s390/cio: invalidate cdev pointer before deregistration
authorSebastian Ott <sebott@linux.vnet.ibm.com>
Wed, 5 Sep 2012 12:20:41 +0000 (14:20 +0200)
committerMartin Schwidefsky <schwidefsky@de.ibm.com>
Thu, 6 Sep 2012 08:40:40 +0000 (10:40 +0200)
Make sure that the cdev pointer for IO subchannels is set to NULL when
we deregister the device (and release its last reference). This will
fix a bug were another process operates on an already freed ccw device.

Acked-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
drivers/s390/cio/device.c

index e8e1a10..fc916f5 100644 (file)
@@ -1521,11 +1521,14 @@ static int io_subchannel_sch_event(struct subchannel *sch, int process)
                        goto out;
                break;
        case IO_SCH_UNREG_ATTACH:
+               spin_lock_irqsave(sch->lock, flags);
                if (cdev->private->flags.resuming) {
                        /* Device will be handled later. */
                        rc = 0;
-                       goto out;
+                       goto out_unlock;
                }
+               sch_set_cdev(sch, NULL);
+               spin_unlock_irqrestore(sch->lock, flags);
                /* Unregister ccw device. */
                ccw_device_unregister(cdev);
                break;