[PATCH] Fix reference to deallocated memory in sd.c

This patch: http://linux-scsi.bkbits.net:8080/scsi-for-linus-2.6/cset@1.2034.95.5?nav=index.html|src/|src/drivers|src/drivers/scsi|related/drivers/scsi/sd.c is causing almost as much trouble as it fixed. If kref_put() drops the last reference to the scsi_disk (this happens when the device file is closed after the device has been hot-unplugged) then the call to scsi_device_put() will take its argument from an area of memory that has been deallocated. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>

[PATCH] Fix reference to deallocated memory in sd.c
This patch: http://linux-scsi.bkbits.net:8080/scsi-for-linus-2.6/cset@1.2034.95.5?nav=index.html|src/|src/drivers|src/drivers/scsi|related/drivers/scsi/sd.c is causing almost as much trouble as it fixed. If kref_put() drops the last reference to the scsi_disk (this happens when the device file is closed after the device has been hot-unplugged) then the call to scsi_device_put() will take its argument from an area of memory that has been deallocated. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
aa545c84 · Alan Stern · James Bottomley · 13b86343 · aa545c84
Commit aa545c84 authored Jan 17, 2005 by Alan Stern Committed by James Bottomley Jan 17, 2005
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

drivers/scsi/sd.c drivers/scsi/sd.c +3 -1

No files found.
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -197,9 +197,11 @@ static struct scsi_disk *scsi_disk_get(struct gendisk *disk)

 static void scsi_disk_put(struct scsi_disk *sdkp)
 {
+	struct scsi_device *sdev = sdkp->device;
+
 	down(&sd_ref_sem);
 	kref_put(&sdkp->kref, scsi_disk_release);
-	scsi_device_put(sdkp->device);
+	scsi_device_put(sdev);
 	up(&sd_ref_sem);
 }