rpms/kernel/devel kernel.spec, 1.453, 1.454 linux-2.6-firewire-git-pending.patch, 1.6, 1.7
Jarod Wilson (jwilson)
fedora-extras-commits at redhat.com
Wed Feb 27 04:42:18 UTC 2008
Author: jwilson
Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6812
Modified Files:
kernel.spec linux-2.6-firewire-git-pending.patch
Log Message:
* Tue Feb 26 2008 Jarod Wilson <jwilson at redhat.com>
- firewire-sbp2: fix refcounting bug that prevented module unload
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.453
retrieving revision 1.454
diff -u -r1.453 -r1.454
--- kernel.spec 26 Feb 2008 20:33:43 -0000 1.453
+++ kernel.spec 27 Feb 2008 04:41:28 -0000 1.454
@@ -1733,6 +1733,9 @@
%kernel_variant_files -a /%{image_install_path}/xen*-%{KVERREL} -e /etc/ld.so.conf.d/kernelcap-%{KVERREL}.conf %{with_xen} xen
%changelog
+* Tue Feb 26 2008 Jarod Wilson <jwilson at redhat.com>
+- firewire-sbp2: fix refcounting bug that prevented module unload
+
* Tue Feb 26 2008 Dave Jones <davej at redhat.com>
- 2.6.25-rc3-git1
linux-2.6-firewire-git-pending.patch:
Index: linux-2.6-firewire-git-pending.patch
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/linux-2.6-firewire-git-pending.patch,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- linux-2.6-firewire-git-pending.patch 25 Feb 2008 22:32:56 -0000 1.6
+++ linux-2.6-firewire-git-pending.patch 27 Feb 2008 04:41:28 -0000 1.7
@@ -132,6 +132,156 @@
http://arcgraph.de/sr/
+Patch "firewire: fw-sbp2: fix NULL pointer deref. in scsi_remove_device"
+had the unintended effect that firewire-sbp2 could not be unloaded
+anymore until all SBP-2 devices were unplugged.
+
+We now fix the NULL pointer bug by reacquiring a reference to the sdev
+instead of holding a reference to the sdev (and to the module) all the
+time.
+
+Signed-off-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
+---
+
+This applies on top of current linux-2.6.git master as well as on top of
+linux1394-2.6.git master.
+
+
+ drivers/firewire/fw-sbp2.c | 46 +++++++++++++++++++++----------------
+ 1 file changed, 27 insertions(+), 19 deletions(-)
+
+Index: linux/drivers/firewire/fw-sbp2.c
+===================================================================
+--- linux.orig/drivers/firewire/fw-sbp2.c
++++ linux/drivers/firewire/fw-sbp2.c
+@@ -122,7 +122,6 @@ static const char sbp2_driver_name[] = "
+ struct sbp2_logical_unit {
+ struct sbp2_target *tgt;
+ struct list_head link;
+- struct scsi_device *sdev;
+ struct fw_address_handler address_handler;
+ struct list_head orb_list;
+
+@@ -139,6 +138,7 @@ struct sbp2_logical_unit {
+ int generation;
+ int retries;
+ struct delayed_work work;
++ bool has_sdev;
+ bool blocked;
+ };
+
+@@ -751,20 +751,33 @@ static void sbp2_unblock(struct sbp2_tar
+ scsi_unblock_requests(shost);
+ }
+
++static int sbp2_lun2int(u16 lun)
++{
++ struct scsi_lun eight_bytes_lun;
++
++ memset(&eight_bytes_lun, 0, sizeof(eight_bytes_lun));
++ eight_bytes_lun.scsi_lun[0] = (lun >> 8) & 0xff;
++ eight_bytes_lun.scsi_lun[1] = lun & 0xff;
++
++ return scsilun_to_int(&eight_bytes_lun);
++}
++
+ static void sbp2_release_target(struct kref *kref)
+ {
