EDAC: Fix kernel panic on module unloading
authorKonstantin Khlebnikov <khlebnikov@openvz.org>
Fri, 14 Dec 2012 11:03:10 +0000 (15:03 +0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 17 Jan 2013 16:46:46 +0000 (08:46 -0800)
commitc08745c377c89ba6dde5c38eff96c5d7a710fd26
tree97e65cee5eea7e769dfe783ac2691c7c0064fffd
parent633396662719397cbd7d4cb935807030d386f9de
EDAC: Fix kernel panic on module unloading

commit 311bd84247ee0bedae6cdfbfc5e2c3450f9decd1 upstream.

This patch fixes use-after-free and double-free bugs in
edac_mc_sysfs_exit(). mci_pdev has single reference and put_device()
calls mc_attr_release() which calls kfree(). The following
device_del() works with already released memory. An another kfree() in
edac_mc_sysfs_exit() releses the same memory again. Great.

Signed-off-by: Konstantin Khlebnikov <khlebnikov@openvz.org>
Cc: Denis Kirjanov <kirjanov@gmail.com>
Cc: Mauro Carvalho Chehab <mchehab@redhat.com>
Link: http://lkml.kernel.org/r/20121214110310.11019.21098.stgit@zurg
Signed-off-by: Borislav Petkov <bp@alien8.de>
[ a partial 3.7.y backport ]
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/edac/edac_mc_sysfs.c