From 89f5e1f2f13b1079b8d7ff7d3ade345b7ad7c009 Mon Sep 17 00:00:00 2001 From: Boaz Harrosh Date: Mon, 16 Nov 2009 20:44:02 +0200 Subject: [PATCH] [SCSI] osduld: Ref-counting bug fix If scsi has released the device (logout), and exofs has last reference on the osduld_device it will be freed by osd_uld_release() within the call to fput(). But this will oops in cdev_release() which is called after the fops->release. (cdev is embedded within osduld_device). __uld_get/put pair makes sure we have a cdev for the duration of fput() Signed-off-by: Boaz Harrosh Signed-off-by: James Bottomley --- drivers/scsi/osd/osd_uld.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/scsi/osd/osd_uld.c b/drivers/scsi/osd/osd_uld.c index 0bdef33..1ea6447 100644 --- a/drivers/scsi/osd/osd_uld.c +++ b/drivers/scsi/osd/osd_uld.c @@ -224,7 +224,15 @@ void osduld_put_device(struct osd_dev *od) BUG_ON(od->scsi_device != oud->od.scsi_device); + /* If scsi has released the device (logout), and exofs has last + * reference on oud it will be freed by above osd_uld_release + * within fput below. But this will oops in cdev_release which + * is called after the fops->release. __uld_get/put pair makes + * sure we have a cdev for the duration of fput + */ + __uld_get(oud); fput(od->file); + __uld_put(oud); kfree(od); } } -- 1.8.2.3