s390/cio: fix use after free in cmb processing
authorSebastian Ott <sebott@linux.vnet.ibm.com>
Mon, 7 Sep 2015 17:51:39 +0000 (19:51 +0200)
committerMartin Schwidefsky <schwidefsky@de.ibm.com>
Wed, 14 Oct 2015 12:32:02 +0000 (14:32 +0200)
commita6ef15652d260f754ead223d0c55434a3a39fe1d
treeb2a872f3b03d863b648a1e796d41ef4f20e46761
parent1bc6664bdfb949bc69a08113801e7d6acbf6bc3f
s390/cio: fix use after free in cmb processing

Devices with active channel measurement are included in a list. When a
device is removed without deactivating channel measurement first the
list_head is freed but still used. Fix this by making sure that
channel measurement is deactivated during device deregistration.

For devices that we deregister because they are no longer accessible
deactivating channel measurement will fail. In this case we can report
success because the FW will no longer access the measurement block.

In addition to these steps keep an extra device reference while
channel measurement is active.

Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
drivers/s390/cio/cmf.c
drivers/s390/cio/device.c