1 From: Gerald Schaefer <geraldsc@de.ibm.com>
2 Subject: zfcp: eliminate race between validation and locking.
5 Symptom: machine stalls
6 Problem: ptr is verified before processing is secured by lock.
7 Solution: assign, verify ptr after secured by lock
9 Acked-by: John Jolly <jjolly@suse.de>
11 drivers/s390/scsi/zfcp_fsf.c | 14 +++++++++-----
12 1 file changed, 9 insertions(+), 5 deletions(-)
14 Index: linux-sles11/drivers/s390/scsi/zfcp_fsf.c
15 ===================================================================
16 --- linux-sles11.orig/drivers/s390/scsi/zfcp_fsf.c
17 +++ linux-sles11/drivers/s390/scsi/zfcp_fsf.c
18 @@ -2115,18 +2115,21 @@ static inline void zfcp_fsf_trace_latenc
20 static void zfcp_fsf_send_fcp_command_task_handler(struct zfcp_fsf_req *req)
22 - struct scsi_cmnd *scpnt = req->data;
23 + struct scsi_cmnd *scpnt;
24 struct fcp_rsp_iu *fcp_rsp_iu = (struct fcp_rsp_iu *)
25 &(req->qtcb->bottom.io.fcp_rsp);
27 char *fcp_rsp_info = (unsigned char *) &fcp_rsp_iu[1];
30 - if (unlikely(!scpnt))
33 read_lock_irqsave(&req->adapter->abort_lock, flags);
36 + if (unlikely(!scpnt)) {
37 + read_unlock_irqrestore(&req->adapter->abort_lock, flags);
41 if (unlikely(req->status & ZFCP_STATUS_FSFREQ_ABORTED)) {
42 set_host_byte(scpnt, DID_SOFT_ERROR);
43 set_driver_byte(scpnt, SUGGEST_RETRY);
44 @@ -2181,7 +2184,8 @@ skip_fsfstatus:
45 zfcp_scsi_dbf_event_result("norm", 6, req->adapter, scpnt, req);
47 scpnt->host_scribble = NULL;
48 - (scpnt->scsi_done) (scpnt);
49 + if (scpnt->scsi_done)
50 + (scpnt->scsi_done) (scpnt);
52 * We must hold this lock until scsi_done has been called.
53 * Otherwise we may call scsi_done after abort regarding this
projects / people / pmueller / ipfire-2.x.git / blob