On Wed, Nov 10, 2010 at 10:08:37PM +0800, Hillf Danton wrote:
> The computation context setup by previous opening the bsg file could
> not survive following open/release operations upon the same file
> object.
Umm .. release is called on final close of a file, not on every close
of a file.
> The vulnerability is fixed by deferring the cleanup operation until necessary.
>
> Signed-off-by: Hillf Danton <dhillf@xxxxxxxxx>
> ---
>
> --- a/block/bsg.c 2010-09-13 07:07:38.000000000 +0800
> +++ b/block/bsg.c 2010-11-10 21:43:58.000000000 +0800
> @@ -858,7 +858,8 @@ static int bsg_release(struct inode *ino
> {
> struct bsg_device *bd = file->private_data;
>
> - file->private_data = NULL;
> + if (1 == atomic_read(&bd->ref_count))
> + file->private_data = NULL;
> return bsg_put_device(bd);
> }
> --
> To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
Matthew Wilcox Intel Open Source Technology Centre
"Bill, look, we understand that you're interested in selling us this
operating system, but compare it to ours. We can't possibly take such
a retrograde step."
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
