From 2c935593ac1871211b43a54f023dc3bc605ad346 Mon Sep 17 00:00:00 2001 From: "Stephen M. Cameron" Date: Thu, 17 Sep 2009 13:47:50 -0500 Subject: [PATCH] cciss: Fix excessive gendisk freeing bug on driver unload. Fix bug that free_hba was calling put_disk for all gendisk[] pointers -- all 1024 of them -- regardless of whether the were used or not (NULL). This bug could cause rmmod to oops if logical drives had been deleted during the driver's lifetime. Signed-off-by: Stephen M. Cameron Signed-off-by: Jens Axboe --- drivers/block/cciss.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c index 0a3c057c7785..3a6ca7de4c93 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c @@ -3893,15 +3893,16 @@ Enomem: return -1; } -static void free_hba(int i) +static void free_hba(int n) { - ctlr_info_t *p = hba[i]; - int n; + ctlr_info_t *h = hba[n]; + int i; - hba[i] = NULL; - for (n = 0; n < CISS_MAX_LUN; n++) - put_disk(p->gendisk[n]); - kfree(p); + hba[n] = NULL; + for (i = 0; i < h->highest_lun + 1; i++) + if (h->gendisk[i] != NULL) + put_disk(h->gendisk[i]); + kfree(h); } /* Send a message CDB to the firmware. */ -- 2.20.1