The path through add_memory_section() when the memory block already
exists uses flawed refcounting logic. A get_device() is done on a
memory block using a pointer that might not be valid as we dropped
our previous reference and didn't obtain a new reference in the
proper way.
Lets stop pretending and just remove the get/put. The
mem_sysfs_mutex, which we hold over the entire init loop now, will
prevent the memory blocks from disappearing from under us.
Signed-off-by: Seth Jennings <sjenning@xxxxxxxxxxxxxxxxxx>
---
drivers/base/memory.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/drivers/base/memory.c b/drivers/base/memory.c
index a695164..7d9d3bc 100644
--- a/drivers/base/memory.c
+++ b/drivers/base/memory.c
@@ -613,14 +613,12 @@ static int add_memory_section(struct mem_section *section,
if (scn_nr >= (*mem_p)->start_section_nr &&
scn_nr <= (*mem_p)->end_section_nr) {
mem = *mem_p;
- get_device(&mem->dev);
}
}
- if (mem) {
+ if (mem)
mem->section_count++;
- put_device(&mem->dev);
- } else {
+ else {
ret = init_memory_block(&mem, section, MEM_ONLINE);
/* store memory_block pointer for next loop */
if (!ret && mem_p)
--
1.8.3.4
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>