Re: [OOPS][RESEND] 2.6.0-test4-mm4

[Patrick Mochel]

> OK, it's a straightforward use-after-free in kobject_cleanup().  I snarfed
> a patch from Pat which allows arbitrary-length kobject names.  Maybe it
> wasn't quite ready yet.
> 
> t->release points at cdev_dynamic_release(), which frees the kobj.

Bah, I'm just retarded. It should be something like: 

 +	if (kobj->k_name != kobj->name)
 +		kfree(kobj->k_name);
  	if (t && t->release)
  		t->release(kobj);

I'll send you an updated patch shortly, once I get my trees in sync again. 


	Pat


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

> OK, it's a straightforward use-after-free in kobject_cleanup().  I snarfed
> a patch from Pat which allows arbitrary-length kobject names.  Maybe it
> wasn't quite ready yet.
> 
> t->release points at cdev_dynamic_release(), which frees the kobj.

Bah, I'm just retarded. It should be something like: 

 +	if (kobj->k_name != kobj->name)
 +		kfree(kobj->k_name);
  	if (t && t->release)
  		t->release(kobj);

I'll send you an updated patch shortly, once I get my trees in sync again. 


	Pat


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/