diff options
author | James Smart <james.smart@emulex.com> | 2010-11-14 11:12:04 -0500 |
---|---|---|
committer | James Bottomley <James.Bottomley@suse.de> | 2010-12-09 09:41:14 -0600 |
commit | c7a841f3aca469187db76842676951a672fd27d1 (patch) | |
tree | 6819d796270f9b4c5eb4cae374a69ab1988d384a /block/bsg.c | |
parent | 057f02a38e67a944a2d0b89bb0111efb9dbe6e6e (diff) | |
download | op-kernel-dev-c7a841f3aca469187db76842676951a672fd27d1.zip op-kernel-dev-c7a841f3aca469187db76842676951a672fd27d1.tar.gz |
[SCSI] bsg: correct fault if queue object removed while dev_t open
This patch corrects an issue in bsg that results in a general protection
fault if an LLD is removed while an application is using an open file
handle to a bsg device, and the application issues an ioctl. The fault
occurs because the class_dev is NULL, having been cleared in
bsg_unregister_queue() when the driver was removed. With this
patch, a check is made for the class_dev, and the application
will receive ENXIO if the related object is gone.
Signed-off-by: Carl Lajeunesse <carl.lajeunesse@emulex.com>
Signed-off-by: James Smart <james.smart@emulex.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Diffstat (limited to 'block/bsg.c')
-rw-r--r-- | block/bsg.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/block/bsg.c b/block/bsg.c index f20d6a7..0c8b64a 100644 --- a/block/bsg.c +++ b/block/bsg.c @@ -250,6 +250,14 @@ bsg_map_hdr(struct bsg_device *bd, struct sg_io_v4 *hdr, fmode_t has_write_perm, int ret, rw; unsigned int dxfer_len; void *dxferp = NULL; + struct bsg_class_device *bcd = &q->bsg_dev; + + /* if the LLD has been removed then the bsg_unregister_queue will + * eventually be called and the class_dev was freed, so we can no + * longer use this request_queue. Return no such address. + */ + if (!bcd->class_dev) + return ERR_PTR(-ENXIO); dprintk("map hdr %llx/%u %llx/%u\n", (unsigned long long) hdr->dout_xferp, hdr->dout_xfer_len, (unsigned long long) hdr->din_xferp, |