On Tue, 2017-03-28 at 14:31 +0200, Greg Kroah-Hartman wrote: [...] > static void serial8250_io_resume(struct pci_dev *dev) > { > struct serial_private *priv = pci_get_drvdata(dev); > + const struct pciserial_board *board; > > - if (priv) > - pciserial_resume_ports(priv); > + if (!priv) > + return; > + > + board = priv->board; > + kfree(priv); > + priv = pciserial_init_ports(dev, board); > + > + if (!IS_ERR(priv)) { > + pci_set_drvdata(dev, priv); > + } > } On error, this leaves drvdata as a dangling pointer. Removing the device or driver will then cause a use-after-free. (And setting drvdata to NULL isn't enough to fix this as there is no null pointer check in pciserial_remove_ports().) Ben. -- Ben Hutchings Software Developer, Codethink Ltd.