Commit 311bd842 authored by Konstantin Khlebnikov's avatar Konstantin Khlebnikov Committed by Borislav Petkov

EDAC: Fix kernel panic on module unloading

This patch fixes use-after-free and double-free bugs in
edac_mc_sysfs_exit(). mci_pdev has single reference and put_device()
calls mc_attr_release() which calls kfree(). The following
device_del() works with already released memory. An another kfree() in
edac_mc_sysfs_exit() releses the same memory again. Great.
Signed-off-by: default avatarKonstantin Khlebnikov <khlebnikov@openvz.org>
Cc: stable@vger.kernel.org # 3.[67]
Cc: Denis Kirjanov <kirjanov@gmail.com>
Cc: Mauro Carvalho Chehab <mchehab@redhat.com>
Link: http://lkml.kernel.org/r/20121214110310.11019.21098.stgit@zurgSigned-off-by: default avatarBorislav Petkov <bp@alien8.de>
parent d1c3ed66
...@@ -1159,8 +1159,7 @@ int __init edac_mc_sysfs_init(void) ...@@ -1159,8 +1159,7 @@ int __init edac_mc_sysfs_init(void)
void __exit edac_mc_sysfs_exit(void) void __exit edac_mc_sysfs_exit(void)
{ {
put_device(mci_pdev);
device_del(mci_pdev); device_del(mci_pdev);
put_device(mci_pdev);
edac_put_sysfs_subsys(); edac_put_sysfs_subsys();
kfree(mci_pdev);
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment