diff options
author | Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> | 2006-01-18 17:42:53 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-01-18 19:20:20 -0800 |
commit | c42791b6ec5453cd7910eac7bfdd88f27173f81c (patch) | |
tree | f874b541bfacb27df2bcfdf6fe5823353d431635 /arch | |
parent | 3b948068b84b9759cdf0965abf3074dcb9230e98 (diff) | |
download | kernel_samsung_smdk4412-c42791b6ec5453cd7910eac7bfdd88f27173f81c.zip kernel_samsung_smdk4412-c42791b6ec5453cd7910eac7bfdd88f27173f81c.tar.gz kernel_samsung_smdk4412-c42791b6ec5453cd7910eac7bfdd88f27173f81c.tar.bz2 |
[PATCH] uml: make daemon transport behave properly
Avoid uninitialized data in the daemon_data structure. I used this transport
before doing proper setup before-hand, and I got some very nice SLAB
corruption due to freeing crap pointers. So just make sure to clear
everything when appropriate.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Cc: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'arch')
-rw-r--r-- | arch/um/drivers/daemon_kern.c | 4 | ||||
-rw-r--r-- | arch/um/drivers/daemon_user.c | 6 |
2 files changed, 10 insertions, 0 deletions
diff --git a/arch/um/drivers/daemon_kern.c b/arch/um/drivers/daemon_kern.c index 30d285b..507e3cb 100644 --- a/arch/um/drivers/daemon_kern.c +++ b/arch/um/drivers/daemon_kern.c @@ -31,6 +31,10 @@ void daemon_init(struct net_device *dev, void *data) dpri->fd = -1; dpri->control = -1; dpri->dev = dev; + /* We will free this pointer. If it contains crap we're burned. */ + dpri->ctl_addr = NULL; + dpri->data_addr = NULL; + dpri->local_addr = NULL; printk("daemon backend (uml_switch version %d) - %s:%s", SWITCH_VERSION, dpri->sock_type, dpri->ctl_sock); diff --git a/arch/um/drivers/daemon_user.c b/arch/um/drivers/daemon_user.c index 1bb085b2..c944265 100644 --- a/arch/um/drivers/daemon_user.c +++ b/arch/um/drivers/daemon_user.c @@ -158,10 +158,16 @@ static void daemon_remove(void *data) struct daemon_data *pri = data; os_close_file(pri->fd); + pri->fd = -1; os_close_file(pri->control); + pri->control = -1; + kfree(pri->data_addr); + pri->data_addr = NULL; kfree(pri->ctl_addr); + pri->ctl_addr = NULL; kfree(pri->local_addr); + pri->local_addr = NULL; } int daemon_user_write(int fd, void *buf, int len, struct daemon_data *pri) |