Commit 85631672 authored by Michael Reed's avatar Michael Reed Committed by James Bottomley

[SCSI] fix OOPS due to clearing eh_action prior to aborting eh command

The eh_action semaphore in scsi_eh_send_command is cleared after a
command timeout.  The command is subsequently aborted and the abort
will try to call scsi_done() on it.  Unfortunately, the scsi_eh_done()
routine unconditinally completes the semaphore (which is now null).
Fix this race by makiong the scsi_eh_done() routine check that the
semaphore is non null before completing it (mirroring the ordinary
command done/timeout logic).
Signed-off-by: default avatarJames Bottomley <James.Bottomley@SteelEye.com>
parent f0353301
...@@ -422,10 +422,15 @@ static int scsi_eh_completed_normally(struct scsi_cmnd *scmd) ...@@ -422,10 +422,15 @@ static int scsi_eh_completed_normally(struct scsi_cmnd *scmd)
**/ **/
static void scsi_eh_done(struct scsi_cmnd *scmd) static void scsi_eh_done(struct scsi_cmnd *scmd)
{ {
struct completion *eh_action;
SCSI_LOG_ERROR_RECOVERY(3, SCSI_LOG_ERROR_RECOVERY(3,
printk("%s scmd: %p result: %x\n", printk("%s scmd: %p result: %x\n",
__FUNCTION__, scmd, scmd->result)); __FUNCTION__, scmd, scmd->result));
complete(scmd->device->host->eh_action);
eh_action = scmd->device->host->eh_action;
if (eh_action)
complete(eh_action);
} }
/** /**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment