Re: [Stable-review] [28/55] [SCSI] fix crash in scsi_dispatch_cmd()

[James Bottomley]

On Mon, 2011-08-08 at 19:10 +0100, Ben Hutchings wrote:
> On Mon, Aug 08, 2011 at 10:04:24AM -0700, Greg KH wrote:
> > On Sun, Aug 07, 2011 at 06:51:24PM +0100, Ben Hutchings wrote:
> > > On Sun, 2011-08-07 at 18:50 +0100, Ben Hutchings wrote:
> > > > On Fri, 2011-08-05 at 17:01 -0700, Greg KH wrote:
> > > > > 2.6.32-longterm review patch.  If anyone has any objections, please let us know.
> > > > > 
> > > > > ------------------
> > > > > 
> > > > > From: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>
> > > > > 
> > > > > commit bfe159a51203c15d23cb3158fffdc25ec4b4dda1 upstream.
> > > > > 
> > > > > USB surprise removal of sr is triggering an oops in
> > > > > scsi_dispatch_command().  What seems to be happening is that USB is
> > > > > hanging on to a queue reference until the last close of the upper
> > > > > device, so the crash is caused by surprise remove of a mounted CD
> > > > > followed by attempted unmount.
> > > > [...]
> > > > 
> > > > This has been reported in 2.6.39.y and 3.0, but not in 2.6.32.y.
> > > 
> > > That is, AFAIK.
> > 
> > Oops, good catch, I've dropped this from the .32 and .33 queue now, it's
> > not needed there at all.
>  
> Well, it is entirely possible that I am confusing multiple bugs (I
> actualy attempted to delete this message from my outgoing mail queue
> as I was becoming less confident about it).  I assume James can
> confirm one way or the other.

No ... There is an original bug somewhere that might permeate to 2.6.32
which the patch series fixes, but I don't think all the precursors were
stable tagged and it's a race condition which only started showing up in
2.6.38.

James

èº{.nÇ+‰·Ÿ®‰­†+%ŠËlzwm…ébëæìr¸›zX§»®w¥Š{ayºÊÚë,j­¢f£¢·hš‹àz¹®w¥¢¸¢·¦j:+v‰¨ŠwèjØm¶Ÿÿ¾«‘êçzZ+ƒùšŽŠÝj"ú!¶iO•æ¬z·švØ^¶m§ÿðÃnÆàþY&—