While fixing an oops in the st driver in a dirty release path, I encountered an oops in cdev_put for cdevs allocated using cdev_alloc. If cdev_del is called when the cdev kobject still has an open user, when the last cdev_put is called, the cdev_put will call kobject_put, which will end up ultimately releasing the cdev in cdev_dynamic_release. Patch fixes the oops by preventing cdev_put from accessing freed memory.
Signed-off-by: Brian King <[EMAIL PROTECTED]> --- linux-2.6-bjking1/fs/char_dev.c | 5 ++++- 1 files changed, 4 insertions(+), 1 deletion(-) diff -puN fs/char_dev.c~cdev_put_oops fs/char_dev.c --- linux-2.6/fs/char_dev.c~cdev_put_oops 2005-07-07 08:20:09.000000000 -0500 +++ linux-2.6-bjking1/fs/char_dev.c 2005-07-07 08:20:09.000000000 -0500 @@ -276,9 +276,12 @@ static struct kobject *cdev_get(struct c void cdev_put(struct cdev *p) { + struct module *owner; + if (p) { + owner = p->owner; kobject_put(&p->kobj); - module_put(p->owner); + module_put(owner); } } _ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/