• Chris Boot's avatar
    firewire: sbp2: fix panic after rmmod with slow targets · 0278ccd9
    Chris Boot authored
    If firewire-sbp2 starts a login to a target that doesn't complete ORBs
    in a timely manner (and has to retry the login), and the module is
    removed before the operation times out, you end up with a null-pointer
    dereference and a kernel panic.
    
    [SR:  This happens because sbp2_target_get/put() do not maintain
    module references.  scsi_device_get/put() do, but at occasions like
    Chris describes one, nobody holds a reference to an SBP-2 sdev.]
    
    This patch cancels pending work for each unit in sbp2_remove(), which
    hopefully means there are no extra references around that prevent us
    from unloading. This fixes my crash.
    Signed-off-by: default avatarChris Boot <bootc@bootc.net>
    Signed-off-by: default avatarStefan Richter <stefanr@s5r6.in-berlin.de>
    0278ccd9
sbp2.c 47.7 KB