From: Martin Schwidefsky <schwidefsky@de.ibm.com>
To: linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>,
Sebastian Ott <sebott@linux.vnet.ibm.com>,
Martin Schwidefsky <schwidefsky@de.ibm.com>
Subject: [patch 07/34] cio: ensure to hold a reference for deferred deregistration
Date: Fri, 14 Aug 2009 13:25:24 +0200 [thread overview]
Message-ID: <20090814112614.182858276@de.ibm.com> (raw)
In-Reply-To: 20090814112517.982007860@de.ibm.com
[-- Attachment #1: 106-cio-deferred-deregistration.diff --]
[-- Type: text/plain, Size: 2533 bytes --]
From: Sebastian Ott <sebott@linux.vnet.ibm.com>
Ensure to always hold an extra device reference for scheduling a
subchannel deregistration, by moving the get_device to
ccw_device_schedule_sch_unregister. This fixes an use after free
error in ccw_device_call_sch_unregister where put_device was called
on an already freed device structure.
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
---
drivers/s390/cio/device.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
Index: quilt-2.6/drivers/s390/cio/device.c
===================================================================
--- quilt-2.6.orig/drivers/s390/cio/device.c
+++ quilt-2.6/drivers/s390/cio/device.c
@@ -333,15 +333,15 @@ ccw_device_remove_disconnected(struct cc
* Forced offline in disconnected state means
* 'throw away device'.
*/
- /* Get cdev reference for workqueue processing. */
- if (!get_device(&cdev->dev))
- return;
if (ccw_device_is_orphan(cdev)) {
/*
* Deregister ccw device.
* Unfortunately, we cannot do this directly from the
* attribute method.
*/
+ /* Get cdev reference for workqueue processing. */
+ if (!get_device(&cdev->dev))
+ return;
spin_lock_irqsave(cdev->ccwlock, flags);
cdev->private->state = DEV_STATE_NOT_OPER;
spin_unlock_irqrestore(cdev->ccwlock, flags);
@@ -1032,6 +1032,9 @@ static void ccw_device_call_sch_unregist
void ccw_device_schedule_sch_unregister(struct ccw_device *cdev)
{
+ /* Get cdev reference for workqueue processing. */
+ if (!get_device(&cdev->dev))
+ return;
PREPARE_WORK(&cdev->private->kick_work,
ccw_device_call_sch_unregister);
queue_work(slow_path_wq, &cdev->private->kick_work);
@@ -1052,9 +1055,6 @@ io_subchannel_recog_done(struct ccw_devi
/* Device did not respond in time. */
case DEV_STATE_NOT_OPER:
cdev->private->flags.recog_done = 1;
- /* Remove device found not operational. */
- if (!get_device(&cdev->dev))
- break;
ccw_device_schedule_sch_unregister(cdev);
if (atomic_dec_and_test(&ccw_device_init_count))
wake_up(&ccw_device_init_wq);
@@ -1565,8 +1565,6 @@ static int purge_fn(struct device *dev,
spin_unlock_irq(cdev->ccwlock);
if (!unreg)
goto out;
- if (!get_device(&cdev->dev))
- goto out;
CIO_MSG_EVENT(3, "ccw: purging 0.%x.%04x\n", priv->dev_id.ssid,
priv->dev_id.devno);
ccw_device_schedule_sch_unregister(cdev);
--
blue skies,
Martin.
"Reality continues to ruin my life." - Calvin.
next prev parent reply other threads:[~2009-08-14 11:25 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-14 11:25 [patch 00/34] s390 patch queue for the merge window of 2.6.32 Martin Schwidefsky
2009-08-14 11:25 ` [patch 01/34] cio: fix ineffective verify event Martin Schwidefsky
2009-08-14 11:25 ` [patch 02/34] cio: move scsw helper functions to header file Martin Schwidefsky
2009-08-14 11:25 ` [patch 03/34] cio: consolidate subchannel intparm reset Martin Schwidefsky
2009-08-14 11:25 ` [patch 04/34] cio: fix not oper handling after failed line processing Martin Schwidefsky
2009-08-14 11:25 ` [patch 05/34] cio: fix double free after failed device initialization Martin Schwidefsky
2009-08-14 11:25 ` [patch 06/34] qdio: continue polling if the queue is not finished Martin Schwidefsky
2009-08-14 11:25 ` Martin Schwidefsky [this message]
2009-08-14 11:25 ` [patch 08/34] qdio: remove limited number of debugfs entries Martin Schwidefsky
2009-08-14 11:25 ` [patch 09/34] dasd: fail requests when device state is less then ready Martin Schwidefsky
2009-08-14 11:25 ` [patch 10/34] dasd: optimize cpu usage in goodcase Martin Schwidefsky
2009-08-14 11:25 ` [patch 11/34] dasd: fix message naming Martin Schwidefsky
2009-08-14 11:25 ` [patch 12/34] drivers/s390: put NULL test before dereference Martin Schwidefsky
2009-08-14 11:25 ` [patch 13/34] introduce get_clock_monotonic Martin Schwidefsky
2009-08-14 11:25 ` [patch 14/34] convert/optimize csum_fold() to C Martin Schwidefsky
2009-08-14 11:25 ` [patch 15/34] improve mcount code Martin Schwidefsky
2009-08-14 11:25 ` [patch 16/34] atomic ops: add effecient atomic64 support for 31 bit Martin Schwidefsky
2009-08-14 11:25 ` [patch 17/34] atomic ops: small cleanups Martin Schwidefsky
2009-08-14 11:25 ` [patch 18/34] hibernation: remove dead file Martin Schwidefsky
2009-08-14 11:25 ` [patch 19/34] hibernation: merge files and move to kernel/ Martin Schwidefsky
2009-08-14 11:25 ` [patch 20/34] proper use of device register Martin Schwidefsky
2009-08-14 11:25 ` [patch 21/34] tape: use init_timer_on_stack() rather than init_timer() Martin Schwidefsky
2009-08-14 11:25 ` [patch 22/34] kernel: Append scpdata to kernel boot command line Martin Schwidefsky
2009-08-14 11:25 ` [patch 23/34] kernel: Convert upper case scpdata to lower case Martin Schwidefsky
2009-08-14 11:25 ` [patch 24/34] move (io|sysc)_restore_trace_psw into .data section Martin Schwidefsky
2009-08-14 11:25 ` [patch 25/34] Use macros for .data.page_aligned Martin Schwidefsky
2009-08-14 11:25 ` [patch 26/34] clean up linker script using new linker script macros Martin Schwidefsky
2009-08-14 11:25 ` [patch 27/34] kernel: always keep machine flags in lowcore Martin Schwidefsky
2009-08-14 11:25 ` [patch 28/34] remove unused irq_cpustat_t defintion Martin Schwidefsky
2009-08-14 11:25 ` [patch 29/34] add call home support Martin Schwidefsky
2009-08-14 11:25 ` [patch 30/34] hypfs: remove useless variable qname Martin Schwidefsky
2009-08-14 11:25 ` [patch 31/34] vmur: Invalid allocation sequence for vmur class Martin Schwidefsky
2009-08-14 11:25 ` [patch 32/34] xpram: Remove checksum validation for suspend/resume Martin Schwidefsky
2009-08-14 11:25 ` [patch 33/34] zcrypt: Use spin_lock_bh in suspend callback Martin Schwidefsky
2009-08-14 11:25 ` [patch 34/34] kernel: Set preferred s390 console based on conmode Martin Schwidefsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090814112614.182858276@de.ibm.com \
--to=schwidefsky@de.ibm.com \
--cc=heiko.carstens@de.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=sebott@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).