From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>, Willy Tarreau <w@1wt.eu>,
Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
Jake Edge <jake@lwn.net>, Eugene Teo <eteo@redhat.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk,
FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>,
James Bottomley <James.Bottomley@HansenPartnership.com>
Subject: [patch 11/25] SCSI: ch: fix ch_remove oops
Date: Mon, 4 Aug 2008 14:30:20 -0700 [thread overview]
Message-ID: <20080804213020.GK8014@suse.de> (raw)
In-Reply-To: <20080804212725.GA7944@suse.de>
[-- Attachment #1: scsi-ch-fix-ch_remove-oops.patch --]
[-- Type: text/plain, Size: 2050 bytes --]
2.6.26-stable review patch. If anyone has any objections, please let us
know.
------------------
From: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
commit 3d164fb09bb5cb8a223eddf634fc0d355714fcfe upstream.
The following commit causes ch_remove oops:
commit 24b42566c3fcbb5a9011d1446783d0f5844ccd45
Author: Greg Kroah-Hartman <gregkh@suse.de>
Date: Fri May 16 17:55:12 2008 -0700
SCSI: fix race in device_create
There is a race from when a device is created with device_create() and
then the drvdata is set with a call to dev_set_drvdata() in which a
sysfs file could be open, yet the drvdata will be NULL, causing all
sorts of bad things to happen.
This patch fixes the problem by using the new function,
device_create_drvdata(). It fixes the problem in all of the scsi
drivers that need it.
Cc: Kay Sievers <kay.sievers@vrfy.org>
Cc: Doug Gilbert <dgilbert@interlog.com>
Cc: James E.J. Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The problem is ch_probe stores ch's private data at a wrong place.
We need to store it at scsi_device->sdev_gendev but the above patch
stores it at device struct that device_create_drvdata returns. So we
hit an oops when ch_remove accesses
scsi_device->sdev_gendev->driver_data, which is NULL.
Actually, there wasn't a race because ch doesn't create sysfs files
with device struct that device_create returns. This patch puts back
dev_set_drvdata() to set ch's private data properly.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/scsi/ch.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/scsi/ch.c
+++ b/drivers/scsi/ch.c
@@ -926,6 +926,7 @@ static int ch_probe(struct device *dev)
if (init)
ch_init_elem(ch);
+ dev_set_drvdata(dev, ch);
sdev_printk(KERN_INFO, sd, "Attached scsi changer %s\n", ch->name);
return 0;
--
next prev parent reply other threads:[~2008-08-04 21:39 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080804203506.816201392@mini.kroah.org>
2008-08-04 21:27 ` [patch 00/25] 2.6.26-stable review Greg KH
2008-08-04 21:29 ` [patch 01/25] ftrace: remove unneeded documentation Greg KH
2008-08-04 21:42 ` Steven Rostedt
2008-08-04 21:46 ` Greg KH
2008-08-04 22:16 ` Steven Rostedt
2008-08-04 21:49 ` Randy Dunlap
2008-08-04 22:02 ` Steven Rostedt
2008-08-04 22:06 ` Randy Dunlap
2008-08-04 21:29 ` [patch 02/25] romfs_readpage: dont report errors for pages beyond i_size Greg KH
2008-08-04 21:29 ` [patch 03/25] netfilter: nf_nat_sip: c= is optional for session Greg KH
2008-08-04 21:29 ` [patch 04/25] SCSI: bsg: fix bsg_mutex hang with device removal Greg KH
2008-08-04 21:29 ` [patch 05/25] x86: idle process - add checking for NULL early param Greg KH
2008-08-04 21:29 ` [patch 06/25] x86: io delay " Greg KH
2008-08-04 21:29 ` [patch 07/25] Close race in md_probe Greg KH
2008-08-04 21:30 ` [patch 08/25] Kprobe smoke test lockdep warning Greg KH
2008-08-04 21:30 ` [patch 09/25] netfilter: xt_time: fix times time_mt()s use of do_div() Greg KH
2008-08-04 21:30 ` [patch 10/25] linear: correct disk numbering error check Greg KH
2008-08-04 21:30 ` Greg KH [this message]
2008-08-04 21:30 ` [patch 12/25] NFS: Ensure we zap only the access and acl caches when setting new acls Greg KH
2008-08-04 21:30 ` [patch 13/25] jbd: fix race between free buffer and commit transaction Greg KH
2008-08-04 21:30 ` [patch 14/25] Input: i8042 - add Intel D845PESV to nopnp list Greg KH
2008-08-04 21:30 ` [patch 15/25] Input: i8042 - add Gericom Bellagio to nomux blacklist Greg KH
2008-08-04 21:30 ` [patch 16/25] Input: i8042 - add Acer Aspire 1360 " Greg KH
2008-08-04 21:30 ` [patch 17/25] Bluetooth: Signal user-space for HIDP and BNEP socket errors Greg KH
2008-08-04 21:30 ` [patch 18/25] Add compat handler for PTRACE_GETSIGINFO Greg KH
2008-08-04 21:30 ` [patch 19/25] ALSA: hda - Fix wrong volumes in AD1988 auto-probe mode Greg KH
2008-08-04 21:30 ` [patch 20/25] ALSA: hda - Fix DMA position inaccuracy Greg KH
2008-08-04 21:30 ` [patch 21/25] ALSA: hda - Add missing Thinkpad Z60m support Greg KH
2008-08-04 21:30 ` [patch 22/25] ALSA: emu10k1 - Fix inverted Analog/Digital mixer switch on Audigy2 Greg KH
2008-08-04 21:30 ` [patch 23/25] vfs: fix lookup on deleted directory Greg KH
2008-08-04 21:30 ` [patch 24/25] Ath5k: fix memory corruption Greg KH
2008-08-04 21:30 ` [patch 25/25] Ath5k: kill tasklets on shutdown Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080804213020.GK8014@suse.de \
--to=gregkh@suse.de \
--cc=James.Bottomley@HansenPartnership.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=eteo@redhat.com \
--cc=fujita.tomonori@lab.ntt.co.jp \
--cc=jake@lwn.net \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rbranco@la.checkpoint.com \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=w@1wt.eu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.