linux/block
James Bottomley 8df5fc042c [SCSI] bsg: fix oops on remove
If you do a modremove of any sas driver, you run into an oops on
shutdown when the host is removed (coming from the host bsg device).
The root cause seems to be that there's a use after free of the
bsg_class_device:  In bsg_kref_release_function, this is used (to do a
put_device(bcg->parent) after bcg->release has been called.  In sas (and
possibly many other things) bcd->release frees the queue which contains
the bsg_class_device, so we get a put_device on unreferenced memory.
Fix this by taking a copy of the pointer to the parent before releasing
bsg.

Acked-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2008-07-12 10:14:56 -05:00
..
as-iosched.c block: Fix the starving writes bug in the anticipatory IO scheduler 2008-07-01 09:06:42 +02:00
blk-barrier.c block: remove remaining __FUNCTION__ occurrences 2008-05-01 08:04:02 -07:00
blk-core.c block: Move the second call to get_request to the end of the loop 2008-05-28 14:49:27 +02:00
blk-exec.c
blk-ioc.c cfq-iosched: fix RCU race in the cfq io_context destructor handling 2008-05-07 09:28:57 +02:00
blk-map.c block: add dma alignment and padding support to blk_rq_map_kern 2008-04-29 09:50:34 +02:00
blk-merge.c block: get rid of likely/unlikely predictions in merge logic 2008-05-07 09:33:55 +02:00
blk-settings.c Remove blkdev warning triggered by using md 2008-05-14 19:11:15 -07:00
blk-sysfs.c block: sysfs store function needs to grab queue_lock and use queue_flag_*() 2008-05-07 09:09:39 +02:00
blk-tag.c block: adjust tagging function queue bit locking 2008-05-07 09:27:43 +02:00
blk.h block: rename and export rq_init() 2008-04-29 14:48:55 +02:00
blktrace.c block: disable IRQs until data is written to relay channel 2008-06-12 11:20:57 -07:00
bsg.c [SCSI] bsg: fix oops on remove 2008-07-12 10:14:56 -05:00
cfq-iosched.c cfq-iosched: fix RCU problem in cfq_cic_lookup() 2008-05-28 14:49:28 +02:00
compat_ioctl.c Fix misuses of bdevname() 2008-05-13 08:02:26 -07:00
deadline-iosched.c
elevator.c Added in elevator switch message to blktrace stream 2008-05-28 14:49:27 +02:00
genhd.c Fix invalid access errors in blk_lookup_devt 2008-06-09 10:06:24 -07:00
ioctl.c
Kconfig Kconfig: clean up block/Kconfig help descriptions 2008-04-21 09:51:04 +02:00
Kconfig.iosched
Makefile
noop-iosched.c
scsi_ioctl.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2008-05-02 13:52:35 -07:00