summaryrefslogtreecommitdiffstats
path: root/drivers/infiniband/hw/hfi1/driver.c
diff options
context:
space:
mode:
authorDennis Dalessandro <dennis.dalessandro@intel.com>2016-05-19 14:26:44 +0200
committerDoug Ledford <dledford@redhat.com>2016-05-26 17:35:13 +0200
commite11ffbd57520c3832e05f2f5f19e9ff6adbb7cdc (patch)
tree6926bb60c32447ffc09e68e909492d85c0044c38 /drivers/infiniband/hw/hfi1/driver.c
parentIB/hfi1: Add trace message in user IOCTL handling (diff)
downloadlinux-e11ffbd57520c3832e05f2f5f19e9ff6adbb7cdc.tar.xz
linux-e11ffbd57520c3832e05f2f5f19e9ff6adbb7cdc.zip
IB/hfi1: Do not free hfi1 cdev parent structure early
The deletion of a cdev is not a fence for holding off references to the structure. The driver attempts to delete the cdev and then proceeds to free the parent structure, the hfi1_devdata, or dd. This can potentially lead to a kernel panic in situations where a user has an FD for the cdev open, and the pci device gets removed. If the user then closes the FD there will be a NULL dereference when trying to do put on the cdev's kobject. Fix this by pointing the cdev's kobject.parent at a new kobject embedded in its parent structure. Also take a reference when the device is opened and put it back when it is closed. Reviewed-by: Mitko Haralanov <mitko.haralanov@intel.com> Signed-off-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com> Signed-off-by: Doug Ledford <dledford@redhat.com>
Diffstat (limited to 'drivers/infiniband/hw/hfi1/driver.c')
0 files changed, 0 insertions, 0 deletions