• James Bottomley's avatar
    [SCSI] fix crash in scsi_dispatch_cmd() · bfe159a5
    James Bottomley authored
    USB surprise removal of sr is triggering an oops in
    scsi_dispatch_command().  What seems to be happening is that USB is
    hanging on to a queue reference until the last close of the upper
    device, so the crash is caused by surprise remove of a mounted CD
    followed by attempted unmount.
    
    The problem is that USB doesn't issue its final commands as part of
    the SCSI teardown path, but on last close when the block queue is long
    gone.  The long term fix is probably to make sr do the teardown in the
    same way as sd (so remove all the lower bits on ejection, but keep the
    upper disk alive until last close of user space).  However, the
    current oops can be simply fixed by not allowing any commands to be
    sent to a dead queue.
    
    Cc: stable@kernel.org
    Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
    bfe159a5
blk-core.c 73.2 KB