projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8a1882e) | patch
IB/hfi1: Do not free hfi1 cdev parent structure early
authorDennis Dalessandro <dennis.dalessandro@intel.com>
Thu, 19 May 2016 12:26:44 +0000 (05:26 -0700)
committerDoug Ledford <dledford@redhat.com>
Thu, 26 May 2016 15:35:13 +0000 (11:35 -0400)
commite11ffbd57520c3832e05f2f5f19e9ff6adbb7cdc
tree6926bb60c32447ffc09e68e909492d85c0044c38tree | snapshot (tar.gz zip)
parent8a1882ebd4b593df0e36ba0b72e4e2f632573274commit | diff
IB/hfi1: Do not free hfi1 cdev parent structure early

The deletion of a cdev is not a fence for holding off references to the
structure. The driver attempts to delete the cdev and then proceeds to
free the parent structure, the hfi1_devdata, or dd. This can potentially
lead to a kernel panic in situations where a user has an FD for the cdev
open, and the pci device gets removed. If the user then closes the FD
there will be a NULL dereference when trying to do put on the cdev's
kobject.

Fix this by pointing the cdev's kobject.parent at a new kobject embedded
in its parent structure. Also take a reference when the device is opened
and put it back when it is closed.

Reviewed-by: Mitko Haralanov <mitko.haralanov@intel.com>
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
drivers/staging/rdma/hfi1/device.c diff | blob | blame | history
drivers/staging/rdma/hfi1/device.h diff | blob | blame | history
drivers/staging/rdma/hfi1/file_ops.c diff | blob | blame | history
drivers/staging/rdma/hfi1/hfi.h diff | blob | blame | history
drivers/staging/rdma/hfi1/init.c diff | blob | blame | history