diff options
| author | Max Asbock <masbock@us.ibm.com> | 2006-03-09 17:33:48 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-03-09 19:47:37 -0800 |
| commit | 6a88231fc7da311e4da4ce2011d1a132c80c145a (patch) | |
| tree | 383281e2e283a2f3da686d3ea57cd7c4777a7282 | |
| parent | a6bf527091b1dd40f1b6a496812ce7520621c282 (diff) | |
| download | olio-linux-3.10-6a88231fc7da311e4da4ce2011d1a132c80c145a.tar.xz olio-linux-3.10-6a88231fc7da311e4da4ce2011d1a132c80c145a.zip | |
[PATCH] ibmasm: use after free fix
The kobject_put() can free the memory at *cmd, but cmd->lock points to a
persistent lock that is not freed with cmd.
Signed-off-by: Max Asbock <masbock@us.ibm.com>
Cc: Vernon Mauery <vernux@us.ibm.com>
Cc: Srihari Vijayaraghavan <sriharivijayaraghavan@yahoo.com.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| -rw-r--r-- | drivers/misc/ibmasm/ibmasm.h | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/drivers/misc/ibmasm/ibmasm.h b/drivers/misc/ibmasm/ibmasm.h index 1cef2387fa6..6aba4195444 100644 --- a/drivers/misc/ibmasm/ibmasm.h +++ b/drivers/misc/ibmasm/ibmasm.h @@ -101,15 +101,16 @@ struct command { static inline void command_put(struct command *cmd) { unsigned long flags; + spinlock_t *lock = cmd->lock; - spin_lock_irqsave(cmd->lock, flags); - kobject_put(&cmd->kobj); - spin_unlock_irqrestore(cmd->lock, flags); + spin_lock_irqsave(lock, flags); + kobject_put(&cmd->kobj); + spin_unlock_irqrestore(lock, flags); } static inline void command_get(struct command *cmd) { - kobject_get(&cmd->kobj); + kobject_get(&cmd->kobj); } |