Commit 0212fe0b authored by James Bottomley's avatar James Bottomley

Fix badness in scsi_lib.c

From: Mike Christie <mikenc@us.ibm.com>

> Oct 26 23:32:55 mina kernel: Unable to handle kernel paging request at 
> virtual address 6b6b6c7b
> Oct 26 23:32:55 mina kernel:  printing eip:
> Oct 26 23:32:55 mina kernel: f882b8ce
> Oct 26 23:32:55 mina kernel: *pde = 00000000
> Oct 26 23:32:55 mina kernel: Oops: 0000 [#1]
> Oct 26 23:32:55 mina kernel: PREEMPT
> Oct 26 23:32:55 mina kernel: Modules linked in: sd_mod usb_storage 
> ide_cd cdrom sg scsi_mod rd
> Oct 26 23:32:55 mina kernel: CPU:    0
> Oct 26 23:32:55 mina kernel: EIP:    0060:[<f882b8ce>]    Not tainted VLI
> Oct 26 23:32:55 mina kernel: EFLAGS: 00010296   (2.6.10-rc1-mm1y)
> Oct 26 23:32:55 mina kernel: EIP is at 
> scsi_block_when_processing_errors+0xe/0xe0 [scsi_mod]
> Oct 26 23:32:55 mina kernel: eax: 00000000   ebx: 6b6b6b6b   ecx: 
> f88ef640   edx: ec5b6578
> Oct 26 23:32:55 mina kernel: esi: e9baa4b8   edi: c17e9268   ebp: 
> e9677f0c   esp: e9677eb4
> Oct 26 23:32:55 mina kernel: ds: 007b   es: 007b   ss: 0068
> Oct 26 23:32:55 mina kernel: Process fdisk (pid: 2891, 
> threadinfo=e9676000 task=ea0c61f0)
> Oct 26 23:32:55 mina kernel: Stack: 00000000 00000001 00000000 00000000 
> 00000000 00000000 00000000 00000000
> Oct 26 23:32:55 mina kernel:        00000000 00000000 00000003 e9677ef0 
> c17e9268 0000006b c17e9268 e9677f0c
> Oct 26 23:32:55 mina kernel:        c0159761 c17e93e4 00000000 e9b98780 
> e9baa4b8 c17e9268 e9677f24 f88ef6a8
> Oct 26 23:32:55 mina kernel: Call Trace:
> Oct 26 23:32:55 mina kernel:  [<c01056cf>] show_stack+0x7f/0xa0
> Oct 26 23:32:55 mina kernel:  [<c0105876>] show_registers+0x156/0x1c0
> Oct 26 23:32:55 mina kernel:  [<c0105af6>] die+0x156/0x2e0
> Oct 26 23:32:55 mina kernel:  [<c011628d>] do_page_fault+0x36d/0x69c
> Oct 26 23:32:55 mina kernel:  [<c01051ed>] error_code+0x2d/0x38
> Oct 26 23:32:55 mina kernel:  [<f88ef6a8>] sd_release+0x68/0xa0 [sd_mod]
> Oct 26 23:32:55 mina kernel:  [<c0184c03>] blkdev_put+0x183/0x1b0
> Oct 26 23:32:55 mina kernel:  [<c01784ad>] __fput+0x14d/0x160
> Oct 26 23:32:55 mina kernel:  [<c0176797>] filp_close+0x57/0x90
> Oct 26 23:32:55 mina kernel:  [<c01768e3>] sys_close+0x113/0x240
> Oct 26 23:32:55 mina kernel:  [<c0104ff1>] sysenter_past_esp+0x52/0x71
> Oct 26 23:32:55 mina kernel: Code: 0c 8b 43 04 8b 00 89 5c 24 04 c7 04 
> 24 e4 d1 83 f8 89 44 24 08 e8 d3 21 8f c7 8d 76 00 55 89 e5 57 56 53 83 
> ec 4c 8b 75 08 8b 1e <8b> 83 10 01 00 00 a8 08 74 7c fc 31 c0 8d 7d b4 
> b9 05 00 00 00


The problem with using shost_for_each_device wrt to the above oops is
that scsi_forget_host sets the state to SDEV_CANCEL, so that when
scsi_host_cancel iterates over the devices using shost_for_each_device
it cannot get a handle to the sdev (scsi_device_get fails becuase the
state is set to SDEV_CANCEL). And, __scsi_iterate_devices does not clear
the next pointer if this happens, so I think this is needed to fix just
the refcount bug in shost_for_each_device.
Signed-off-by: default avatarJames Bottomley <James.Bottomley@SteelEye.com>
parent 1fc697f9
...@@ -1063,6 +1063,7 @@ struct scsi_device *__scsi_iterate_devices(struct Scsi_Host *shost, ...@@ -1063,6 +1063,7 @@ struct scsi_device *__scsi_iterate_devices(struct Scsi_Host *shost,
/* skip devices that we can't get a reference to */ /* skip devices that we can't get a reference to */
if (!scsi_device_get(next)) if (!scsi_device_get(next))
break; break;
next = NULL;
list = list->next; list = list->next;
} }
spin_unlock_irqrestore(shost->host_lock, flags); spin_unlock_irqrestore(shost->host_lock, flags);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment