On Thu, 20 Sep 2001, Andrea Arcangeli wrote:
> On Wed, Sep 19, 2001 at 03:21:09PM -0400, Alexander Viro wrote:
> > int fd = open("/dev/ram0", O_RDWR);
> > ioctl(fd, BLKFLSBUF);
> > ioctl(fd, BLKFLSBUF);
>
> here it is the fix below.
[snip]
> @@ -328,8 +369,16 @@
> bdev->bd_openers--;
> bdev->bd_cache_openers--;
> iput(rd_inode[minor]);
> + /*
> + * Make sure the cache is flushed from here
> + * and not from close(2), somebody
> + * could reopen the device before we have a
> + * chance to close it ourself.
> + */
> + truncate_inode_pages(rd_inode[minor]->i_mapping, 0);
> rd_inode[minor] = NULL;
> rd_blocksizes[minor] = rd_blocksize;
> + unlock:
> up(&bdev->bd_sem);
Now think what happens if you go through that code twice. What argument will
be passed to iput() the second time you call it?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Sep 23 2001 - 21:00:37 EST