• James Bottomley's avatar
    [SCSI] put stricter guards on queue dead checks · 86cbfb56
    James Bottomley authored
    SCSI uses request_queue->queuedata == NULL as a signal that the queue
    is dying.  We set this state in the sdev release function.  However,
    this allows a small window where we release the last reference but
    haven't quite got to this stage yet and so something will try to take
    a reference in scsi_request_fn and oops.  It's very rare, but we had a
    report here, so we're pushing this as a bug fix
    
    The actual fix is to set request_queue->queuedata to NULL in
    scsi_remove_device() before we drop the reference.  This causes
    correct automatic rejects from scsi_request_fn as people who hold
    additional references try to submit work and prevents anything from
    getting a new reference to the sdev that way.
    
    Cc: stable@kernel.org
    Signed-off-by: default avatarJames Bottomley <James.Bottomley@suse.de>
    86cbfb56
scsi_sysfs.c 27.4 KB