git.itanic.dy.fi Git - linux-stable/commit

author	Stefan Haberland <sth@linux.vnet.ibm.com>
	Tue, 20 Sep 2016 08:42:38 +0000 (10:42 +0200)
committer	Martin Schwidefsky <schwidefsky@de.ibm.com>
	Mon, 26 Sep 2016 14:45:29 +0000 (16:45 +0200)
commit	c020d722b110a44c613ef71e657e6dd4116e09d9
tree	5fc0f6d62335cb7075f6a162380ee54c1b3ea069	tree \| snapshot
parent	a9f6273ff9c80dd2c226f7a2d5c16272e5092d3e	commit \| diff

s390/dasd: fix panic during offline processing

A DASD device consists of the device itself and a discipline with a
corresponding private structure. These fields are set up during online
processing right after the device is created and before it is processed by
the state machine and made available for I/O.
During offline processing the discipline pointer and the private data gets
freed within the state machine and without protection of the existing
reference count. This might lead to a kernel panic because a function might
have taken a device reference and accesses the discipline pointer and/or
private data of the device while this is already freed.

Fix by freeing the discipline pointer and the private data after ensuring
that there is no reference to the device left.

Reviewed-by: Peter Oberparleiter <oberpar@linux.vnet.ibm.com>
Signed-off-by: Stefan Haberland <sth@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

drivers/s390/block/dasd.c		diff \| blob \| history
drivers/s390/block/dasd_devmap.c		diff \| blob \| history
drivers/s390/block/dasd_int.h		diff \| blob \| history