| From c055f5b2614b4f758ae6cc86733f31fa4c2c5844 Mon Sep 17 00:00:00 2001 |
| From: James Bottomley <James.Bottomley@suse.de> |
| Date: Sun, 1 May 2011 09:42:07 -0500 |
| Subject: [SCSI] fix oops in scsi_run_queue() |
| |
| From: James Bottomley <James.Bottomley@suse.de> |
| |
| commit c055f5b2614b4f758ae6cc86733f31fa4c2c5844 upstream. |
| |
| The recent commit closing the race window in device teardown: |
| |
| commit 86cbfb5607d4b81b1a993ff689bbd2addd5d3a9b |
| Author: James Bottomley <James.Bottomley@suse.de> |
| Date: Fri Apr 22 10:39:59 2011 -0500 |
| |
| [SCSI] put stricter guards on queue dead checks |
| |
| is causing a potential NULL deref in scsi_run_queue() because the |
| q->queuedata may already be NULL by the time this function is called. |
| Since we shouldn't be running a queue that is being torn down, simply |
| add a NULL check in scsi_run_queue() to forestall this. |
| |
| Tested-by: Jim Schutt <jaschut@sandia.gov> |
| Signed-off-by: James Bottomley <James.Bottomley@suse.de> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/scsi/scsi_lib.c | 7 ++++++- |
| 1 file changed, 6 insertions(+), 1 deletion(-) |
| |
| --- a/drivers/scsi/scsi_lib.c |
| +++ b/drivers/scsi/scsi_lib.c |
| @@ -400,10 +400,15 @@ static inline int scsi_host_is_busy(stru |
| static void scsi_run_queue(struct request_queue *q) |
| { |
| struct scsi_device *sdev = q->queuedata; |
| - struct Scsi_Host *shost = sdev->host; |
| + struct Scsi_Host *shost; |
| LIST_HEAD(starved_list); |
| unsigned long flags; |
| |
| + /* if the device is dead, sdev will be NULL, so no queue to run */ |
| + if (!sdev) |
| + return; |
| + |
| + shost = sdev->host; |
| if (scsi_target(sdev)->single_lun) |
| scsi_single_lun_run(sdev); |
| |