Commit 572ae685 authored by Pete Zaitcev's avatar Pete Zaitcev Committed by Chris Wright

[PATCH] USB: ub oops in block_uevent

In kernel 2.6.16, if a mounted storage device is removed, an oops happens
because ub supplies an interface device (and kobject) to the block layer,
but neglects to pin it. And apparently, the block layer expects its users
to pin device structures.

The code in ub was broken this way for years. But the bug was exposed only
by 2.6.16 when it started to call block_uevent on close, which traverses
device structures (kobjects actually).
Signed-off-by: default avatarPete Zaitcev <zaitcev@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: default avatarChris Wright <chrisw@sous-sol.org>
parent 3aa2b052
...@@ -704,6 +704,9 @@ static void ub_cleanup(struct ub_dev *sc) ...@@ -704,6 +704,9 @@ static void ub_cleanup(struct ub_dev *sc)
kfree(lun); kfree(lun);
} }
usb_set_intfdata(sc->intf, NULL);
usb_put_intf(sc->intf);
usb_put_dev(sc->dev);
kfree(sc); kfree(sc);
} }
...@@ -2428,7 +2431,12 @@ static int ub_probe(struct usb_interface *intf, ...@@ -2428,7 +2431,12 @@ static int ub_probe(struct usb_interface *intf,
// sc->ifnum = intf->cur_altsetting->desc.bInterfaceNumber; // sc->ifnum = intf->cur_altsetting->desc.bInterfaceNumber;
usb_set_intfdata(intf, sc); usb_set_intfdata(intf, sc);
usb_get_dev(sc->dev); usb_get_dev(sc->dev);
// usb_get_intf(sc->intf); /* Do we need this? */ /*
* Since we give the interface struct to the block level through
* disk->driverfs_dev, we have to pin it. Otherwise, block_uevent
* oopses on close after a disconnect (kernels 2.6.16 and up).
*/
usb_get_intf(sc->intf);
snprintf(sc->name, 12, DRV_NAME "(%d.%d)", snprintf(sc->name, 12, DRV_NAME "(%d.%d)",
sc->dev->bus->busnum, sc->dev->devnum); sc->dev->bus->busnum, sc->dev->devnum);
...@@ -2509,7 +2517,7 @@ static int ub_probe(struct usb_interface *intf, ...@@ -2509,7 +2517,7 @@ static int ub_probe(struct usb_interface *intf,
err_diag: err_diag:
err_dev_desc: err_dev_desc:
usb_set_intfdata(intf, NULL); usb_set_intfdata(intf, NULL);
// usb_put_intf(sc->intf); usb_put_intf(sc->intf);
usb_put_dev(sc->dev); usb_put_dev(sc->dev);
kfree(sc); kfree(sc);
err_core: err_core:
...@@ -2688,12 +2696,6 @@ static void ub_disconnect(struct usb_interface *intf) ...@@ -2688,12 +2696,6 @@ static void ub_disconnect(struct usb_interface *intf)
*/ */
device_remove_file(&sc->intf->dev, &dev_attr_diag); device_remove_file(&sc->intf->dev, &dev_attr_diag);
usb_set_intfdata(intf, NULL);
// usb_put_intf(sc->intf);
sc->intf = NULL;
usb_put_dev(sc->dev);
sc->dev = NULL;
ub_put(sc); ub_put(sc);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment