[PATCH] ibmasm: use after free fix

The kobject_put() can free the memory at *cmd, but cmd->lock points to a persistent lock that is not freed with cmd. Signed-off-by: N Max Asbock <masbock@us.ibm.com> Cc: Vernon Mauery <vernux@us.ibm.com> Cc: Srihari Vijayaraghavan <sriharivijayaraghavan@yahoo.com.au> Signed-off-by: N Andrew Morton <akpm@osdl.org> Signed-off-by: N Linus Torvalds <torvalds@osdl.org>

[PATCH] ibmasm: use after free fix
The kobject_put() can free the memory at *cmd, but cmd->lock points to a persistent lock that is not freed with cmd. Signed-off-by: N Max Asbock <masbock@us.ibm.com> Cc: Vernon Mauery <vernux@us.ibm.com> Cc: Srihari Vijayaraghavan <sriharivijayaraghavan@yahoo.com.au> Signed-off-by: N Andrew Morton <akpm@osdl.org> Signed-off-by: N Linus Torvalds <torvalds@osdl.org>
6a88231f · Max Asbock · Linus Torvalds · a6bf5270 · 6a88231f
隐藏空白更改
内联并排

Showing with 5 addition and 4 deletion

drivers/misc/ibmasm/ibmasm.h drivers/misc/ibmasm/ibmasm.h +5 -4

未找到文件。
--- a/drivers/misc/ibmasm/ibmasm.h
+++ b/drivers/misc/ibmasm/ibmasm.h
@@ -101,15 +101,16 @@ struct command {
 static inline void command_put(struct command *cmd)
 {
 	unsigned long flags;
+	spinlock_t *lock = cmd->lock;

-	spin_lock_irqsave(cmd->lock, flags);
-        kobject_put(&cmd->kobj);
-	spin_unlock_irqrestore(cmd->lock, flags);
+	spin_lock_irqsave(lock, flags);
+	kobject_put(&cmd->kobj);
+	spin_unlock_irqrestore(lock, flags);
 }

 static inline void command_get(struct command *cmd)
 {
-        kobject_get(&cmd->kobj);
+	kobject_get(&cmd->kobj);
 }