-stable review patch. If anyone has any objections, please let us know.
---------------------
From: Tejun Heo <[EMAIL PROTECTED]>
Currently, devt_attr for the "dev" file is freed immediately on device
removal, but if the "dev" sysfs file is open when a device is removed,
sysfs will access its attribute structure for further access including
close resulting in jumping to garbled address. Fix it by postponing
freeing devt_attr to device release time.
Note that devt_attr for class_device is already freed on release.
This bug is reported by Chris Rankin as bugzilla bug#8198.
Signed-off-by: Tejun Heo <[EMAIL PROTECTED]>
Cc: Chris Rankin <[EMAIL PROTECTED]>
Signed-off-by: Chris Wright <[EMAIL PROTECTED]>
Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]>
---
Applies well to 2.6.20 and 21. As sysfs-immediate-disconnect doesn't
seem to be included in 2.6.22, this should be included in linus#master
too (applies well there as well).
drivers/base/core.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- linux-2.6.20.13.orig/drivers/base/core.c
+++ linux-2.6.20.13/drivers/base/core.c
@@ -93,6 +93,9 @@ static void device_release(struct kobjec
{
struct device * dev = to_dev(kobj);
+ kfree(dev->devt_attr);
+ dev->devt_attr = NULL;
+
if (dev->release)
dev->release(dev);
else if (dev->class && dev->class->dev_release)
@@ -650,10 +653,8 @@ void device_del(struct device * dev)
if (parent)
klist_del(&dev->knode_parent);
- if (dev->devt_attr) {
+ if (dev->devt_attr)
device_remove_file(dev, dev->devt_attr);
- kfree(dev->devt_attr);
- }
if (dev->class) {
sysfs_remove_link(&dev->kobj, "subsystem");
/* If this is not a "fake" compatible device, remove the
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
