[SCSI] fix locking around blk_abort_request()

htejun · James Bottomley · commit 70b25f890ce9 · 2010-05-01T14:17:19.000-05:00
blk_abort_request() expects queue lock to be held by the caller.
Grab it before calling the function.

Lack of this synchronization led to infinite loop on corrupt
q-&gt;timeout_list.

Signed-off-by: Tejun Heo &lt;tj@kernel.org&gt;
Cc: stable@kernel.org
Signed-off-by: James Bottomley &lt;James.Bottomley@suse.de&gt;
diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
@@ -395,11 +395,15 @@ int sas_ata_init_host_and_port(struct domain_device *found_dev,
 void sas_ata_task_abort(struct sas_task *task)
 {
 	struct ata_queued_cmd *qc = task->uldd_task;
+	struct request_queue *q = qc->scsicmd->device->request_queue;
 	struct completion *waiting;
+	unsigned long flags;
 
 	/* Bounce SCSI-initiated commands to the SCSI EH */
 	if (qc->scsicmd) {
+		spin_lock_irqsave(q->queue_lock, flags);
 		blk_abort_request(qc->scsicmd->request);
+		spin_unlock_irqrestore(q->queue_lock, flags);
 		scsi_schedule_eh(qc->scsicmd->device->host);
 		return;
 	}
diff --git a/drivers/scsi/libsas/sas_scsi_host.c b/drivers/scsi/libsas/sas_scsi_host.c
@@ -1030,6 +1030,8 @@ int __sas_task_abort(struct sas_task *task)
 void sas_task_abort(struct sas_task *task)
 {
 	struct scsi_cmnd *sc = task->uldd_task;
+	struct request_queue *q = sc->device->request_queue;
+	unsigned long flags;
 
 	/* Escape for libsas internal commands */
 	if (!sc) {
@@ -1044,7 +1046,9 @@ void sas_task_abort(struct sas_task *task)
 		return;
 	}
 
+	spin_lock_irqsave(q->queue_lock, flags);
 	blk_abort_request(sc->request);
+	spin_unlock_irqrestore(q->queue_lock, flags);
 	scsi_schedule_eh(sc->device->host);
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1030,6 +1030,8 @@ int __sas_task_abort(struct sas_task *task)`
`1030`	`1030`	`void sas_task_abort(struct sas_task *task)`
`1031`	`1031`	`{`
`1032`	`1032`	`struct scsi_cmnd *sc = task->uldd_task;`
	`1033`	`+ struct request_queue *q = sc->device->request_queue;`
	`1034`	`+ unsigned long flags;`
`1033`	`1035`
`1034`	`1036`	`/* Escape for libsas internal commands */`
`1035`	`1037`	`if (!sc) {`
`@@ -1044,7 +1046,9 @@ void sas_task_abort(struct sas_task *task)`
`1044`	`1046`	`return;`
`1045`	`1047`	`}`
`1046`	`1048`
	`1049`	`+ spin_lock_irqsave(q->queue_lock, flags);`
`1047`	`1050`	`blk_abort_request(sc->request);`
	`1051`	`+ spin_unlock_irqrestore(q->queue_lock, flags);`
`1048`	`1052`	`scsi_schedule_eh(sc->device->host);`
`1049`	`1053`	`}`
`1050`	`1054`