Sebastian Andrzej Siewior 6ae56031f1 pstore/ramoops: fixup driver removal ... commit 4407de74df18ed405cc5998990004c813ccfdbde upstream. A basic rmmod ramoops segfaults. Let's see why. Since commit 34f0ec82e0 ("pstore: Correct the max_dump_cnt clearing of ramoops") sets ->max_dump_cnt to zero before looping over ->przs but we didn't use it before that either. And since commit ee1d267423 ("pstore: add pstore unregister") we free that memory on rmmod. But even then, we looped until a NULL pointer or ERR. I don't see where it is ensured that the last member is NULL. Let's try this instead: simply error recovery and free. Clean up in error case where resources were allocated. And then, in the free path, rely on ->max_dump_cnt in the free path. Cc: Anton Vorontsov <anton@enomsg.org> Cc: Colin Cross <ccross@android.com> Cc: Kees Cook <keescook@chromium.org> Cc: Tony Luck <tony.luck@intel.com> Cc: Namhyung Kim <namhyung@kernel.org> Acked-by: Namhyung Kim <namhyung@kernel.org> Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2016-10-28 03:01:27 -04:00
..
ftrace.c	pstore: add pstore unregister	2015-10-22 08:59:18 -07:00
inode.c	pstore: drop file opened reference count	2016-10-07 15:23:44 +02:00
internal.h	pstore: Fix return type of pstore_is_mounted()	2015-10-22 10:57:33 -07:00
Kconfig	pstore: add pstore unregister	2015-10-22 08:59:18 -07:00
Makefile	pstore: add pstore unregister	2015-10-22 08:59:18 -07:00
platform.c	pstore: fix code comment to match code	2015-11-02 13:41:52 -08:00
pmsg.c	pstore: add pstore unregister	2015-10-22 08:59:18 -07:00
ram.c	pstore/ramoops: fixup driver removal	2016-10-28 03:01:27 -04:00
ram_core.c	pstore-ram: Allow optional mapping with pgprot_noncached	2014-12-11 13:38:31 -08:00