Commit 6a88231f authored by Max Asbock's avatar Max Asbock Committed by Linus Torvalds

[PATCH] ibmasm: use after free fix

The kobject_put() can free the memory at *cmd, but cmd->lock points to a
persistent lock that is not freed with cmd.
Signed-off-by: default avatarMax Asbock <masbock@us.ibm.com>
Cc: Vernon Mauery <vernux@us.ibm.com>
Cc: Srihari Vijayaraghavan <sriharivijayaraghavan@yahoo.com.au>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent a6bf5270
......@@ -101,15 +101,16 @@ struct command {
static inline void command_put(struct command *cmd)
{
unsigned long flags;
spinlock_t *lock = cmd->lock;
spin_lock_irqsave(cmd->lock, flags);
kobject_put(&cmd->kobj);
spin_unlock_irqrestore(cmd->lock, flags);
spin_lock_irqsave(lock, flags);
kobject_put(&cmd->kobj);
spin_unlock_irqrestore(lock, flags);
}
static inline void command_get(struct command *cmd)
{
kobject_get(&cmd->kobj);
kobject_get(&cmd->kobj);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment