From: Stephen M. Cameron Date: Thu, 17 Sep 2009 18:47:50 +0000 (-0500) Subject: cciss: Fix excessive gendisk freeing bug on driver unload. X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2c935593ac1871211b43a54f023dc3bc605ad346;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git cciss: Fix excessive gendisk freeing bug on driver unload. Fix bug that free_hba was calling put_disk for all gendisk[] pointers -- all 1024 of them -- regardless of whether the were used or not (NULL). This bug could cause rmmod to oops if logical drives had been deleted during the driver's lifetime. Signed-off-by: Stephen M. Cameron Signed-off-by: Jens Axboe --- diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c index 0a3c057c7785..3a6ca7de4c93 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c @@ -3893,15 +3893,16 @@ Enomem: return -1; } -static void free_hba(int i) +static void free_hba(int n) { - ctlr_info_t *p = hba[i]; - int n; + ctlr_info_t *h = hba[n]; + int i; - hba[i] = NULL; - for (n = 0; n < CISS_MAX_LUN; n++) - put_disk(p->gendisk[n]); - kfree(p); + hba[n] = NULL; + for (i = 0; i < h->highest_lun + 1; i++) + if (h->gendisk[i] != NULL) + put_disk(h->gendisk[i]); + kfree(h); } /* Send a message CDB to the firmware. */