From: Dan Williams Date: Tue, 20 Mar 2012 17:58:38 +0000 (-0700) Subject: scsi_transport_sas: fix delete vs scan race X-Git-Tag: next-20120417~47^2~15 X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=e81dcce46fdbb2c968d7314c2f19da3c2bba24d1;p=karo-tx-linux.git scsi_transport_sas: fix delete vs scan race The following crash results from cases where the end_device has been removed before scsi_sysfs_add_sdev has had a chance to run. BUG: unable to handle kernel NULL pointer dereference at 0000000000000098 IP: [] sysfs_create_dir+0x32/0xb6 ... Call Trace: [] kobject_add_internal+0x120/0x1e3 [] ? trace_hardirqs_on+0xd/0xf [] kobject_add_varg+0x41/0x50 [] kobject_add+0x64/0x66 [] device_add+0x12d/0x63a [] ? _raw_spin_unlock_irqrestore+0x47/0x56 [] ? module_refcount+0x89/0xa0 [] scsi_sysfs_add_sdev+0x4e/0x28a [] do_scan_async+0x9c/0x145 ...teach sas_rphy_remove to wait for async scanning to quiesce before removing the end_device. It seems this is a more general problem [1], but this patch only addresses sas transport. [1]: 23edb6e [SCSI] mpt2sas: Do not set sas_device->starget to NULL from the slave_destroy callback when all the LUNS have been deleted Signed-off-by: Dan Williams --- diff --git a/drivers/scsi/scsi_transport_sas.c b/drivers/scsi/scsi_transport_sas.c index f7565fc4f0e3..47abb901cd2c 100644 --- a/drivers/scsi/scsi_transport_sas.c +++ b/drivers/scsi/scsi_transport_sas.c @@ -33,8 +33,9 @@ #include #include -#include #include +#include +#include #include #include @@ -1667,6 +1668,9 @@ sas_rphy_remove(struct sas_rphy *rphy) { struct device *dev = &rphy->dev; + /* prevent device_del() while child device_add() may be in-flight */ + scsi_complete_async_scans(); + switch (rphy->identify.device_type) { case SAS_END_DEVICE: scsi_remove_target(dev);