src/patches/suse-2.6.27.25/patches.fixes/scsi-call-unprep_request-under-lock

   1 Subject: [SCSI] scsi_lib: only call scsi_unprep_request() under queue lock
   2 From: James Bottomley <James.Bottomley@HansenPartnership.com>
   3 Date: Sat Dec 13 14:31:03 2008 -0600:
   4 Git: 02bd3499a3be984f1e88821c3ed252c8c49c498e
   5 References: bnc#464155
   6
   7 It's called under that lock everywhere else and it does alter the
   8 request state, so it should be.
   9
  10 This one occurance in scsi_requeue_command() could open a window where
  11 req->special is set to NULL while the requests is going through either
  12 timeout or completion processing leading to NULL pointer derefs of the
  13 sort complained of in bugzillas 12020 and 12195.
  14
  15 Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
  16 Signed-off-by: Hannes Reinecke <hare@suse.de>
  17
  18 diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
  19 index fa45a1a..148d3af 100644
  20 --- a/drivers/scsi/scsi_lib.c
  21 +++ b/drivers/scsi/scsi_lib.c
  22 @@ -648,8 +648,8 @@ static void scsi_requeue_command(struct request_queue *q, struct scsi_cmnd *cmd)
  23         struct request *req = cmd->request;
  24         unsigned long flags;
  25
  26 -       scsi_unprep_request(req);
  27         spin_lock_irqsave(q->queue_lock, flags);
  28 +       scsi_unprep_request(req);
  29         blk_requeue_request(q, req);
  30         spin_unlock_irqrestore(q->queue_lock, flags);
  31