block: use after free bug in __blkdev_get

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

commit 0762b8bde9729f10f8e6249809660ff2ec3ad735
(from 14 months ago) introduced a use-after-free bug which has just
recently started manifesting in my md testing.
I tried git bisect to find out what caused the bug to start
manifesting, and it could have been the recent change to
blk_unregister_queue (48c0d4d4c04) but the results were inconclusive.

This patch certainly fixes my symptoms and looks correct as the two
calls are now in the same order as elsewhere in that function.

Signed-off-by: NeilBrown <neilb@suse.de>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>

authored by

Neil Brown and committed by

Jens Axboe 16 years ago 960cc0f4 6cafb12d

+1 -1

1 changed file

expand all

block_dev.c

+1 -1

fs/block_dev.c

··· 1248 1248 bd_set_size(bdev, (loff_t)bdev->bd_part->nr_sects << 9); 1249 1249 } 1250 1250 } else { 1251 - put_disk(disk); 1252 1251 module_put(disk->fops->owner); 1252 + put_disk(disk); 1253 1253 disk = NULL; 1254 1254 if (bdev->bd_contains == bdev) { 1255 1255 if (bdev->bd_disk->fops->open) {