git.karo-electronics.de Git - karo-tx-linux.git/commit

author	Bart Van Assche <bvanassche@acm.org>
	Fri, 29 Jun 2012 15:33:22 +0000 (15:33 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 9 Aug 2012 15:22:37 +0000 (08:22 -0700)
commit	4d9157ec5aecf5eab7c94b09c24131fc53424118
tree	36e0c877901a982efde089184080e34e560cf16d	tree \| snapshot
parent	10f8d5b86743b33d841a175303e2bf67fd620f42	commit \| diff

SCSI: Fix device removal NULL pointer dereference

commit 67bd94130015c507011af37858989b199c52e1de upstream.

Use blk_queue_dead() to test whether the queue is dead instead
of !sdev. Since scsi_prep_fn() may be invoked concurrently with
__scsi_remove_device(), keep the queuedata (sdev) pointer in
__scsi_remove_device(). This patch fixes a kernel oops that
can be triggered by USB device removal. See also
http://www.spinics.net/lists/linux-scsi/msg56254.html.

Other changes included in this patch:
- Swap the blk_cleanup_queue() and kfree() calls in
  scsi_host_dev_release() to make that code easier to grasp.
- Remove the queue dead check from scsi_run_queue() since the
  queue state can change anyway at any point in that function
  where the queue lock is not held.
- Remove the queue dead check from the start of scsi_request_fn()
  since it is redundant with the scsi_device_online() check.

Reported-by: Jun'ichi Nomura <j-nomura@ce.jp.nec.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reviewed-by: Mike Christie <michaelc@cs.wisc.edu>
Reviewed-by: Tejun Heo <tj@kernel.org>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/scsi/hosts.c		diff \| blob \| history
drivers/scsi/scsi_lib.c		diff \| blob \| history
drivers/scsi/scsi_priv.h		diff \| blob \| history
drivers/scsi/scsi_sysfs.c		diff \| blob \| history