diff options
author | Julia Lawall <julia@diku.dk> | 2010-04-02 02:47:13 +0000 |
---|---|---|
committer | Benjamin Herrenschmidt <benh@kernel.crashing.org> | 2010-04-07 18:00:41 +1000 |
commit | a7df5c5e52a545774c4db1f2adf09ede018ab139 (patch) | |
tree | b02fab55d085a9057a5a62bafe35ae69f1cc1bdd /arch/powerpc/platforms/pseries/dlpar.c | |
parent | ab30f78c0afbb86584144925e25c7ca68ba9a91f (diff) |
powerpc/pseries/dlpar: Eliminate use after free
dlpar_free_cc_nodes frees its argument, so dlpar_online_cpu should not be
called on the same value. Skip over the call to dlpar_online_cpu by
jumping directly to out.
A simplified version of the semantic patch that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
expression E,E2;
@@
dlpar_free_cc_nodes(E)
...
(
E = E2
|
* E
)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Diffstat (limited to 'arch/powerpc/platforms/pseries/dlpar.c')
-rw-r--r-- | arch/powerpc/platforms/pseries/dlpar.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/arch/powerpc/platforms/pseries/dlpar.c b/arch/powerpc/platforms/pseries/dlpar.c index e1682bc168a..1540a41d1a8 100644 --- a/arch/powerpc/platforms/pseries/dlpar.c +++ b/arch/powerpc/platforms/pseries/dlpar.c @@ -433,6 +433,7 @@ static ssize_t dlpar_cpu_probe(const char *buf, size_t count) if (rc) { dlpar_release_drc(drc_index); dlpar_free_cc_nodes(dn); + goto out; } rc = dlpar_online_cpu(dn); |