+ struct sbp2_target *tgt = container_of(kref, struct sbp2_target, kref);
+ struct sbp2_logical_unit *lu, *next;
+ struct Scsi_Host *shost =
+ container_of((void *)tgt, struct Scsi_Host, hostdata[0]);
++ struct scsi_device *sdev;
+
+ /* prevent deadlocks */
+ sbp2_unblock(tgt);
+
+ list_for_each_entry_safe(lu, next, &tgt->lu_list, link) {
+- if (lu->sdev) {
+- scsi_remove_device(lu->sdev);
+- scsi_device_put(lu->sdev);
++ sdev = scsi_device_lookup(shost, 0, 0, sbp2_lun2int(lu->lun));
++ if (sdev) {
++ scsi_remove_device(sdev);
++ scsi_device_put(sdev);
+ }
+ sbp2_send_management_orb(lu, tgt->node_id, lu->generation,
+ SBP2_LOGOUT_REQUEST, lu->login_id, NULL);
+@@ -807,7 +820,6 @@ static void sbp2_login(struct work_struc
+ struct fw_device *device = fw_device(tgt->unit->device.parent);
+ struct Scsi_Host *shost;
+ struct scsi_device *sdev;
+- struct scsi_lun eight_bytes_lun;
+ struct sbp2_login_response response;
+ int generation, node_id, local_node_id;
+
+@@ -820,7 +832,7 @@ static void sbp2_login(struct work_struc
+ local_node_id = device->card->node_id;
+
+ /* If this is a re-login attempt, log out, or we might be rejected. */
+- if (lu->sdev)
++ if (lu->has_sdev)
+ sbp2_send_management_orb(lu, device->node_id, generation,
+ SBP2_LOGOUT_REQUEST, lu->login_id, NULL);
+
+@@ -859,7 +871,7 @@ static void sbp2_login(struct work_struc
+ sbp2_agent_reset(lu);
+
+ /* This was a re-login. */
+- if (lu->sdev) {
++ if (lu->has_sdev) {
+ sbp2_cancel_orbs(lu);
+ sbp2_conditionally_unblock(lu);
+ goto out;
+@@ -868,13 +880,8 @@ static void sbp2_login(struct work_struc
+ if (lu->tgt->workarounds & SBP2_WORKAROUND_DELAY_INQUIRY)
+ ssleep(SBP2_INQUIRY_DELAY);
+
+- memset(&eight_bytes_lun, 0, sizeof(eight_bytes_lun));
+- eight_bytes_lun.scsi_lun[0] = (lu->lun >> 8) & 0xff;
+- eight_bytes_lun.scsi_lun[1] = lu->lun & 0xff;
+ shost = container_of((void *)tgt, struct Scsi_Host, hostdata[0]);
+-
+- sdev = __scsi_add_device(shost, 0, 0,
+- scsilun_to_int(&eight_bytes_lun), lu);
++ sdev = __scsi_add_device(shost, 0, 0, sbp2_lun2int(lu->lun), lu);
+ /*
+ * FIXME: We are unable to perform reconnects while in sbp2_login().
+ * Therefore __scsi_add_device() will get into trouble if a bus reset
+@@ -896,7 +903,8 @@ static void sbp2_login(struct work_struc
+ }
+
+ /* No error during __scsi_add_device() */
+- lu->sdev = sdev;
++ lu->has_sdev = true;
++ scsi_device_put(sdev);
+ sbp2_allow_block(lu);
+ goto out;
+
+@@ -934,11 +942,11 @@ static int sbp2_add_logical_unit(struct
+ return -ENOMEM;
+ }
+
+- lu->tgt = tgt;
+- lu->sdev = NULL;
+- lu->lun = lun_entry & 0xffff;
+- lu->retries = 0;
+- lu->blocked = false;
++ lu->tgt = tgt;
++ lu->lun = lun_entry & 0xffff;
++ lu->retries = 0;
++ lu->has_sdev = false;
++ lu->blocked = false;
+ ++tgt->dont_block;
+ INIT_LIST_HEAD(&lu->orb_list);
+ INIT_DELAYED_WORK(&lu->work, sbp2_login);
+
+--
+Stefan Richter
+-=====-==--- --=- ==-=-
+http://arcgraph.de/sr/
+
+
The bus management workqueue job was in danger to dereference NULL
pointers. Also, after having temporarily lifted card->lock, a few node
pointers and a device pointer may have become invalid.
