amd64_edac: fix driver instance freeing
Borislav Petkov [Mon, 21 Dec 2009 14:15:59 +0000 (15:15 +0100)]
Fix use-after-free errors by pushing all memory-freeing calls to the end
of amd64_remove_one_instance().

Reported-by: Darren Jenkins <darrenrjenkins@gmail.com>
LKML-Reference: <1261370306.11354.52.camel@ICE-BOX>
Signed-off-by: Borislav Petkov <borislav.petkov@amd.com>

drivers/edac/amd64_edac.c

index 784cc5a..fb0d36b 100644 (file)
@@ -2929,16 +2929,15 @@ static void __devexit amd64_remove_one_instance(struct pci_dev *pdev)
 
        amd64_free_mc_sibling_devices(pvt);
 
-       kfree(pvt);
-       mci->pvt_info = NULL;
-
-       mci_lookup[pvt->mc_node_id] = NULL;
-
        /* unregister from EDAC MCE */
        amd_report_gart_errors(false);
        amd_unregister_ecc_decoder(amd64_decode_bus_error);
 
        /* Free the EDAC CORE resources */
+       mci->pvt_info = NULL;
+       mci_lookup[pvt->mc_node_id] = NULL;
+
+       kfree(pvt);
        edac_mc_free(mci);
 }