diff options
| author | Julia Lawall <julia@diku.dk> | 2010-04-01 22:47:13 -0400 |
|---|---|---|
| committer | Benjamin Herrenschmidt <benh@kernel.crashing.org> | 2010-04-07 04:00:41 -0400 |
| commit | a7df5c5e52a545774c4db1f2adf09ede018ab139 (patch) | |
| tree | b02fab55d085a9057a5a62bafe35ae69f1cc1bdd | |
| parent | ab30f78c0afbb86584144925e25c7ca68ba9a91f (diff) | |
powerpc/pseries/dlpar: Eliminate use after free
dlpar_free_cc_nodes frees its argument, so dlpar_online_cpu should not be
called on the same value. Skip over the call to dlpar_online_cpu by
jumping directly to out.
A simplified version of the semantic patch that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
expression E,E2;
@@
dlpar_free_cc_nodes(E)
...
(
E = E2
|
* E
)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
| -rw-r--r-- | arch/powerpc/platforms/pseries/dlpar.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/powerpc/platforms/pseries/dlpar.c b/arch/powerpc/platforms/pseries/dlpar.c index e1682bc168a3..1540a41d1a85 100644 --- a/arch/powerpc/platforms/pseries/dlpar.c +++ b/arch/powerpc/platforms/pseries/dlpar.c | |||
| @@ -433,6 +433,7 @@ static ssize_t dlpar_cpu_probe(const char *buf, size_t count) | |||
| 433 | if (rc) { | 433 | if (rc) { |
| 434 | dlpar_release_drc(drc_index); | 434 | dlpar_release_drc(drc_index); |
| 435 | dlpar_free_cc_nodes(dn); | 435 | dlpar_free_cc_nodes(dn); |
| 436 | goto out; | ||
| 436 | } | 437 | } |
| 437 | 438 | ||
| 438 | rc = dlpar_online_cpu(dn); | 439 | rc = dlpar_online_cpu(dn); |