lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[SCSI] fix OOPS due to clearing eh_action prior to aborting eh command

Browse Source 
The eh_action semaphore in scsi_eh_send_command is cleared after a
command timeout.  The command is subsequently aborted and the abort
will try to call scsi_done() on it.  Unfortunately, the scsi_eh_done()
routine unconditinally completes the semaphore (which is now null).
Fix this race by makiong the scsi_eh_done() routine check that the
semaphore is non null before completing it (mirroring the ordinary
command done/timeout logic).

Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
This commit is contained in:
Michael Reed
2005-12-07 21:46:27 -06:00
committed by James Bottomley
parent f0353301e6
commit 85631672e6
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
drivers/scsi/scsi_error.c
View File

@@ -422,10 +422,15 @@ static int scsi_eh_completed_normally(struct scsi_cmnd *scmd)
**/ **/
static void scsi_eh_done(struct scsi_cmnd *scmd) static void scsi_eh_done(struct scsi_cmnd *scmd)
{ {
struct completion *eh_action;
SCSI_LOG_ERROR_RECOVERY(3, SCSI_LOG_ERROR_RECOVERY(3,
printk("%s scmd: %p result: %x\n", printk("%s scmd: %p result: %x\n",
__FUNCTION__, scmd, scmd->result)); __FUNCTION__, scmd, scmd->result));
complete(scmd->device->host->eh_action);
eh_action = scmd->device->host->eh_action;
if (eh_action)
complete(eh_action);
} }
/** /**