| From 6a0990eaa768dfb7064f06777743acc6d392084b Mon Sep 17 00:00:00 2001 |
| From: Bart Van Assche <bvanassche@acm.org> |
| Date: Wed, 9 Oct 2019 10:35:36 -0700 |
| Subject: scsi: ch: Make it possible to open a ch device multiple times again |
| |
| From: Bart Van Assche <bvanassche@acm.org> |
| |
| commit 6a0990eaa768dfb7064f06777743acc6d392084b upstream. |
| |
| Clearing ch->device in ch_release() is wrong because that pointer must |
| remain valid until ch_remove() is called. This patch fixes the following |
| crash the second time a ch device is opened: |
| |
| BUG: kernel NULL pointer dereference, address: 0000000000000790 |
| RIP: 0010:scsi_device_get+0x5/0x60 |
| Call Trace: |
| ch_open+0x4c/0xa0 [ch] |
| chrdev_open+0xa2/0x1c0 |
| do_dentry_open+0x13a/0x380 |
| path_openat+0x591/0x1470 |
| do_filp_open+0x91/0x100 |
| do_sys_open+0x184/0x220 |
| do_syscall_64+0x5f/0x1a0 |
| entry_SYSCALL_64_after_hwframe+0x44/0xa9 |
| |
| Fixes: 085e56766f74 ("scsi: ch: add refcounting") |
| Cc: Hannes Reinecke <hare@suse.de> |
| Cc: <stable@vger.kernel.org> |
| Link: https://lore.kernel.org/r/20191009173536.247889-1-bvanassche@acm.org |
| Reported-by: Rob Turk <robtu@rtist.nl> |
| Suggested-by: Rob Turk <robtu@rtist.nl> |
| Signed-off-by: Bart Van Assche <bvanassche@acm.org> |
| Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/scsi/ch.c | 1 - |
| 1 file changed, 1 deletion(-) |
| |
| --- a/drivers/scsi/ch.c |
| +++ b/drivers/scsi/ch.c |
| @@ -578,7 +578,6 @@ ch_release(struct inode *inode, struct f |
| scsi_changer *ch = file->private_data; |
| |
| scsi_device_put(ch->device); |
| - ch->device = NULL; |
| file->private_data = NULL; |
| kref_put(&ch->ref, ch_destroy); |
| return 0; |