Apr 02 2010

powerpc/pseries/dlpar: Eliminate use after free 

Author: Julia Lawall <julia@diku.dk>

dlpar_free_cc_nodes frees its argument, so dlpar_online_cpu should not be
called on the same value.  Skip over the call to dlpar_online_cpu by
jumping directly to out.

A simplified version of the semantic patch that finds this problem is as
follows: (http://coccinelle.lip6.fr/)

// 
@@
expression E,E2;
@@

dlpar_free_cc_nodes(E)
...
(
  E = E2
|
* E
)
// 

Signed-off-by: Julia Lawall 
Signed-off-by: Benjamin Herrenschmidt 

---
 arch/powerpc/platforms/pseries/dlpar.c | 1 +
 1 file changed, 1 insertion(+)
 
diff --git a/arch/powerpc/platforms/pseries/dlpar.c b/arch/powerpc/platforms/pseries/dlpar.c
index e1682bc..1540a41 100644
--- a/arch/powerpc/platforms/pseries/dlpar.c
+++ b/arch/powerpc/platforms/pseries/dlpar.c
@@ -433,6 +433,7 @@ static ssize_t dlpar_cpu_probe(const char *buf, size_t count)
 	if (rc) {
 		dlpar_release_drc(drc_index);
 		dlpar_free_cc_nodes(dn);
+		goto out;
 	}
 
 	rc = dlpar_online_cpu(dn);

qlambert

BtrLinux
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.