[patch 11/25] SCSI: ch: fix ch_remove oops

From: Greg KH
Date: Mon Aug 04 2008 - 17:39:14 EST

Next message: Keith Packard: "Re: [PATCH] Export shmem_file_setup and shmem_getpage for DRM-GEM"
Previous message: Greg KH: "[patch 10/25] linear: correct disk numbering error check"
In reply to: Greg KH: "[patch 10/25] linear: correct disk numbering error check"
Next in thread: Greg KH: "[patch 12/25] NFS: Ensure we zap only the access and acl cacheswhen setting new acls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2.6.26-stable review patch. If anyone has any objections, please let us
know.

------------------

From: FUJITA Tomonori <fujita.tomonori@xxxxxxxxxxxxx>

commit 3d164fb09bb5cb8a223eddf634fc0d355714fcfe upstream.

The following commit causes ch_remove oops:

commit 24b42566c3fcbb5a9011d1446783d0f5844ccd45
Author: Greg Kroah-Hartman <gregkh@xxxxxxx>
Date: Fri May 16 17:55:12 2008 -0700

SCSI: fix race in device_create

There is a race from when a device is created with device_create() and
then the drvdata is set with a call to dev_set_drvdata() in which a
sysfs file could be open, yet the drvdata will be NULL, causing all
sorts of bad things to happen.

This patch fixes the problem by using the new function,
device_create_drvdata(). It fixes the problem in all of the scsi
drivers that need it.

Cc: Kay Sievers <kay.sievers@xxxxxxxx>
Cc: Doug Gilbert <dgilbert@xxxxxxxxxxxx>
Cc: James E.J. Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

The problem is ch_probe stores ch's private data at a wrong place.

We need to store it at scsi_device->sdev_gendev but the above patch
stores it at device struct that device_create_drvdata returns. So we
hit an oops when ch_remove accesses
scsi_device->sdev_gendev->driver_data, which is NULL.

Actually, there wasn't a race because ch doesn't create sysfs files
with device struct that device_create returns. This patch puts back
dev_set_drvdata() to set ch's private data properly.

Signed-off-by: FUJITA Tomonori <fujita.tomonori@xxxxxxxxxxxxx>
Signed-off-by: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
drivers/scsi/ch.c | 1 +
1 file changed, 1 insertion(+)

--- a/drivers/scsi/ch.c
+++ b/drivers/scsi/ch.c
@@ -926,6 +926,7 @@ static int ch_probe(struct device *dev)
if (init)
ch_init_elem(ch);

+ dev_set_drvdata(dev, ch);
sdev_printk(KERN_INFO, sd, "Attached scsi changer %s\n", ch->name);

return 0;

--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Keith Packard: "Re: [PATCH] Export shmem_file_setup and shmem_getpage for DRM-GEM"
Previous message: Greg KH: "[patch 10/25] linear: correct disk numbering error check"
In reply to: Greg KH: "[patch 10/25] linear: correct disk numbering error check"
Next in thread: Greg KH: "[patch 12/25] NFS: Ensure we zap only the access and acl cacheswhen setting new acls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]