diff options
| author | Vivek Goyal <vgoyal@redhat.com> | 2010-11-06 08:16:05 -0400 | 
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-11-06 07:49:56 -0700 | 
| commit | d017bf6b4ff57db16a481a48bdad79274610a403 (patch) | |
| tree | 3b4cb3b4c3b5b024abdae29ec973cbd903afe6fc /arch/m32r/include/asm/msgbuf.h | |
| parent | 151f52f09c5728ecfdd0c289da1a4b30bb416f2c (diff) | |
floppy: fix another use-after-free
While scanning the floopy code due to c093ee4f07f4 ("floppy: fix
use-after-free in module load failure path"), I found one more instance
of trying to access disk->queue pointer after doing put_disk() on
gendisk.  For some reason , floppy moule still loads/unloads fine.  The
object is probably still around with right pointer values.
 o There seems to be one more instance of trying to cleanup the request
   queue after we have called put_disk() on associated gendisk.
 o This fix is more out of code inspection.  Even without this fix for
   some reason I am able to load/unload floppy module without any
   issues.
 o Floppy module loads/unloads fine after the fix.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'arch/m32r/include/asm/msgbuf.h')
0 files changed, 0 insertions, 0 deletions
