Re: [PATCH 1/4] memory-hotplug: add memory_block_release
From: KOSAKI Motohiro <hidden>
Date: 2012-09-28 01:40:44
Also in:
lkml
On Thu, Sep 27, 2012 at 8:24 PM, Yasuaki Ishimatsu [off-list ref] wrote:
Hi Chen, 2012/09/27 19:20, Ni zhan Chen wrote:quoted
Hi Congyang, 2012/9/27 [off-list ref]quoted
From: Yasuaki Ishimatsu <redacted> When calling remove_memory_block(), the function shows following message at device_release(). Device 'memory528' does not have a release() function, it is broken and must be fixed.What's the difference between the patch and original implemetation?The implementation is for removing a memory_block. So the purpose is same as original one. But original code is bad manner. kobject_cleanup() is called by remove_memory_block() at last. But release function for releasing memory_block is not registered. As a result, the kernel message is shown. IMHO, memory_block should be release by the releae function.
but your patch introduced use after free bug, if i understand correctly.
See unregister_memory() function. After your patch, kobject_put() call
release_memory_block() and kfree(). and then device_unregister() will
touch freed memory.
static void
unregister_memory(struct memory_block *memory)
{
BUG_ON(memory->dev.bus != &memory_subsys);
/* drop the ref. we got in remove_memory_block() */
kobject_put(&memory->dev.kobj);
device_unregister(&memory->dev);
}
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>