hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[S390] cio: move final put_device to ccw_device_unregister 

We use a test_and_clear_bit to prevent a device from being
unregistered twice. Unfortunately in this cases the "final"
put_device (from device_initialize) was issued more than once,
resulting in an use after free error. Fix this by moving this
put_device to ccw_device_unregister.

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
This commit is contained in:
Sebastian Ott 2009-09-11 10:28:26 +02:00 committed by Martin Schwidefsky
parent 6ee4fec6be
commit 3b554a14f4
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
drivers/s390/cio/device.c
View File

@ -307,8 +307,11 @@ int ccw_device_is_orphan(struct ccw_device *cdev)
static void ccw_device_unregister(struct ccw_device *cdev) static void ccw_device_unregister(struct ccw_device *cdev)
{ {
if (test_and_clear_bit(1, &cdev->private->registered)) if (test_and_clear_bit(1, &cdev->private->registered)) {
device_del(&cdev->dev); device_del(&cdev->dev);
/* Release reference from device_initialize(). */
put_device(&cdev->dev);
}
} }
static void ccw_device_remove_orphan_cb(struct work_struct *work) static void ccw_device_remove_orphan_cb(struct work_struct *work)
@ -319,7 +322,6 @@ static void ccw_device_remove_orphan_cb(struct work_struct *work)
priv = container_of(work, struct ccw_device_private, kick_work); priv = container_of(work, struct ccw_device_private, kick_work);
cdev = priv->cdev; cdev = priv->cdev;
ccw_device_unregister(cdev); ccw_device_unregister(cdev);
put_device(&cdev->dev);
/* Release cdev reference for workqueue processing. */ /* Release cdev reference for workqueue processing. */
put_device(&cdev->dev); put_device(&cdev->dev);
} }
@ -1358,7 +1360,6 @@ io_subchannel_remove (struct subchannel *sch)
cdev->private->state = DEV_STATE_NOT_OPER; cdev->private->state = DEV_STATE_NOT_OPER;
spin_unlock_irqrestore(cdev->ccwlock, flags); spin_unlock_irqrestore(cdev->ccwlock, flags);
ccw_device_unregister(cdev); ccw_device_unregister(cdev);
put_device(&cdev->dev);
kfree(sch->private); kfree(sch->private);
sysfs_remove_group(&sch->dev.kobj, &io_subchannel_attr_group); sysfs_remove_group(&sch->dev.kobj, &io_subchannel_attr_group);
return 0; return 0;