On Wed, Nov 10, 2010 at 11:18 PM, Matthew Wilcox <matthew@xxxxxx> wrote:
> On Wed, Nov 10, 2010 at 10:08:37PM +0800, Hillf Danton wrote:
>> The computation context setup by previous opening the bsg file could
>> not survive following open/release operations upon the same file
>> object.
>
> Umm .. release is called on final close of a file, not on every close
> of a file.
>
right, thanks//Hillf
>> The vulnerability is fixed by deferring the cleanup operation until necessary.
>>
>> Signed-off-by: Hillf Danton <dhillf@xxxxxxxxx>
>> ---
>>
>> --- a/block/bsg.c   2010-09-13 07:07:38.000000000 +0800
>> +++ b/block/bsg.c   2010-11-10 21:43:58.000000000 +0800
>> @@ -858,7 +858,8 @@ static int bsg_release(struct inode *ino
>> Â{
>> Â Â Â struct bsg_device *bd = file->private_data;
>>
>> - Â Â file->private_data = NULL;
>> + Â Â if (1 == atomic_read(&bd->ref_count))
>> + Â Â Â Â Â Â file->private_data = NULL;
>> Â Â Â return bsg_put_device(bd);
>> Â}
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>> More majordomo info at Âhttp://vger.kernel.org/majordomo-info.html
>
> --
> Matthew Wilcox             ÂIntel Open Source Technology Centre
> "Bill, look, we understand that you're interested in selling us this
> operating system, but compare it to ours. ÂWe can't possibly take such
> a retrograde step."
>
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
