While fixing an oops in the st driver in a dirty release path,
I encountered an oops in cdev_put for cdevs allocated using
cdev_alloc. If cdev_del is called when the cdev kobject still
has an open user, when the last cdev_put is called, the cdev_put
will call kobject_put, which will end up ultimately releasing the cdev
in cdev_dynamic_release. Patch fixes the oops by preventing cdev_put
from accessing freed memory.
Signed-off-by: Brian King <[EMAIL PROTECTED]>
---
linux-2.6-bjking1/fs/char_dev.c | 5 ++++-
1 files changed, 4 insertions(+), 1 deletion(-)
diff -puN fs/char_dev.c~cdev_put_oops fs/char_dev.c
--- linux-2.6/fs/char_dev.c~cdev_put_oops 2005-07-07 08:20:09.000000000
-0500
+++ linux-2.6-bjking1/fs/char_dev.c 2005-07-07 08:20:09.000000000 -0500
@@ -276,9 +276,12 @@ static struct kobject *cdev_get(struct c
void cdev_put(struct cdev *p)
{
+ struct module *owner;
+
if (p) {
+ owner = p->owner;
kobject_put(&p->kobj);
- module_put(p->owner);
+ module_put(owner);
}
}
_
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
