From: Boaz Harrosh Date: Mon, 16 Nov 2009 18:44:02 +0000 (+0200) Subject: [SCSI] osduld: Ref-counting bug fix X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=89f5e1f2f13b1079b8d7ff7d3ade345b7ad7c009;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git [SCSI] osduld: Ref-counting bug fix If scsi has released the device (logout), and exofs has last reference on the osduld_device it will be freed by osd_uld_release() within the call to fput(). But this will oops in cdev_release() which is called after the fops->release. (cdev is embedded within osduld_device). __uld_get/put pair makes sure we have a cdev for the duration of fput() Signed-off-by: Boaz Harrosh Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/osd/osd_uld.c b/drivers/scsi/osd/osd_uld.c index 0bdef3390902..1ea6447f9418 100644 --- a/drivers/scsi/osd/osd_uld.c +++ b/drivers/scsi/osd/osd_uld.c @@ -224,7 +224,15 @@ void osduld_put_device(struct osd_dev *od) BUG_ON(od->scsi_device != oud->od.scsi_device); + /* If scsi has released the device (logout), and exofs has last + * reference on oud it will be freed by above osd_uld_release + * within fput below. But this will oops in cdev_release which + * is called after the fops->release. __uld_get/put pair makes + * sure we have a cdev for the duration of fput + */ + __uld_get(oud); fput(od->file); + __uld_put(oud); kfree(od); } }