releases/2.6.32.41/x86-mce-amd-fix-leaving-freed-data-in-a-list.patch - pub/scm/linux/kernel/git/longterm/longterm-queue-2.6.32 - Git at Google

 From d9a5ac9ef306eb5cc874f285185a15c303c50009 Mon Sep 17 00:00:00 2001
 From: Julia Lawall <julia@diku.dk>
 Date: Fri, 13 May 2011 15:52:09 +0200
 Subject: x86, mce, AMD: Fix leaving freed data in a list

 From: Julia Lawall <julia@diku.dk>

 commit d9a5ac9ef306eb5cc874f285185a15c303c50009 upstream.

 b may be added to a list, but is not removed before being freed
 in the case of an error.  This is done in the corresponding
 deallocation function, so the code here has been changed to
 follow that.

 The sematic match that finds this problem is as follows:
 (http://coccinelle.lip6.fr/)

 // <smpl>
 @@
 expression E,E1,E2;
 identifier l;
 @@

 *list_add(&E->l,E1);
 ... when != E1
     when != list_del(&E->l)
     when != list_del_init(&E->l)
     when != E = E2
 *kfree(E);// </smpl>

 Signed-off-by: Julia Lawall <julia@diku.dk>
 Cc: Borislav Petkov <borislav.petkov@amd.com>
 Cc: Robert Richter <robert.richter@amd.com>
 Cc: Yinghai Lu <yinghai@kernel.org>
 Cc: Andreas Herrmann <andreas.herrmann3@amd.com>
 Link: http://lkml.kernel.org/r/1305294731-12127-1-git-send-email-julia@diku.dk
 Signed-off-by: Ingo Molnar <mingo@elte.hu>
 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

 ---
  arch/x86/kernel/cpu/mcheck/mce_amd.c |    1 +
  1 file changed, 1 insertion(+)

 --- a/arch/x86/kernel/cpu/mcheck/mce_amd.c
 +++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c
 @@ -468,6 +468,7 @@ recurse:
  out_free:
  	if (b) {
  		kobject_put(&b->kobj);
 +		list_del(&b->miscj);
  		kfree(b);
  	}
  	return err;
	From d9a5ac9ef306eb5cc874f285185a15c303c50009 Mon Sep 17 00:00:00 2001
	From: Julia Lawall <julia@diku.dk>
	Date: Fri, 13 May 2011 15:52:09 +0200
	Subject: x86, mce, AMD: Fix leaving freed data in a list

	From: Julia Lawall <julia@diku.dk>

	commit d9a5ac9ef306eb5cc874f285185a15c303c50009 upstream.

	b may be added to a list, but is not removed before being freed
	in the case of an error. This is done in the corresponding
	deallocation function, so the code here has been changed to
	follow that.

	The sematic match that finds this problem is as follows:
	(http://coccinelle.lip6.fr/)

	// <smpl>
	@@
	expression E,E1,E2;
	identifier l;
	@@

	*list_add(&E->l,E1);
	... when != E1
	when != list_del(&E->l)
	when != list_del_init(&E->l)
	when != E = E2
	*kfree(E);// </smpl>

	Signed-off-by: Julia Lawall <julia@diku.dk>
	Cc: Borislav Petkov <borislav.petkov@amd.com>
	Cc: Robert Richter <robert.richter@amd.com>
	Cc: Yinghai Lu <yinghai@kernel.org>
	Cc: Andreas Herrmann <andreas.herrmann3@amd.com>
	Link: http://lkml.kernel.org/r/1305294731-12127-1-git-send-email-julia@diku.dk
	Signed-off-by: Ingo Molnar <mingo@elte.hu>
	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

	---
	arch/x86/kernel/cpu/mcheck/mce_amd.c \| 1 +
	1 file changed, 1 insertion(+)

	--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c
	+++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c
	@@ -468,6 +468,7 @@ recurse:
	out_free:
	if (b) {
	kobject_put(&b->kobj);
	+ list_del(&b->miscj);
	kfree(b);
	}
	return err;