• Bart Van Assche's avatar
    scsi: sd: Fix a race between closing an sd device and sd I/O · c14a5726
    Bart Van Assche authored
    The scsi_end_request() function calls scsi_cmd_to_driver() indirectly and
    hence needs the disk->private_data pointer. Avoid that that pointer is
    cleared before all affected I/O requests have finished. This patch avoids
    that the following crash occurs:
    
    Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
    Call trace:
     scsi_mq_uninit_cmd+0x1c/0x30
     scsi_end_request+0x7c/0x1b8
     scsi_io_completion+0x464/0x668
     scsi_finish_command+0xbc/0x160
     scsi_eh_flush_done_q+0x10c/0x170
     sas_scsi_recover_host+0x84c/0xa98 [libsas]
     scsi_error_handler+0x140/0x5b0
     kthread+0x100/0x12c
     ret_from_fork+0x10/0x18
    
    Cc: Christoph Hellwig <hch@lst.de>
    Cc: Ming Lei <ming.lei@redhat.com>
    Cc: Hannes Reinecke <hare@suse.com>
    Cc: Johannes Thumshirn <jthumshirn@suse.de>
    Cc: Jason Yan <yanaijie@huawei.com>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarBart Van Assche <bvanassche@acm.org>
    Reported-by: default avatarJason Yan <yanaijie@huawei.com>
    Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
    Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
    c14a5726
sd.c 98.9 KB