-
- Downloads
IB/hfi1: Do not free hfi1 cdev parent structure early
The deletion of a cdev is not a fence for holding off references to the structure. The driver attempts to delete the cdev and then proceeds to free the parent structure, the hfi1_devdata, or dd. This can potentially lead to a kernel panic in situations where a user has an FD for the cdev open, and the pci device gets removed. If the user then closes the FD there will be a NULL dereference when trying to do put on the cdev's kobject. Fix this by pointing the cdev's kobject.parent at a new kobject embedded in its parent structure. Also take a reference when the device is opened and put it back when it is closed. Reviewed-by:Mitko Haralanov <mitko.haralanov@intel.com> Signed-off-by:
Ira Weiny <ira.weiny@intel.com> Signed-off-by:
Dennis Dalessandro <dennis.dalessandro@intel.com> Signed-off-by:
Doug Ledford <dledford@redhat.com>
Showing
- drivers/staging/rdma/hfi1/device.c 3 additions, 1 deletiondrivers/staging/rdma/hfi1/device.c
- drivers/staging/rdma/hfi1/device.h 2 additions, 1 deletiondrivers/staging/rdma/hfi1/device.h
- drivers/staging/rdma/hfi1/file_ops.c 12 additions, 3 deletionsdrivers/staging/rdma/hfi1/file_ops.c
- drivers/staging/rdma/hfi1/hfi.h 1 addition, 0 deletionsdrivers/staging/rdma/hfi1/hfi.h
- drivers/staging/rdma/hfi1/init.c 13 additions, 1 deletiondrivers/staging/rdma/hfi1/init.c
Loading
Please register or sign in to comment