• Sebastian Andrzej Siewior's avatar
    pstore/ramoops: fixup driver removal · 4407de74
    Sebastian Andrzej Siewior authored
    A basic rmmod ramoops segfaults. Let's see why.
    
    Since commit 34f0ec82 ("pstore: Correct the max_dump_cnt clearing of
    ramoops") sets ->max_dump_cnt to zero before looping over ->przs but we
    didn't use it before that either.
    
    And since commit ee1d2674 ("pstore: add pstore unregister") we free
    that memory on rmmod.
    
    But even then, we looped until a NULL pointer or ERR. I don't see where
    it is ensured that the last member is NULL. Let's try this instead:
    simply error recovery and free. Clean up in error case where resources
    were allocated. And then, in the free path, rely on ->max_dump_cnt in
    the free path.
    
    Cc: Anton Vorontsov <anton@enomsg.org>
    Cc: Colin Cross <ccross@android.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Tony Luck <tony.luck@intel.com>
    Cc: Namhyung Kim <namhyung@kernel.org>
    Acked-by: default avatarNamhyung Kim <namhyung@kernel.org>
    Signed-off-by: default avatarSebastian Andrzej Siewior <bigeasy@linutronix.de>
    Signed-off-by: default avatarKees Cook <keescook@chromium.org>
    Cc: stable@vger.kernel.org # 4.4.x-
    4407de74
ram.c 19.2 KB