numa: fix NULL pointer access and memory leak in unregister_one_node()
authorXishi Qiu <qiuxishi@huawei.com>
Thu, 6 Mar 2014 09:18:21 +0000 (17:18 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 9 Mar 2014 06:08:29 +0000 (22:08 -0800)
When doing socket hot remove, "node_devices[nid]" is set to NULL;
acpi_processor_remove()
try_offline_node()
unregister_one_node()

Then hot add a socket, but do not echo 1 > /sys/devices/system/cpu/cpuXX/online,
so register_one_node() will not be called, and "node_devices[nid]"
is still NULL.

If doing socket hot remove again, NULL pointer access will be happen.
unregister_one_node()
unregister_node()

Another, we should free the memory used by "node_devices[nid]" in
unregister_one_node().

Signed-off-by: Xishi Qiu <qiuxishi@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/base/node.c

index bc9f43bf7e29a46714cb1f220bb0d866c5d3eab8..8f7ed9933a7c6939d7703badeeacb97fcfc803aa 100644 (file)
@@ -599,7 +599,11 @@ int register_one_node(int nid)
 
 void unregister_one_node(int nid)
 {
+       if (!node_devices[nid])
+               return;
+
        unregister_node(node_devices[nid]);
+       kfree(node_devices[nid]);
        node_devices[nid] = NULL;
 }