thanks, Dexuan