Re: [PATCH] fix NULL-pointer dereference on scsi_run_queue

[Chanho Min]

> Does it occur with that patch applied?
I'm trying to reproduce it with that patch. but, It is unlikely to be fixed.
because scsi_run_queue is invoked from scsi_requeue_run_queue,
not scsi_requeue_command.

> If it does, the likely fix would be to take a copy of the queue ... but
> I'd like to understand why first.  An active command has an automatic
> reference to the sdev_gendev, so it shouldn't be the normal case.  This
> was broken by unprep because it releases the command from the queue and
> drops the reference.  We may have another case like unjprep, but in that
__scsi_remove_device drops the last reference under race condition.

> case, we need to find it ... trying to add extra get/put_device() calls
> will paper over the problem.
yes, extra reference is not good to fix.
But, As long as scsi_device_dev_release_usercontext set request_queue
to NULL, Isn't it necessary to ensure that __blk_run_queue don't release device?

Thanks a lot!
Chanho Min
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/