Alan Stern wrote:
> On Thu, 10 May 2007, Tejun Heo wrote:
>
>> Currently, devt_attr for the "dev" file is freed immediately on device
>> removal, but if the "dev" sysfs file is open when a device is removed,
>> sysfs will access its attribute structure for further access including
>> close resulting in jumping to garbled address. Fix it by postponing
>> freeing devt_attr to device release time.
>>
>> Note that devt_attr for class_device is already freed on release.
>>
>> This bug is reported by Chris Rankin as bugzilla bug#8198.
>>
>> Signed-off-by: Tejun Heo <[email protected]>
>> Cc: Chris Rankin <[email protected]>
>> ---
>> Applies well to 2.6.20 and 21. As sysfs-immediate-disconnect doesn't
>> seem to be included in 2.6.22, this should be included in linus#master
>> too (applies well there as well).
>
> Although sysfs-immediate-disconnect may not be included in 2.6.22, the old
> attribute-orphan code by Oliver Neukum is present there and also in
> 2.6.21. Shouldn't that suffice?
sysfs_release() still needs to deference attr->owner to put it, so I
think there's the same problem even with attribute-orphan. We end up
calling module_put() on garbage.
--
tejun
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]