From: Borislav Petkov <borislav.petkov@amd.com>
To: Darren Jenkins <darrenrjenkins@gmail.com>
Cc: Kernel Janitors <kernel-janitors@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
dougthompson@xmission.com, bluesmoke-devel@lists.sourceforge.net
Subject: Re: drivers/edac/ move a kfree() to after last use
Date: Mon, 21 Dec 2009 15:18:19 +0000 [thread overview]
Message-ID: <20091221151819.GA16432@aftab> (raw)
In-Reply-To: <1261370306.11354.52.camel@ICE-BOX>
On Mon, Dec 21, 2009 at 03:38:26PM +1100, Darren Jenkins wrote:
>
> Move a kfree() below the last use of the memory
>
> Coverity CID: 13142
>
> Signed-off-by: Darren Jenkins <darrenrjenkins@gmail.com>
Thanks for catching that. Here's a better version that does all the
freeing at the end of the function.
--
From: Borislav Petkov <borislav.petkov@amd.com>
Date: Mon, 21 Dec 2009 15:15:59 +0100
Subject: [PATCH] amd64_edac: fix driver instance freeing
Fix use-after-free errors by pushing all memory-freeing calls to the end
of amd64_remove_one_instance().
Reported-by: Darren Jenkins <darrenrjenkins@gmail.com>
Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
---
drivers/edac/amd64_edac.c | 9 ++++-----
1 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
index 784cc5a..fb0d36b 100644
--- a/drivers/edac/amd64_edac.c
+++ b/drivers/edac/amd64_edac.c
@@ -2929,16 +2929,15 @@ static void __devexit amd64_remove_one_instance(struct pci_dev *pdev)
amd64_free_mc_sibling_devices(pvt);
- kfree(pvt);
- mci->pvt_info = NULL;
-
- mci_lookup[pvt->mc_node_id] = NULL;
-
/* unregister from EDAC MCE */
amd_report_gart_errors(false);
amd_unregister_ecc_decoder(amd64_decode_bus_error);
/* Free the EDAC CORE resources */
+ mci->pvt_info = NULL;
+ mci_lookup[pvt->mc_node_id] = NULL;
+
+ kfree(pvt);
edac_mc_free(mci);
}
--
1.6.5.4
--
Regards/Gruss,
Boris.
Operating | Advanced Micro Devices GmbH
System | Karl-Hammerschmidt-Str. 34, 85609 Dornach b. München, Germany
Research | Geschäftsführer: Andrew Bowd, Thomas M. McCoy, Giuliano Meroni
Center | Sitz: Dornach, Gemeinde Aschheim, Landkreis München
(OSRC) | Registergericht München, HRB Nr. 43632
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Borislav Petkov <borislav.petkov@amd.com>
To: Darren Jenkins <darrenrjenkins@gmail.com>
Cc: Kernel Janitors <kernel-janitors@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
dougthompson@xmission.com, bluesmoke-devel@lists.sourceforge.net
Subject: Re: drivers/edac/ move a kfree() to after last use
Date: Mon, 21 Dec 2009 16:18:19 +0100 [thread overview]
Message-ID: <20091221151819.GA16432@aftab> (raw)
In-Reply-To: <1261370306.11354.52.camel@ICE-BOX>
On Mon, Dec 21, 2009 at 03:38:26PM +1100, Darren Jenkins wrote:
>
> Move a kfree() below the last use of the memory
>
> Coverity CID: 13142
>
> Signed-off-by: Darren Jenkins <darrenrjenkins@gmail.com>
Thanks for catching that. Here's a better version that does all the
freeing at the end of the function.
--
From: Borislav Petkov <borislav.petkov@amd.com>
Date: Mon, 21 Dec 2009 15:15:59 +0100
Subject: [PATCH] amd64_edac: fix driver instance freeing
Fix use-after-free errors by pushing all memory-freeing calls to the end
of amd64_remove_one_instance().
Reported-by: Darren Jenkins <darrenrjenkins@gmail.com>
Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>
---
drivers/edac/amd64_edac.c | 9 ++++-----
1 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c
index 784cc5a..fb0d36b 100644
--- a/drivers/edac/amd64_edac.c
+++ b/drivers/edac/amd64_edac.c
@@ -2929,16 +2929,15 @@ static void __devexit amd64_remove_one_instance(struct pci_dev *pdev)
amd64_free_mc_sibling_devices(pvt);
- kfree(pvt);
- mci->pvt_info = NULL;
-
- mci_lookup[pvt->mc_node_id] = NULL;
-
/* unregister from EDAC MCE */
amd_report_gart_errors(false);
amd_unregister_ecc_decoder(amd64_decode_bus_error);
/* Free the EDAC CORE resources */
+ mci->pvt_info = NULL;
+ mci_lookup[pvt->mc_node_id] = NULL;
+
+ kfree(pvt);
edac_mc_free(mci);
}
--
1.6.5.4
--
Regards/Gruss,
Boris.
Operating | Advanced Micro Devices GmbH
System | Karl-Hammerschmidt-Str. 34, 85609 Dornach b. München, Germany
Research | Geschäftsführer: Andrew Bowd, Thomas M. McCoy, Giuliano Meroni
Center | Sitz: Dornach, Gemeinde Aschheim, Landkreis München
(OSRC) | Registergericht München, HRB Nr. 43632
next prev parent reply other threads:[~2009-12-21 15:18 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-21 4:38 drivers/edac/ move a kfree() to after last use Darren Jenkins
2009-12-21 4:38 ` Darren Jenkins
2009-12-21 15:18 ` Borislav Petkov [this message]
2009-12-21 15:18 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091221151819.GA16432@aftab \
--to=borislav.petkov@amd.com \
--cc=bluesmoke-devel@lists.sourceforge.net \
--cc=darrenrjenkins@gmail.com \
--cc=dougthompson@xmission.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.