2008-11-07 19:23:48

by djwong

[permalink] [raw]
Subject: [PATCH] i5000-edac: Hold reference to mci kobject


It turns out that edac_mc_del_mc will kobject_put the last kref on the mci
object. If the timing is just right, that means that the mci object is freed
before before i5000_remove_one has a chance to free the resources associated
with it, causing a null pointer exceptions when unloading the driver. Insert
a kobject_{get,put} pair so that this doesn't happen.

Signed-off-by: Darrick J. Wong <[email protected]>
---

drivers/edac/i5000_edac.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/drivers/edac/i5000_edac.c b/drivers/edac/i5000_edac.c
index f0d9b41..d335086 100644
--- a/drivers/edac/i5000_edac.c
+++ b/drivers/edac/i5000_edac.c
@@ -1381,6 +1381,7 @@ static int i5000_probe1(struct pci_dev *pdev, int dev_idx)
if (mci == NULL)
return -ENOMEM;

+ kobject_get(&mci->edac_mci_kobj);
debugf0("MC: " __FILE__ ": %s(): mci = %p\n", __func__, mci);

mci->dev = &pdev->dev; /* record ptr to the generic device */
@@ -1453,6 +1454,7 @@ fail1:
i5000_put_devices(mci);

fail0:
+ kobject_put(&mci->edac_mci_kobj);
edac_mc_free(mci);
return -ENODEV;
}
@@ -1498,7 +1500,7 @@ static void __devexit i5000_remove_one(struct pci_dev *pdev)

/* retrieve references to resources, and free those resources */
i5000_put_devices(mci);
-
+ kobject_put(&mci->edac_mci_kobj);
edac_mc_free(mci);
}