| From 5f73c337d88fc4a7071464a87b23cbb01f16c5d4 Mon Sep 17 00:00:00 2001 |
| From: James Bottomley <James.Bottomley@suse.de> |
| Date: Sun, 1 May 2011 09:42:07 -0500 |
| Subject: [PATCH] fix oops in scsi_run_queue() |
| |
| commit c055f5b2614b4f758ae6cc86733f31fa4c2c5844 upstream. |
| |
| The recent commit closing the race window in device teardown: |
| |
| commit 86cbfb5607d4b81b1a993ff689bbd2addd5d3a9b |
| Author: James Bottomley <James.Bottomley@suse.de> |
| Date: Fri Apr 22 10:39:59 2011 -0500 |
| |
| [SCSI] put stricter guards on queue dead checks |
| |
| is causing a potential NULL deref in scsi_run_queue() because the |
| q->queuedata may already be NULL by the time this function is called. |
| Since we shouldn't be running a queue that is being torn down, simply |
| add a NULL check in scsi_run_queue() to forestall this. |
| |
| Tested-by: Jim Schutt <jaschut@sandia.gov> |
| Signed-off-by: James Bottomley <James.Bottomley@suse.de> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c |
| index c2a9e12..725f3cd 100644 |
| --- a/drivers/scsi/scsi_lib.c |
| +++ b/drivers/scsi/scsi_lib.c |
| @@ -400,10 +400,15 @@ static inline int scsi_host_is_busy(struct Scsi_Host *shost) |
| static void scsi_run_queue(struct request_queue *q) |
| { |
| struct scsi_device *sdev = q->queuedata; |
| - struct Scsi_Host *shost = sdev->host; |
| + struct Scsi_Host *shost; |
| LIST_HEAD(starved_list); |
| unsigned long flags; |
| |
| + /* if the device is dead, sdev will be NULL, so no queue to run */ |
| + if (!sdev) |
| + return; |
| + |
| + shost = sdev->host; |
| if (scsi_target(sdev)->single_lun) |
| scsi_single_lun_run(sdev); |
| |
| -- |
| 1.7.7 |
| |
