diff options
author | Max Asbock <masbock@us.ibm.com> | 2006-03-09 20:33:48 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-03-09 22:47:37 -0500 |
commit | 6a88231fc7da311e4da4ce2011d1a132c80c145a (patch) | |
tree | 383281e2e283a2f3da686d3ea57cd7c4777a7282 | |
parent | a6bf527091b1dd40f1b6a496812ce7520621c282 (diff) |
[PATCH] ibmasm: use after free fix
The kobject_put() can free the memory at *cmd, but cmd->lock points to a
persistent lock that is not freed with cmd.
Signed-off-by: Max Asbock <masbock@us.ibm.com>
Cc: Vernon Mauery <vernux@us.ibm.com>
Cc: Srihari Vijayaraghavan <sriharivijayaraghavan@yahoo.com.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | drivers/misc/ibmasm/ibmasm.h | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/drivers/misc/ibmasm/ibmasm.h b/drivers/misc/ibmasm/ibmasm.h index 1cef2387fa65..6aba41954448 100644 --- a/drivers/misc/ibmasm/ibmasm.h +++ b/drivers/misc/ibmasm/ibmasm.h | |||
@@ -101,15 +101,16 @@ struct command { | |||
101 | static inline void command_put(struct command *cmd) | 101 | static inline void command_put(struct command *cmd) |
102 | { | 102 | { |
103 | unsigned long flags; | 103 | unsigned long flags; |
104 | spinlock_t *lock = cmd->lock; | ||
104 | 105 | ||
105 | spin_lock_irqsave(cmd->lock, flags); | 106 | spin_lock_irqsave(lock, flags); |
106 | kobject_put(&cmd->kobj); | 107 | kobject_put(&cmd->kobj); |
107 | spin_unlock_irqrestore(cmd->lock, flags); | 108 | spin_unlock_irqrestore(lock, flags); |
108 | } | 109 | } |
109 | 110 | ||
110 | static inline void command_get(struct command *cmd) | 111 | static inline void command_get(struct command *cmd) |
111 | { | 112 | { |
112 | kobject_get(&cmd->kobj); | 113 | kobject_get(&cmd->kobj); |
113 | } | 114 | } |
114 | 115 | ||
115 | 116 | ||