summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeil Brown <neilb@suse.de>2009-10-26 08:59:17 +0100
committerGreg Kroah-Hartman <gregkh@suse.de>2009-12-08 10:22:27 -0800
commitee3989464a4c4896ec29f5b1c2aae840fab8b73d (patch)
tree45325c8135975b8fd9160c2e0814a0cdf8742c60
parentbb969fdc8c7e7675266a3697ad93945428fd89d6 (diff)
downloadlinux-stable-ee3989464a4c4896ec29f5b1c2aae840fab8b73d.tar.gz
linux-stable-ee3989464a4c4896ec29f5b1c2aae840fab8b73d.tar.bz2
linux-stable-ee3989464a4c4896ec29f5b1c2aae840fab8b73d.zip
block: use after free bug in __blkdev_get
commit 960cc0f4fef607baabc2232fbd7cce5368a9dcfd upstream. commit 0762b8bde9729f10f8e6249809660ff2ec3ad735 (from 14 months ago) introduced a use-after-free bug which has just recently started manifesting in my md testing. I tried git bisect to find out what caused the bug to start manifesting, and it could have been the recent change to blk_unregister_queue (48c0d4d4c04) but the results were inconclusive. This patch certainly fixes my symptoms and looks correct as the two calls are now in the same order as elsewhere in that function. Signed-off-by: NeilBrown <neilb@suse.de> Acked-by: Tejun Heo <tj@kernel.org> Signed-off-by: Jens Axboe <jens.axboe@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--fs/block_dev.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 94dfda24c06e..9d544ea02c0a 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -1243,8 +1243,8 @@ static int __blkdev_get(struct block_device *bdev, fmode_t mode, int for_part)
bd_set_size(bdev, (loff_t)bdev->bd_part->nr_sects << 9);
}
} else {
- put_disk(disk);
module_put(disk->fops->owner);
+ put_disk(disk);
disk = NULL;
if (bdev->bd_contains == bdev) {
if (bdev->bd_disk->fops->open) {