提交 02bd3499 编写于 作者: J James Bottomley

[SCSI] scsi_lib: only call scsi_unprep_request() under queue lock

It's called under that lock everywhere else and it does alter the
request state, so it should be.

This one occurance in scsi_requeue_command() could open a window where
req->special is set to NULL while the requests is going through either
timeout or completion processing leading to NULL pointer derefs of the
sort complained of in bugzillas 12020 and 12195.
Signed-off-by: NJames Bottomley <James.Bottomley@HansenPartnership.com>
上级 57458036
...@@ -648,8 +648,8 @@ static void scsi_requeue_command(struct request_queue *q, struct scsi_cmnd *cmd) ...@@ -648,8 +648,8 @@ static void scsi_requeue_command(struct request_queue *q, struct scsi_cmnd *cmd)
struct request *req = cmd->request; struct request *req = cmd->request;
unsigned long flags; unsigned long flags;
scsi_unprep_request(req);
spin_lock_irqsave(q->queue_lock, flags); spin_lock_irqsave(q->queue_lock, flags);
scsi_unprep_request(req);
blk_requeue_request(q, req); blk_requeue_request(q, req);
spin_unlock_irqrestore(q->queue_lock, flags); spin_unlock_irqrestore(q->queue_lock, flags);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册