diff options
author | Mauro Carvalho Chehab <mchehab@redhat.com> | 2010-08-16 17:34:37 -0400 |
---|---|---|
committer | Mauro Carvalho Chehab <mchehab@redhat.com> | 2010-10-24 09:20:38 -0400 |
commit | accf74fff36315a31dc7319dae2927af06e9296f (patch) | |
tree | 8948927c26853b2a1482b953172023ae88ac5158 /drivers/edac | |
parent | bbc560ae677c0f4d7ff8404a21409c99f35b297b (diff) |
i7core_edac: don't use a freed mci struct
This is a nasty bug. Since kobject count will be reduced by zero by
edac_mc_del_mc(), and this triggers the kobj release method, the
mci memory will be freed automatically. So, all we have left is ctl_name,
as shown by enabling debug:
[ 80.822186] EDAC DEBUG: in drivers/edac/edac_mc_sysfs.c, line at 1020: edac_remove_sysfs_mci_device() remove_link
[ 80.832590] EDAC DEBUG: in drivers/edac/edac_mc_sysfs.c, line at 1024: edac_remove_sysfs_mci_device() remove_mci_instance
[ 80.843776] EDAC DEBUG: in drivers/edac/edac_mc_sysfs.c, line at 640: edac_mci_control_release() mci instance idx=0 releasing
[ 80.855163] EDAC MC: Removed device 0 for i7core_edac.c i7 core #0: DEV 0000:3f:03.0
[ 80.862936] EDAC DEBUG: in drivers/edac/i7core_edac.c, line at 2089: (null): free structs
[ 80.871134] EDAC DEBUG: in drivers/edac/edac_mc.c, line at 238: edac_mc_free()
[ 80.878379] EDAC DEBUG: in drivers/edac/edac_mc_sysfs.c, line at 726: edac_mc_unregister_sysfs_main_kobj()
[ 80.888043] EDAC DEBUG: in drivers/edac/i7core_edac.c, line at 1232: drivers/edac/i7core_edac.c: i7core_put_devices()
Also, kfree(mci) shouldn't happen at the kobj.release, as it happens
when edac_remove_sysfs_mci_device() is called, but the logic is:
edac_remove_sysfs_mci_device(mci);
edac_printk(KERN_INFO, EDAC_MC,
"Removed device %d for %s %s: DEV %s\n", mci->mc_idx,
mci->mod_name, mci->ctl_name, edac_dev_name(mci));
So, as the edac_printk() needs the mci struct, this generates an OOPS.
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Diffstat (limited to 'drivers/edac')
-rw-r--r-- | drivers/edac/edac_mc.c | 3 | ||||
-rw-r--r-- | drivers/edac/edac_mc_sysfs.c | 3 | ||||
-rw-r--r-- | drivers/edac/i7core_edac.c | 3 |
3 files changed, 4 insertions, 5 deletions
diff --git a/drivers/edac/edac_mc.c b/drivers/edac/edac_mc.c index 889ce7566b5..ba6586a69cc 100644 --- a/drivers/edac/edac_mc.c +++ b/drivers/edac/edac_mc.c | |||
@@ -238,6 +238,9 @@ void edac_mc_free(struct mem_ctl_info *mci) | |||
238 | debugf1("%s()\n", __func__); | 238 | debugf1("%s()\n", __func__); |
239 | 239 | ||
240 | edac_mc_unregister_sysfs_main_kobj(mci); | 240 | edac_mc_unregister_sysfs_main_kobj(mci); |
241 | |||
242 | /* free the mci instance memory here */ | ||
243 | kfree(mci); | ||
241 | } | 244 | } |
242 | EXPORT_SYMBOL_GPL(edac_mc_free); | 245 | EXPORT_SYMBOL_GPL(edac_mc_free); |
243 | 246 | ||
diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c index ddd76525363..2905dc10339 100644 --- a/drivers/edac/edac_mc_sysfs.c +++ b/drivers/edac/edac_mc_sysfs.c | |||
@@ -630,9 +630,6 @@ static void edac_mci_control_release(struct kobject *kobj) | |||
630 | 630 | ||
631 | /* decrement the module ref count */ | 631 | /* decrement the module ref count */ |
632 | module_put(mci->owner); | 632 | module_put(mci->owner); |
633 | |||
634 | /* free the mci instance memory here */ | ||
635 | kfree(mci); | ||
636 | } | 633 | } |
637 | 634 | ||
638 | static struct kobj_type ktype_mci = { | 635 | static struct kobj_type ktype_mci = { |
diff --git a/drivers/edac/i7core_edac.c b/drivers/edac/i7core_edac.c index b0559973c66..8e789a2e35d 100644 --- a/drivers/edac/i7core_edac.c +++ b/drivers/edac/i7core_edac.c | |||
@@ -2085,8 +2085,7 @@ static void __devexit i7core_remove(struct pci_dev *pdev) | |||
2085 | /* Remove MC sysfs nodes */ | 2085 | /* Remove MC sysfs nodes */ |
2086 | edac_mc_del_mc(&i7core_dev->pdev[0]->dev); | 2086 | edac_mc_del_mc(&i7core_dev->pdev[0]->dev); |
2087 | 2087 | ||
2088 | /* Free data */ | 2088 | debugf1("%s: free mci struct\n", mci->ctl_name); |
2089 | debugf1("%s: free structs\n"); | ||
2090 | kfree(mci->ctl_name); | 2089 | kfree(mci->ctl_name); |
2091 | edac_mc_free(mci); | 2090 | edac_mc_free(mci); |
2092 | 2091 | ||