--- /dev/null
+From: Gerald Schaefer <geraldsc@de.ibm.com>
+Subject: zfcp: eliminate race between validation and locking.
+References: bnc#440610
+
+Symptom: machine stalls
+Problem: ptr is verified before processing is secured by lock.
+Solution: assign, verify ptr after secured by lock
+
+Acked-by: John Jolly <jjolly@suse.de>
+---
+ drivers/s390/scsi/zfcp_fsf.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+Index: linux-sles11/drivers/s390/scsi/zfcp_fsf.c
+===================================================================
+--- linux-sles11.orig/drivers/s390/scsi/zfcp_fsf.c
++++ linux-sles11/drivers/s390/scsi/zfcp_fsf.c
+@@ -2115,18 +2115,21 @@ static inline void zfcp_fsf_trace_latenc
+
+ static void zfcp_fsf_send_fcp_command_task_handler(struct zfcp_fsf_req *req)
+ {
+- struct scsi_cmnd *scpnt = req->data;
++ struct scsi_cmnd *scpnt;
+ struct fcp_rsp_iu *fcp_rsp_iu = (struct fcp_rsp_iu *)
+ &(req->qtcb->bottom.io.fcp_rsp);
+ u32 sns_len;
+ char *fcp_rsp_info = (unsigned char *) &fcp_rsp_iu[1];
+ unsigned long flags;
+
+- if (unlikely(!scpnt))
+- return;
+-
+ read_lock_irqsave(&req->adapter->abort_lock, flags);
+
++ scpnt = req->data;
++ if (unlikely(!scpnt)) {
++ read_unlock_irqrestore(&req->adapter->abort_lock, flags);
++ return;
++ }
++
+ if (unlikely(req->status & ZFCP_STATUS_FSFREQ_ABORTED)) {
+ set_host_byte(scpnt, DID_SOFT_ERROR);
+ set_driver_byte(scpnt, SUGGEST_RETRY);
+@@ -2181,7 +2184,8 @@ skip_fsfstatus:
+ zfcp_scsi_dbf_event_result("norm", 6, req->adapter, scpnt, req);
+
+ scpnt->host_scribble = NULL;
+- (scpnt->scsi_done) (scpnt);
++ if (scpnt->scsi_done)
++ (scpnt->scsi_done) (scpnt);
+ /*
+ * We must hold this lock until scsi_done has been called.
+ * Otherwise we may call scsi_done after abort regarding this
projects / ipfire-2.x.git / blobdiff