Home » Mailing list archives » linux-kernel » 2008 » August » 4

[patch 11/25] SCSI: ch: fix ch_remove oops

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Greg KH <gregkh@...>
To: <linux-kernel@...>, <stable@...>
Cc: Justin Forbes <jmforbes@...>, Zwane Mwaikambo <zwane@...>, Theodore Ts'o <tytso@...>, Randy Dunlap <rdunlap@...>, Dave Jones <davej@...>, Chuck Wolber <chuckw@...>, Chris Wedgwood <reviews@...>, Michael Krufky <mkrufky@...>, Chuck Ebbert <cebbert@...>, Domenico Andreoli <cavokz@...>, Willy Tarreau <w@...>, Rodrigo Rubira Branco <rbranco@...>, Jake Edge <jake@...>, Eugene Teo <eteo@...>, <torvalds@...>, <akpm@...>, <alan@...>, FUJITA Tomonori <fujita.tomonori@...>, James Bottomley <James.Bottomley@...>
Subject: [patch 11/25] SCSI: ch: fix ch_remove oops
Date: Monday, August 4, 2008 - 5:30 pm

2.6.26-stable review patch.  If anyone has any objections, please let us
know.

------------------

From: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>

commit 3d164fb09bb5cb8a223eddf634fc0d355714fcfe upstream.

The following commit causes ch_remove oops:

commit 24b42566c3fcbb5a9011d1446783d0f5844ccd45
Author: Greg Kroah-Hartman <gregkh@suse.de>
Date:   Fri May 16 17:55:12 2008 -0700

    SCSI: fix race in device_create

    There is a race from when a device is created with device_create() and
    then the drvdata is set with a call to dev_set_drvdata() in which a
    sysfs file could be open, yet the drvdata will be NULL, causing all
    sorts of bad things to happen.

    This patch fixes the problem by using the new function,
    device_create_drvdata().  It fixes the problem in all of the scsi
    drivers that need it.

    Cc: Kay Sievers <kay.sievers@vrfy.org>
    Cc: Doug Gilbert <dgilbert@interlog.com>
    Cc: James E.J. Bottomley <James.Bottomley@HansenPartnership.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

The problem is ch_probe stores ch's private data at a wrong place.

We need to store it at scsi_device->sdev_gendev but the above patch
stores it at device struct that device_create_drvdata returns. So we
hit an oops when ch_remove accesses
scsi_device->sdev_gendev->driver_data, which is NULL.

Actually, there wasn't a race because ch doesn't create sysfs files
with device struct that device_create returns. This patch puts back
dev_set_drvdata() to set ch's private data properly.

Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 drivers/scsi/ch.c |    1 +
 1 file changed, 1 insertion(+)

--- a/drivers/scsi/ch.c
+++ b/drivers/scsi/ch.c
@@ -926,6 +926,7 @@ static int ch_probe(struct device *dev)
 	if (init)
 		ch_init_elem(ch);
 
+	dev_set_drvdata(dev, ch);
 	sdev_printk(KERN_INFO, sd, "Attached scsi changer %s\n", ch->name);
 
 	return 0;

-- 
--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[patch 00/25] 2.6.26-stable review, Greg KH, (Mon Aug 4, 5:27 pm)
[patch 18/25] Add compat handler for PTRACE_GETSIGINFO, Greg KH, (Mon Aug 4, 5:30 pm)
[patch 17/25] Bluetooth: Signal user-space for HIDP and BNEP..., Greg KH, (Mon Aug 4, 5:30 pm)
[patch 16/25] Input: i8042 - add Acer Aspire 1360 to nomux b..., Greg KH, (Mon Aug 4, 5:30 pm)
[patch 15/25] Input: i8042 - add Gericom Bellagio to nomux b..., Greg KH, (Mon Aug 4, 5:30 pm)
[patch 14/25] Input: i8042 - add Intel D845PESV to nopnp list, Greg KH, (Mon Aug 4, 5:30 pm)
[patch 13/25] jbd: fix race between free buffer and commit t..., Greg KH, (Mon Aug 4, 5:30 pm)
[patch 25/25] Ath5k: kill tasklets on shutdown, Greg KH, (Mon Aug 4, 5:30 pm)
[patch 24/25] Ath5k: fix memory corruption, Greg KH, (Mon Aug 4, 5:30 pm)
[patch 23/25] vfs: fix lookup on deleted directory, Greg KH, (Mon Aug 4, 5:30 pm)
[patch 22/25] ALSA: emu10k1 - Fix inverted Analog/Digital mi..., Greg KH, (Mon Aug 4, 5:30 pm)
[patch 21/25] ALSA: hda - Add missing Thinkpad Z60m support, Greg KH, (Mon Aug 4, 5:30 pm)
[patch 20/25] ALSA: hda - Fix DMA position inaccuracy, Greg KH, (Mon Aug 4, 5:30 pm)
[patch 19/25] ALSA: hda - Fix wrong volumes in AD1988 auto-p..., Greg KH, (Mon Aug 4, 5:30 pm)
[patch 12/25] NFS: Ensure we zap only the access and acl cac..., Greg KH, (Mon Aug 4, 5:30 pm)
[patch 11/25] SCSI: ch: fix ch_remove oops, Greg KH, (Mon Aug 4, 5:30 pm)
[patch 10/25] linear: correct disk numbering error check, Greg KH, (Mon Aug 4, 5:30 pm)
[patch 09/25] netfilter: xt_time: fix times time_mt()s use o..., Greg KH, (Mon Aug 4, 5:30 pm)
[patch 08/25] Kprobe smoke test lockdep warning, Greg KH, (Mon Aug 4, 5:30 pm)
[patch 07/25] Close race in md_probe, Greg KH, (Mon Aug 4, 5:29 pm)
[patch 06/25] x86: io delay - add checking for NULL early pa..., Greg KH, (Mon Aug 4, 5:29 pm)
[patch 05/25] x86: idle process - add checking for NULL earl..., Greg KH, (Mon Aug 4, 5:29 pm)
[patch 04/25] SCSI: bsg: fix bsg_mutex hang with device remo..., Greg KH, (Mon Aug 4, 5:29 pm)
[patch 03/25] netfilter: nf_nat_sip: c= is optional for sess..., Greg KH, (Mon Aug 4, 5:29 pm)
[patch 02/25] romfs_readpage: dont report errors for pages b..., Greg KH, (Mon Aug 4, 5:29 pm)
[patch 01/25] ftrace: remove unneeded documentation, Greg KH, (Mon Aug 4, 5:29 pm)
Re: [patch 01/25] ftrace: remove unneeded documentation, Steven Rostedt, (Mon Aug 4, 5:42 pm)
Re: [patch 01/25] ftrace: remove unneeded documentation, Randy Dunlap, (Mon Aug 4, 5:49 pm)
Re: [patch 01/25] ftrace: remove unneeded documentation, Steven Rostedt, (Mon Aug 4, 6:02 pm)
Re: [patch 01/25] ftrace: remove unneeded documentation, Randy Dunlap, (Mon Aug 4, 6:06 pm)
Re: [patch 01/25] ftrace: remove unneeded documentation, Greg KH, (Mon Aug 4, 5:46 pm)
Re: [patch 01/25] ftrace: remove unneeded documentation, Steven Rostedt, (Mon Aug 4, 6:16 pm)