From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>, Willy Tarreau <w@1wt.eu>,
Rodrigo Rubira Branco <rbranco@la.checkpoint.com>,
Jake Edge <jake@lwn.net>, Eugene Teo <eteo@redhat.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk,
FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>,
James Bottomley <James.Bottomley@HansenPartnership.com>
Subject: [patch 11/25] SCSI: ch: fix ch_remove oops
Date: Mon, 4 Aug 2008 14:30:20 -0700 [thread overview]
Message-ID: <20080804213020.GK8014@suse.de> (raw)
In-Reply-To: <20080804212725.GA7944@suse.de>
[-- Attachment #1: scsi-ch-fix-ch_remove-oops.patch --]
[-- Type: text/plain, Size: 2050 bytes --]
2.6.26-stable review patch. If anyone has any objections, please let us
know.
------------------
From: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
commit 3d164fb09bb5cb8a223eddf634fc0d355714fcfe upstream.
The following commit causes ch_remove oops:
commit 24b42566c3fcbb5a9011d1446783d0f5844ccd45
Author: Greg Kroah-Hartman <gregkh@suse.de>
Date: Fri May 16 17:55:12 2008 -0700
SCSI: fix race in device_create
There is a race from when a device is created with device_create() and
then the drvdata is set with a call to dev_set_drvdata() in which a
sysfs file could be open, yet the drvdata will be NULL, causing all
sorts of bad things to happen.
This patch fixes the problem by using the new function,
device_create_drvdata(). It fixes the problem in all of the scsi
drivers that need it.
Cc: Kay Sievers <kay.sievers@vrfy.org>
Cc: Doug Gilbert <dgilbert@interlog.com>
Cc: James E.J. Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The problem is ch_probe stores ch's private data at a wrong place.
We need to store it at scsi_device->sdev_gendev but the above patch
stores it at device struct that device_create_drvdata returns. So we
hit an oops when ch_remove accesses
scsi_device->sdev_gendev->driver_data, which is NULL.
Actually, there wasn't a race because ch doesn't create sysfs files
with device struct that device_create returns. This patch puts back
dev_set_drvdata() to set ch's private data properly.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/scsi/ch.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/scsi/ch.c
+++ b/drivers/scsi/ch.c
@@ -926,6 +926,7 @@ static int ch_probe(struct device *dev)
if (init)
ch_init_elem(ch);
+ dev_set_drvdata(dev, ch);
sdev_printk(KERN_INFO, sd, "Attached scsi changer %s\n", ch->name);
return 0;
--
next prev parent reply other threads:[~2008-08-04 21:39 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20080804203506.816201392@mini.kroah.org>
2008-08-04 21:27 ` [patch 00/25] 2.6.26-stable review Greg KH
2008-08-04 21:29 ` [patch 01/25] ftrace: remove unneeded documentation Greg KH
2008-08-04 21:42 ` Steven Rostedt
2008-08-04 21:46 ` Greg KH
2008-08-04 22:16 ` Steven Rostedt
2008-08-04 21:49 ` Randy Dunlap
2008-08-04 22:02 ` Steven Rostedt
2008-08-04 22:06 ` Randy Dunlap
2008-08-04 21:29 ` [patch 02/25] romfs_readpage: dont report errors for pages beyond i_size Greg KH
2008-08-04 21:29 ` [patch 03/25] netfilter: nf_nat_sip: c= is optional for session Greg KH
2008-08-04 21:29 ` [patch 04/25] SCSI: bsg: fix bsg_mutex hang with device removal Greg KH
2008-08-04 21:29 ` [patch 05/25] x86: idle process - add checking for NULL early param Greg KH
2008-08-04 21:29 ` [patch 06/25] x86: io delay " Greg KH
2008-08-04 21:29 ` [patch 07/25] Close race in md_probe Greg KH
2008-08-04 21:30 ` [patch 08/25] Kprobe smoke test lockdep warning Greg KH
2008-08-04 21:30 ` [patch 09/25] netfilter: xt_time: fix times time_mt()s use of do_div() Greg KH
2008-08-04 21:30 ` [patch 10/25] linear: correct disk numbering error check Greg KH
2008-08-04 21:30 ` Greg KH [this message]
2008-08-04 21:30 ` [patch 12/25] NFS: Ensure we zap only the access and acl caches when setting new acls Greg KH
2008-08-04 21:30 ` [patch 13/25] jbd: fix race between free buffer and commit transaction Greg KH
2008-08-04 21:30 ` [patch 14/25] Input: i8042 - add Intel D845PESV to nopnp list Greg KH
2008-08-04 21:30 ` [patch 15/25] Input: i8042 - add Gericom Bellagio to nomux blacklist Greg KH
2008-08-04 21:30 ` [patch 16/25] Input: i8042 - add Acer Aspire 1360 " Greg KH
2008-08-04 21:30 ` [patch 17/25] Bluetooth: Signal user-space for HIDP and BNEP socket errors Greg KH
2008-08-04 21:30 ` [patch 18/25] Add compat handler for PTRACE_GETSIGINFO Greg KH
2008-08-04 21:30 ` [patch 19/25] ALSA: hda - Fix wrong volumes in AD1988 auto-probe mode Greg KH
2008-08-04 21:30 ` [patch 20/25] ALSA: hda - Fix DMA position inaccuracy Greg KH
2008-08-04 21:30 ` [patch 21/25] ALSA: hda - Add missing Thinkpad Z60m support Greg KH
2008-08-04 21:30 ` [patch 22/25] ALSA: emu10k1 - Fix inverted Analog/Digital mixer switch on Audigy2 Greg KH
2008-08-04 21:30 ` [patch 23/25] vfs: fix lookup on deleted directory Greg KH
2008-08-04 21:30 ` [patch 24/25] Ath5k: fix memory corruption Greg KH
2008-08-04 21:30 ` [patch 25/25] Ath5k: kill tasklets on shutdown Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080804213020.GK8014@suse.de \
--to=gregkh@suse.de \
--cc=James.Bottomley@HansenPartnership.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=eteo@redhat.com \
--cc=fujita.tomonori@lab.ntt.co.jp \
--cc=jake@lwn.net \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rbranco@la.checkpoint.com \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=w@1wt.eu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox