| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110701170531.GA3693@tassilo.jf.intel.com> Date: Fri, 1 Jul 2011 10:05:31 -0700 From: Andi Kleen <andi@...stfloor.org> To: linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org Cc: axboe@...nel.dk, rjw@...k.pl Subject: Linux 3.0 oopses when pulling a USB CDROM Hi, I found I can reliably crash a 3.0 system by pulling the USB cable of a mounted USB cdrom (or rather a USB device which has a builtin fake CD-ROM) I suspect it's a regression too. It ends with a NULL pointer reference on a NULL sdev in scsi_prep_state_check. Here's a somewhat incomplete backtrace (written down by hand) scsi_prep_state_check scsi_setup_blk_pc_cmnd blk_peek_request ... scsi_request_fn ... ioctl_internal_command ... scsi_set_medium_removal sr_lock_door cdrom_release ... umount I tried adding a if (!sdev) return BLKPREP_KILL; to scsi_prep_state_check, but that caused a RCU CPU stall and a generally unhappy system instead. The sdev must be still there in scsi_set_medium_removal because it's referenced, so it must get lost somewhere in SCSI or in the block layer. Any ideas how to fix this? -Andi -- ak@...ux.intel.com -- Speaking for myself only -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists