• Mauro Carvalho Chehab's avatar
    i7core_edac: don't use a freed mci struct · accf74ff
    Mauro Carvalho Chehab authored
    This is a nasty bug. Since kobject count will be reduced by zero by
    edac_mc_del_mc(), and this triggers the kobj release method, the
    mci memory will be freed automatically. So, all we have left is ctl_name,
    as shown by enabling debug:
    
    [   80.822186] EDAC DEBUG: in drivers/edac/edac_mc_sysfs.c, line at 1020: edac_remove_sysfs_mci_device()  remove_link
    [   80.832590] EDAC DEBUG: in drivers/edac/edac_mc_sysfs.c, line at 1024: edac_remove_sysfs_mci_device()  remove_mci_instance
    [   80.843776] EDAC DEBUG: in drivers/edac/edac_mc_sysfs.c, line at 640: edac_mci_control_release() mci instance idx=0 releasing
    [   80.855163] EDAC MC: Removed device 0 for i7core_edac.c i7 core #0: DEV 0000:3f:03.0
    [   80.862936] EDAC DEBUG: in drivers/edac/i7core_edac.c, line at 2089: (null): free structs
    [   80.871134] EDAC DEBUG: in drivers/edac/edac_mc.c, line at 238: edac_mc_free()
    [   80.878379] EDAC DEBUG: in drivers/edac/edac_mc_sysfs.c, line at 726: edac_mc_unregister_sysfs_main_kobj()
    [   80.888043] EDAC DEBUG: in drivers/edac/i7core_edac.c, line at 1232: drivers/edac/i7core_edac.c: i7core_put_devices()
    
    Also, kfree(mci) shouldn't happen at the kobj.release, as it happens
    when edac_remove_sysfs_mci_device() is called, but the logic is:
    	edac_remove_sysfs_mci_device(mci);
    	edac_printk(KERN_INFO, EDAC_MC,
    		"Removed device %d for %s %s: DEV %s\n", mci->mc_idx,
    		mci->mod_name, mci->ctl_name, edac_dev_name(mci));
    So, as the edac_printk() needs the mci struct, this generates an OOPS.
    Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@redhat.com>
    accf74ff
edac_mc_sysfs.c 26.6 KB