]>
Commit | Line | Data |
---|---|---|
00e5a55c BS |
1 | Subject: [SCSI] scsi_lib: only call scsi_unprep_request() under queue lock |
2 | From: James Bottomley <James.Bottomley@HansenPartnership.com> | |
3 | Date: Sat Dec 13 14:31:03 2008 -0600: | |
4 | Git: 02bd3499a3be984f1e88821c3ed252c8c49c498e | |
5 | References: bnc#464155 | |
6 | ||
7 | It's called under that lock everywhere else and it does alter the | |
8 | request state, so it should be. | |
9 | ||
10 | This one occurance in scsi_requeue_command() could open a window where | |
11 | req->special is set to NULL while the requests is going through either | |
12 | timeout or completion processing leading to NULL pointer derefs of the | |
13 | sort complained of in bugzillas 12020 and 12195. | |
14 | ||
15 | Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> | |
16 | Signed-off-by: Hannes Reinecke <hare@suse.de> | |
17 | ||
18 | diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c | |
19 | index fa45a1a..148d3af 100644 | |
20 | --- a/drivers/scsi/scsi_lib.c | |
21 | +++ b/drivers/scsi/scsi_lib.c | |
22 | @@ -648,8 +648,8 @@ static void scsi_requeue_command(struct request_queue *q, struct scsi_cmnd *cmd) | |
23 | struct request *req = cmd->request; | |
24 | unsigned long flags; | |
25 | ||
26 | - scsi_unprep_request(req); | |
27 | spin_lock_irqsave(q->queue_lock, flags); | |
28 | + scsi_unprep_request(req); | |
29 | blk_requeue_request(q, req); | |
30 | spin_unlock_irqrestore(q->queue_lock, flags); | |
31 |