summaryrefslogtreecommitdiffstats
path: root/drivers/s390/char
diff options
context:
space:
mode:
authorGerald Schaefer <gerald.schaefer@de.ibm.com>2009-11-13 15:43:51 +0100
committerMartin Schwidefsky <sky@mschwide.boeblingen.de.ibm.com>2009-11-13 15:45:03 +0100
commitccaf6553963bc6304d5820962a08a4397d0a2dc2 (patch)
tree55b301555c75a43fd905c4cdf5af175c1e0d29bb /drivers/s390/char
parentLinux 2.6.32-rc7 (diff)
downloadlinux-ccaf6553963bc6304d5820962a08a4397d0a2dc2.tar.xz
linux-ccaf6553963bc6304d5820962a08a4397d0a2dc2.zip
[S390] monreader: fix use after free bug with suspend/resume
The monreader device driver doesn't set dev->driver_data to NULL after freeing the corresponding data structure. This leads to a use after free bug in the freeze/thaw suspend/resume functions after the device has been opened and closed once. Fix this by clearing dev->driver_data in the close() function. Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'drivers/s390/char')
-rw-r--r--drivers/s390/char/monreader.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/s390/char/monreader.c b/drivers/s390/char/monreader.c
index 89ece1c235aa..66e21dd23154 100644
--- a/drivers/s390/char/monreader.c
+++ b/drivers/s390/char/monreader.c
@@ -357,6 +357,7 @@ static int mon_close(struct inode *inode, struct file *filp)
atomic_set(&monpriv->msglim_count, 0);
monpriv->write_index = 0;
monpriv->read_index = 0;
+ dev_set_drvdata(monreader_device, NULL);
for (i = 0; i < MON_MSGLIM; i++)
kfree(monpriv->msg_array[i]);