提交 26186ba7 编写于 作者: M Matthew Dharm 提交者: Greg Kroah-Hartman

[PATCH] USB Storage: close a race condition in disconnect near queuecommand

This patch started life as as534, and has been re-diffed against the latest
tree.

usb-storage has a small loophole, a window between the time queuecommand
accepts a new command and the time the control thread starts to execute
it.  If disconnect is called during that window, the driver won't cancel
the pending command -- we've been relying on the SCSI core to cancel it
for us during host removal.  But it's better for usb-storage to cancel
it;  this avoids races and reduces reliance on the SCSI core.
Fortunately cancelling these commands is easy to do; the key is to do it
_before_ calling scsi_remove_host.
Signed-off-by: NAlan Stern <stern@rowland.harvard.edu>
Signed-off-by: NMatthew Dharm <mdharm-usb@one-eyed-alien.net>
Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
上级 77f46328
...@@ -833,6 +833,19 @@ static void quiesce_and_remove_host(struct us_data *us) ...@@ -833,6 +833,19 @@ static void quiesce_and_remove_host(struct us_data *us)
/* Wait for the current command to finish, then remove the host */ /* Wait for the current command to finish, then remove the host */
down(&us->dev_semaphore); down(&us->dev_semaphore);
up(&us->dev_semaphore); up(&us->dev_semaphore);
/* queuecommand won't accept any new commands and the control
* thread won't execute a previously-queued command. If there
* is such a command pending, complete it with an error. */
if (us->srb) {
us->srb->result = DID_NO_CONNECT << 16;
scsi_lock(us_to_host(us));
us->srb->scsi_done(us->srb);
us->srb = NULL;
scsi_unlock(us_to_host(us));
}
/* Now we own no commands so it's safe to remove the SCSI host */
scsi_remove_host(us_to_host(us)); scsi_remove_host(us_to_host(us));
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册