From: Tony Luck <tony.luck@intel.com>
Date: Thu, 21 Apr 2016 17:34:14 +0000 (-0700)
Subject: EDAC: Fix used after kfree() error in edac_unregister_sysfs()
X-Git-Tag: v4.7-rc1~177^2~8
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=ab67b6c22d8506b060a66ed0ce1a3e14e3b075e4;p=linux.git

EDAC: Fix used after kfree() error in edac_unregister_sysfs()

Code flow looks like this:

  device_unregister(&mci->dev);
   -> kobject_put+0x25/0x50
    -> kobject_cleanup+0x77/0x190
      -> device_release+0x32/0xa0
	-> mci_attr_release+0x36/0x70
	  -> kfree(mci);
  bus_unregister(mci->bus);

Fix is to grab a local copy of "mci->bus" and use that when we call
bus_unregister().

Signed-off-by: Tony Luck <tony.luck@intel.com>
Acked-by: Aristeu Rozanski <aris@redhat.com>
Cc: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Cc: linux-edac <linux-edac@vger.kernel.org>
Link: http://lkml.kernel.org/r/21d595b0ab3d718d9cb206647f4ec91c05e62ec4.1461261078.git.tony.luck@intel.com
Signed-off-by: Borislav Petkov <bp@suse.de>
---

diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c
index 26e65ab5932a..10c305b4a2e1 100644
--- a/drivers/edac/edac_mc_sysfs.c
+++ b/drivers/edac/edac_mc_sysfs.c
@@ -998,11 +998,12 @@ void edac_remove_sysfs_mci_device(struct mem_ctl_info *mci)
 
 void edac_unregister_sysfs(struct mem_ctl_info *mci)
 {
+	struct bus_type *bus = mci->bus;
 	const char *name = mci->bus->name;
 
 	edac_dbg(1, "Unregistering device %s\n", dev_name(&mci->dev));
 	device_unregister(&mci->dev);
-	bus_unregister(mci->bus);
+	bus_unregister(bus);
 	kfree(name);
 }