Searched hist:"86 cbfb5607d4b81b1a993ff689bbd2addd5d3a9b" (Results 1 – 2 of 2) sorted by relevance
| /openbmc/linux/drivers/scsi/ |
| H A D | scsi_sysfs.c | diff 86cbfb5607d4b81b1a993ff689bbd2addd5d3a9b Fri Apr 22 10:39:59 CDT 2011 James Bottomley <James.Bottomley@suse.de> [SCSI] put stricter guards on queue dead checks
SCSI uses request_queue->queuedata == NULL as a signal that the queue
is dying. We set this state in the sdev release function. However,
this allows a small window where we release the last reference but
haven't quite got to this stage yet and so something will try to take
a reference in scsi_request_fn and oops. It's very rare, but we had a
report here, so we're pushing this as a bug fix
The actual fix is to set request_queue->queuedata to NULL in
scsi_remove_device() before we drop the reference. This causes
correct automatic rejects from scsi_request_fn as people who hold
additional references try to submit work and prevents anything from
getting a new reference to the sdev that way.
Cc: stable@kernel.org
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
|
| H A D | scsi_lib.c | diff c055f5b2614b4f758ae6cc86733f31fa4c2c5844 Sun May 01 09:42:07 CDT 2011 James Bottomley <James.Bottomley@suse.de> [SCSI] fix oops in scsi_run_queue()
The recent commit closing the race window in device teardown:
commit 86cbfb5607d4b81b1a993ff689bbd2addd5d3a9b
Author: James Bottomley <James.Bottomley@suse.de>
Date: Fri Apr 22 10:39:59 2011 -0500
[SCSI] put stricter guards on queue dead checks
is causing a potential NULL deref in scsi_run_queue() because the
q->queuedata may already be NULL by the time this function is called.
Since we shouldn't be running a queue that is being torn down, simply
add a NULL check in scsi_run_queue() to forestall this.
Tested-by: Jim Schutt <jaschut@sandia.gov>
Cc: stable@kernel.org
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
|