[patch 076/100] SCSI: sg: fix q->queue_lock on scsi_error_handler path

From: Chris Wright
Date: Thu Apr 23 2009 - 03:57:42 EST

Next message: Chris Wright: "[patch 070/100] hpt366: fix HPT370 DMA timeouts"
Previous message: Chris Wright: "[patch 089/100] KVM: is_long_mode() should check for EFER.LMA"
In reply to: Chris Wright: "[patch 089/100] KVM: is_long_mode() should check for EFER.LMA"
Next in thread: Chris Wright: "[patch 070/100] hpt366: fix HPT370 DMA timeouts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-stable review patch. If anyone has any objections, please let us know.
---------------------

From: FUJITA Tomonori <fujita.tomonori@xxxxxxxxxxxxx>

upstream commit: 015640edb1f346e0b2eda703587c4cd1c310ec1d

sg_rq_end_io() is called via rq->end_io. In some rare cases,
sg_rq_end_io calls blk_put_request/blk_rq_unmap_user (when a program
issuing a command has gone before the command completion; e.g. by
interrupting a program issuing a command before the command
completes).

We can't call blk_put_request/blk_rq_unmap_user in interrupt so the
commit c96952ed7031e7c576ecf90cf95b8ec099d5295a uses
execute_in_process_context().

The problem is that scsi_error_handler() calls rq->end_io too. We
can't call blk_put_request/blk_rq_unmap_user too in this path (we hold
q->queue_lock).

To avoid the above problem, in these rare cases, this patch always
uses schedule_work() instead of execute_in_process_context().

Signed-off-by: FUJITA Tomonori <fujita.tomonori@xxxxxxxxxxxxx>
Acked-by: Douglas Gilbert <dgilbert@xxxxxxxxxxxx>
Cc: Stable Tree <stable@xxxxxxxxxx>
Signed-off-by: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>
---
drivers/scsi/sg.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)

--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -1323,8 +1323,10 @@ static void sg_rq_end_io(struct request
wake_up_interruptible(&sfp->read_wait);
kill_fasync(&sfp->async_qp, SIGPOLL, POLL_IN);
kref_put(&sfp->f_ref, sg_remove_sfp);
- } else
- execute_in_process_context(sg_rq_end_io_usercontext, &srp->ew);
+ } else {
+ INIT_WORK(&srp->ew.work, sg_rq_end_io_usercontext);
+ schedule_work(&srp->ew.work);
+ }
}

static struct file_operations sg_fops = {
@@ -2134,7 +2136,8 @@ static void sg_remove_sfp(struct kref *k
write_unlock_irqrestore(&sg_index_lock, iflags);
wake_up_interruptible(&sdp->o_excl_wait);

- execute_in_process_context(sg_remove_sfp_usercontext, &sfp->ew);
+ INIT_WORK(&sfp->ew.work, sg_remove_sfp_usercontext);
+ schedule_work(&sfp->ew.work);
}

static int

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "[patch 070/100] hpt366: fix HPT370 DMA timeouts"
Previous message: Chris Wright: "[patch 089/100] KVM: is_long_mode() should check for EFER.LMA"
In reply to: Chris Wright: "[patch 089/100] KVM: is_long_mode() should check for EFER.LMA"
Next in thread: Chris Wright: "[patch 070/100] hpt366: fix HPT370 DMA timeouts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]