Skip to content

Commit

Permalink
[SCSI] scsi_lib: only call scsi_unprep_request() under queue lock
Browse files Browse the repository at this point in the history 
It's called under that lock everywhere else and it does alter the
request state, so it should be.

This one occurance in scsi_requeue_command() could open a window where
req->special is set to NULL while the requests is going through either
timeout or completion processing leading to NULL pointer derefs of the
sort complained of in bugzillas 12020 and 12195.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
  • Loading branch information
James Bottomley authored and James Bottomley committed Dec 13, 2008
1 parent 5745803 commit 02bd349
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/scsi/scsi_lib.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -648,8 +648,8 @@ static void scsi_requeue_command(struct request_queue *q, struct scsi_cmnd *cmd)
struct request *req = cmd->request;
unsigned long flags;

scsi_unprep_request(req);
spin_lock_irqsave(q->queue_lock, flags);
scsi_unprep_request(req);
blk_requeue_request(q, req);
spin_unlock_irqrestore(q->queue_lock, flags);

Expand Down

0 comments on commit 02bd349

Please sign in to comment.