The following commit causes ch_remove oops:

commit 24b42566c3
Author: Greg Kroah-Hartman <gregkh@suse.de>
Date:   Fri May 16 17:55:12 2008 -0700

    SCSI: fix race in device_create

    There is a race from when a device is created with device_create() and
    then the drvdata is set with a call to dev_set_drvdata() in which a
    sysfs file could be open, yet the drvdata will be NULL, causing all
    sorts of bad things to happen.

    This patch fixes the problem by using the new function,
    device_create_drvdata().  It fixes the problem in all of the scsi
    drivers that need it.

    Cc: Kay Sievers <kay.sievers@vrfy.org>
    Cc: Doug Gilbert <dgilbert@interlog.com>
    Cc: James E.J. Bottomley <James.Bottomley@HansenPartnership.com>
    Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

The problem is ch_probe stores ch's private data at a wrong place.

We need to store it at scsi_device->sdev_gendev but the above patch
stores it at device struct that device_create_drvdata returns. So we
hit an oops when ch_remove accesses
scsi_device->sdev_gendev->driver_data, which is NULL.

Actually, there wasn't a race because ch doesn't create sysfs files
with device struct that device_create returns. This patch puts back
dev_set_drvdata() to set ch's private data properly.

Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
This commit is contained in:
FUJITA Tomonori 2008-07-26 23:25:43 +09:00 коммит произвёл James Bottomley
Родитель 3dabec7175
Коммит 3d164fb09b
1 изменённых файлов: 1 добавлений и 0 удалений

Просмотреть файл

@ -930,6 +930,7 @@ static int ch_probe(struct device *dev)
if (init) if (init)
ch_init_elem(ch); ch_init_elem(ch);
dev_set_drvdata(dev, ch);
sdev_printk(KERN_INFO, sd, "Attached scsi changer %s\n", ch->name); sdev_printk(KERN_INFO, sd, "Attached scsi changer %s\n", ch->name);
return 0; return 0;