Re: [PATCH] fix NULL-pointer dereference on scsi_run_queue

From: Chanho Min
Date: Tue Aug 07 2012 - 04:53:45 EST


On Tue, Aug 7, 2012 at 2:56 AM, Bart Van Assche <bvanassche@xxxxxxx> wrote:
> Indeed. How about the patch below ? Scsi devices are removed from
> starved_list after blk_cleanup_queue() and before put_device(). That
> guarantees that inside scsi_run_queue() get_device() under host lock
> will succeed.
Thanks, IMHO, it's harmless and the simple way to solve this issue.
But, I think the second half of your patches are not required, extra
referecne is might suffice?

In addition, Is it ironic that we are careful to use put_device at
scsi_request_fn?. If we trigger the ->remove(),
It occur a oops. What about the removal of unlock/lock as patch bellow?

diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index 4037fd5..8d9eccd 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1608,11 +1608,7 @@ out_delay:
if (sdev->device_busy == 0)
blk_delay_queue(q, SCSI_QUEUE_DELAY);
out:
- /* must be careful here...if we trigger the ->remove() function
- * we cannot be holding the q lock */
- spin_unlock_irq(q->queue_lock);
put_device(&sdev->sdev_gendev);
- spin_lock_irq(q->queue_lock);
}

u64 scsi_calculate_bounce_limit(struct Scsi_Host *shost)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/