git.samba.org / sfrench / cifs-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[PATCH] Fix sysctl unregistration oops (CVE-2005-2709)
[sfrench/cifs-2.6.git] / arch / s390 / appldata / appldata_base.c
diff --git a/arch/s390/appldata/appldata_base.c b/arch/s390/appldata/appldata_base.c
index c067435bae4506130b9dd05cbf4e6a30078000a1..dee6ab54984d03d6358a54476191aa18fb2ee05d 100644 (file)
--- a/arch/s390/appldata/appldata_base.c
+++ b/arch/s390/appldata/appldata_base.c
@@ -232,7 +232,11 @@ static int appldata_diag(char record_nr, u16 function, unsigned long buffer,
        ry = -1;
        asm volatile(
                        "diag %1,%0,0xDC\n\t"
-                       : "=d" (ry) : "d" (&(appldata_parameter_list)) : "cc");
+                       : "=d" (ry)
+                       : "d" (&appldata_parameter_list),
+                         "m" (appldata_parameter_list),
+                         "m" (appldata_product_id)
+                       : "cc");
        return (int) ry;
 }
 /************************ timer, work, DIAG <END> ****************************/
@@ -588,12 +592,15 @@ int appldata_register_ops(struct appldata_ops *ops)
  */
 void appldata_unregister_ops(struct appldata_ops *ops)
 {
+       void *table;
        spin_lock(&appldata_ops_lock);
-       unregister_sysctl_table(ops->sysctl_header);
        list_del(&ops->list);
-       kfree(ops->ctl_table);
+       /* at that point any incoming access will fail */
+       table = ops->ctl_table;
        ops->ctl_table = NULL;
        spin_unlock(&appldata_ops_lock);
+       unregister_sysctl_table(ops->sysctl_header);
+       kfree(table);
        P_INFO("%s-ops unregistered!\n", ops->name);
 }
 /********************** module-ops management <END> **************************/
Unnamed repository; edit this file 'description' to name the repository.