[S390] cio: fix use after free in s390 debug feature

When using s390dbf with "%s" in sprintf format strings the string itself is not copied to the dbf buffer. Since in this case only pointers are stored in the s390dbf, we should not use dev_name - which is bound to the lifetime of the device. Reading this entry from s390dbf after the device was released will cause an use after free error. Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
author: Sebastian Ott <sebott@linux.vnet.ibm.com> 2009-09-11 04:28:23 -0400
committer: Martin Schwidefsky <schwidefsky@de.ibm.com> 2009-09-11 04:29:39 -0400
commit: f014824ee72e66292c3b1172dc142f959b42e61b (patch)
tree: 34281651ecca3279d55df0db7fc28f942841319d /drivers/s390
parent: 3f09bb8965cefe36f42a9ec09ebb821523eba530 (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/drivers/s390/cio/device.c b/drivers/s390/cio/device.c
index a50cfa51aa3..6b770f8c0a8 100644
--- a/drivers/s390/cio/device.c
+++ b/drivers/s390/cio/device.c
@@ -2038,7 +2038,9 @@ static void __ccw_device_pm_restore(struct ccw_device *cdev)
        spin_unlock_irq(sch->lock);
        if (ret) {
                CIO_MSG_EVENT(0, "Couldn't start recognition for device "
-                              "%s (ret=%d)\n", dev_name(&cdev->dev), ret);
+                              "0.%x.%04x (ret=%d)\n",
+                              cdev->private->dev_id.ssid,
+                              cdev->private->dev_id.devno, ret);
                spin_lock_irq(sch->lock);
                cdev->private->state = DEV_STATE_DISCONNECTED;
                spin_unlock_irq(sch->lock);
@@ -2101,8 +2103,9 @@ static int ccw_device_pm_restore(struct device *dev)
        }
        /* check if the device id has changed */
        if (sch->schib.pmcw.dev != cdev->private->dev_id.devno) {
-                CIO_MSG_EVENT(0, "resume: sch %s: failed (devno changed from "
+                CIO_MSG_EVENT(0, "resume: sch 0.%x.%04x: failed (devno "
-                              "%04x to %04x)\n", dev_name(&sch->dev),
+                              "changed from %04x to %04x)\n",
+                              sch->schid.ssid, sch->schid.sch_no,
                              cdev->private->dev_id.devno,
                              sch->schib.pmcw.dev);
                goto out_unreg_unlock;
@@ -2135,8 +2138,9 @@ static int ccw_device_pm_restore(struct device *dev)
        if (cm_enabled) {
                ret = ccw_set_cmf(cdev, 1);
                if (ret) {
-                        CIO_MSG_EVENT(2, "resume: cdev %s: cmf failed "
+                        CIO_MSG_EVENT(2, "resume: cdev 0.%x.%04x: cmf failed "
-                                      "(rc=%d)\n", dev_name(&cdev->dev), ret);
+                                      "(rc=%d)\n", cdev->private->dev_id.ssid,
+                                      cdev->private->dev_id.devno, ret);
                        ret = 0;
                }
        }
author	Sebastian Ott <sebott@linux.vnet.ibm.com>	2009-09-11 04:28:23 -0400
committer	Martin Schwidefsky <schwidefsky@de.ibm.com>	2009-09-11 04:29:39 -0400
commit	f014824ee72e66292c3b1172dc142f959b42e61b (patch)
tree	34281651ecca3279d55df0db7fc28f942841319d /drivers/s390
parent	3f09bb8965cefe36f42a9ec09ebb821523eba530 (diff)