@@ -370,12 +520,17 @@
Signed-off-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
---
+
+Update: Refreshed to be applicable after patch "firewire: fw-sbp2:
+better fix for NULL pointer dereference in scsi_remove_device".
+
+
drivers/firewire/fw-card.c | 10 +++++++++-
drivers/firewire/fw-device.c | 21 ++++++---------------
drivers/firewire/fw-device.h | 16 ++++++++++++++--
- drivers/firewire/fw-sbp2.c | 4 ++++
+ drivers/firewire/fw-sbp2.c | 3 +++
drivers/firewire/fw-transaction.h | 2 ++
- 5 files changed, 35 insertions(+), 18 deletions(-)
+ 5 files changed, 34 insertions(+), 18 deletions(-)
Index: linux/drivers/firewire/fw-card.c
===================================================================
@@ -475,23 +630,15 @@
===================================================================
--- linux.orig/drivers/firewire/fw-sbp2.c
+++ linux/drivers/firewire/fw-sbp2.c
-@@ -757,6 +757,7 @@ static void sbp2_release_target(struct k
- struct sbp2_logical_unit *lu, *next;
- struct Scsi_Host *shost =
- container_of((void *)tgt, struct Scsi_Host, hostdata[0]);
-+ struct fw_device *device = fw_device(tgt->unit->device.parent);
-
- /* prevent deadlocks */
- sbp2_unblock(tgt);
-@@ -778,6 +779,7 @@ static void sbp2_release_target(struct k
+@@ -791,6 +791,7 @@ static void sbp2_release_target(struct k
put_device(&tgt->unit->device);
scsi_host_put(shost);
-+ fw_device_put(device);
++ fw_device_put(fw_device(tgt->unit->device.parent));
}
static struct workqueue_struct *sbp2_wq;
-@@ -1080,6 +1082,8 @@ static int sbp2_probe(struct device *dev
+@@ -1088,6 +1089,8 @@ static int sbp2_probe(struct device *dev
if (scsi_add_host(shost, &unit->device) < 0)
goto fail_shost_put;
@@ -551,7 +698,7 @@
--
Stefan Richter
--=====-==--- --=- ==---
+-=====-==--- --=- ==-=-
http://arcgraph.de/sr/
@@ -805,16 +952,16 @@
===================================================================
--- linux.orig/drivers/firewire/fw-sbp2.c
+++ linux/drivers/firewire/fw-sbp2.c
-@@ -777,7 +777,7 @@ static void sbp2_release_target(struct k
+@@ -789,7 +789,7 @@ static void sbp2_release_target(struct k
scsi_remove_host(shost);
fw_notify("released %s\n", tgt->bus_id);
- put_device(&tgt->unit->device);
+ fw_unit_put(tgt->unit);
scsi_host_put(shost);
- fw_device_put(device);
+ fw_device_put(fw_device(tgt->unit->device.parent));
}
-@@ -1083,7 +1083,7 @@ static int sbp2_probe(struct device *dev
+@@ -1090,7 +1090,7 @@ static int sbp2_probe(struct device *dev
goto fail_shost_put;
fw_device_get(device);
@@ -823,10 +970,3 @@
/* Initialize to values that won't match anything in our table. */
firmware_revision = 0xff000000;
-
---
-Stefan Richter
--=====-==--- --=- ==---
-http://arcgraph.de/sr/
-
-
More information about the fedora-extras-commits
mailing list