projects / cascardo / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c0d3b9c)
[SCSI] Revert "sg: checking sdp->detached isn't protected when open"
authorJames Bottomley <JBottomley@Parallels.com>
Fri, 25 Oct 2013 09:25:14 +0000 (10:25 +0100)
committerJames Bottomley <JBottomley@Parallels.com>
Fri, 25 Oct 2013 09:59:02 +0000 (10:59 +0100)
This reverts commit e32c9e6300e3af659cbfe45e90a1e7dcd3572ada.

This is one of four patches that was causing this bug

[  205.372823] ================================================
[  205.372901] [ BUG: lock held when returning to user space! ]
[  205.372979] 3.12.0-rc6-hw-debug-pagealloc+ #67 Not tainted
[  205.373055] ------------------------------------------------
[  205.373132] megarc.bin/5283 is leaving the kernel with locks still held!
[  205.373212] 1 lock held by megarc.bin/5283:
[  205.373285]  #0:  (&sdp->o_sem){.+.+..}, at: [<ffffffff8161e650>] sg_open+0x3a0/0x4d0

Cc: Vaughan Cao <vaughan.cao@oracle.com>
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
drivers/scsi/sg.c patch | blob | history

diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index 64df1ab..d4af132 100644 (file)
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -295,20 +295,23 @@ sg_open(struct inode *inode, struct file *filp)
        if (flags & O_EXCL)
                sdp->exclude = 1;       /* used by release lock */
 
+       if (sdp->detached) {
+               retval = -ENODEV;
+               goto sem_out;
+       }
        if (sfds_list_empty(sdp)) {     /* no existing opens on this device */
                sdp->sgdebug = 0;
                q = sdp->device->request_queue;
                sdp->sg_tablesize = queue_max_segments(q);
        }
-       sfp = sg_add_sfp(sdp, dev);
-       if (!IS_ERR(sfp))
+       if ((sfp = sg_add_sfp(sdp, dev)))
                filp->private_data = sfp;
                /* retval is already provably zero at this point because of the
                 * check after retval = scsi_autopm_get_device(sdp->device))
                 */
        else {
-               retval = PTR_ERR(sfp);
-
+               retval = -ENOMEM;
+sem_out:
                if (flags & O_EXCL) {
                        sdp->exclude = 0;       /* undo if error */
                        up_write(&sdp->o_sem);
@@ -2042,7 +2045,7 @@ sg_add_sfp(Sg_device * sdp, int dev)
 
        sfp = kzalloc(sizeof(*sfp), GFP_ATOMIC | __GFP_NOWARN);
        if (!sfp)
-               return ERR_PTR(-ENOMEM);
+               return NULL;
 
        init_waitqueue_head(&sfp->read_wait);
        rwlock_init(&sfp->rq_list_lock);
@@ -2057,10 +2060,6 @@ sg_add_sfp(Sg_device * sdp, int dev)
        sfp->keep_orphan = SG_DEF_KEEP_ORPHAN;
        sfp->parentdp = sdp;
        write_lock_irqsave(&sg_index_lock, iflags);
-       if (sdp->detached) {
-               write_unlock_irqrestore(&sg_index_lock, iflags);
-               return ERR_PTR(-ENODEV);
-       }
        list_add_tail(&sfp->sfd_siblings, &sdp->sfds);
        write_unlock_irqrestore(&sg_index_lock, iflags);
        SCSI_LOG_TIMEOUT(3, printk("sg_add_sfp: sfp=0x%p\n", sfp));
Unnamed repository; edit this file 'description' to name the repository.