From 49d7bc64283970ee83d2c954d04ba00d04e5943d Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Mon, 12 Dec 2005 11:25:04 -0800 Subject: Revert revert of "[SCSI] fix usb storage oops" This reverts commit 1b0997f561bf46689cc6e0903f342e9bf2506bf1, which in turn reverted 34ea80ec6a02ad02e6b9c75c478c18e5880d6713 (which is thus re-instated). Quoth James Bottomley: "All it's doing is deferring the device_put() from the scsi_put_command() to after the scsi_run_queue(), which doesn't fix the sleep while atomic problem of the device release method. In both cases we still get the semaphore in atomic context problem which is caused by scsi_reap_target() doing a device_del(), which I assumed (wrongly) was valid from atomic context." who also promised to fix scsi_reap_target(). Signed-off-by: Linus Torvalds --- drivers/scsi/scsi_lib.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'drivers/scsi') diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 4afef5c..ce9d73a 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -542,10 +542,17 @@ static void scsi_requeue_command(struct request_queue *q, struct scsi_cmnd *cmd) void scsi_next_command(struct scsi_cmnd *cmd) { - struct request_queue *q = cmd->device->request_queue; + struct scsi_device *sdev = cmd->device; + struct request_queue *q = sdev->request_queue; + + /* need to hold a reference on the device before we let go of the cmd */ + get_device(&sdev->sdev_gendev); scsi_put_command(cmd); scsi_run_queue(q); + + /* ok to remove device now */ + put_device(&sdev->sdev_gendev); } void scsi_run_host_queues(struct Scsi_Host *shost) -- cgit v1.1 From 66e05225262cd9271fac13fe2fd1e9edb65e3978 Mon Sep 17 00:00:00 2001 From: Brian King Date: Mon, 12 Dec 2005 13:05:08 -0600 Subject: [PATCH] Fix SCSI scanning slab corruption There is a double free in the scsi scan code if a LLDD's slave_alloc() call fails. There is a direct call to scsi_free_queue and then the following put_device calls the release function, which also frees the queue. Remove the redundant scsi_free_queue. Signed-off-by: Brian King Tested-by: Nathan Lynch [ Also removed some strange whitespace artifacts in that area ] Signed-off-by: Linus Torvalds --- drivers/scsi/scsi_scan.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'drivers/scsi') diff --git a/drivers/scsi/scsi_scan.c b/drivers/scsi/scsi_scan.c index 374853d..94e5167f 100644 --- a/drivers/scsi/scsi_scan.c +++ b/drivers/scsi/scsi_scan.c @@ -266,8 +266,6 @@ static struct scsi_device *scsi_alloc_sdev(struct scsi_target *starget, /* * if LLDD reports slave not present, don't clutter * console with alloc failure messages - - */ if (ret == -ENXIO) display_failure_msg = 0; @@ -279,7 +277,6 @@ static struct scsi_device *scsi_alloc_sdev(struct scsi_target *starget, out_device_destroy: transport_destroy_device(&sdev->sdev_gendev); - scsi_free_queue(sdev->request_queue); put_device(&sdev->sdev_gendev); out: if (display_failure_msg) -- cgit v1.1