Re: Oops on ibmasm

From: Dave Jones
Date: Thu Mar 09 2006 - 08:24:44 EST

Next message: Richard Purdie: "Re: [rfc] separate sharpsl_pm initialization from sysfs code"
Previous message: Stefan Richter: "[PATCH] drivers/ieee1394/ohci1394.c: function calls without effect"
In reply to: Andrew Morton: "Re: Oops on ibmasm"
Next in thread: Max Asbock: "Re: Oops on ibmasm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 09, 2006 at 01:40:23AM -0800, Andrew Morton wrote:

> I assume this'll fix it?
>
> I suspect there's no point in the locking around that kobject_put() anyway.
> Or if there is, it wasn't the right way to fix the race.
>
> diff -puN drivers/misc/ibmasm/ibmasm.h~ibmasm-use-after-free-fix drivers/misc/ibmasm/ibmasm.h
> --- devel/drivers/misc/ibmasm/ibmasm.h~ibmasm-use-after-free-fix 2006-03-09 01:35:05.000000000 -0800
> +++ devel-akpm/drivers/misc/ibmasm/ibmasm.h 2006-03-09 01:35:16.000000000 -0800
> @@ -100,11 +100,7 @@ struct command {
>
> static inline void command_put(struct command *cmd)
> {
> - unsigned long flags;
> -
> - spin_lock_irqsave(cmd->lock, flags);
> kobject_put(&cmd->kobj);
> - spin_unlock_irqrestore(cmd->lock, flags);
> }

I don't think this is right. This is just a kobject-convoluted
use-after-free afaics.

Dave

--
http://www.codemonkey.org.uk
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard Purdie: "Re: [rfc] separate sharpsl_pm initialization from sysfs code"
Previous message: Stefan Richter: "[PATCH] drivers/ieee1394/ohci1394.c: function calls without effect"
In reply to: Andrew Morton: "Re: Oops on ibmasm"
Next in thread: Max Asbock: "Re: Oops on ibmasm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]