Skip to content

Commit

Permalink
[SCSI] Revert "sg: checking sdp->detached isn't protected when open"
Browse files Browse the repository at this point in the history 
This reverts commit e32c9e6.

This is one of four patches that was causing this bug

[  205.372823] ================================================
[  205.372901] [ BUG: lock held when returning to user space! ]
[  205.372979] 3.12.0-rc6-hw-debug-pagealloc+ torvalds#67 Not tainted
[  205.373055] ------------------------------------------------
[  205.373132] megarc.bin/5283 is leaving the kernel with locks still held!
[  205.373212] 1 lock held by megarc.bin/5283:
[  205.373285]  #0:  (&sdp->o_sem){.+.+..}, at: [<ffffffff8161e650>] sg_open+0x3a0/0x4d0

Cc: Vaughan Cao <vaughan.cao@oracle.com>
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
  • Loading branch information
James Bottomley authored and James Bottomley committed Oct 25, 2013
1 parent c0d3b9c commit bafc8ad
Showing 1 changed file with 8 additions and 9 deletions.
17 changes: 8 additions & 9 deletions drivers/scsi/sg.c
View file
Expand Up @@ -295,20 +295,23 @@ sg_open(struct inode *inode, struct file *filp)
if (flags & O_EXCL)
sdp->exclude = 1; /* used by release lock */

if (sdp->detached) {
retval = -ENODEV;
goto sem_out;
}
if (sfds_list_empty(sdp)) { /* no existing opens on this device */
sdp->sgdebug = 0;
q = sdp->device->request_queue;
sdp->sg_tablesize = queue_max_segments(q);
}
sfp = sg_add_sfp(sdp, dev);
if (!IS_ERR(sfp))
if ((sfp = sg_add_sfp(sdp, dev)))
filp->private_data = sfp;
/* retval is already provably zero at this point because of the
* check after retval = scsi_autopm_get_device(sdp->device))
*/
else {
retval = PTR_ERR(sfp);

retval = -ENOMEM;
sem_out:
if (flags & O_EXCL) {
sdp->exclude = 0; /* undo if error */
up_write(&sdp->o_sem);
Expand Down Expand Up @@ -2042,7 +2045,7 @@ sg_add_sfp(Sg_device * sdp, int dev)

sfp = kzalloc(sizeof(*sfp), GFP_ATOMIC | __GFP_NOWARN);
if (!sfp)
return ERR_PTR(-ENOMEM);
return NULL;

init_waitqueue_head(&sfp->read_wait);
rwlock_init(&sfp->rq_list_lock);
Expand All @@ -2057,10 +2060,6 @@ sg_add_sfp(Sg_device * sdp, int dev)
sfp->keep_orphan = SG_DEF_KEEP_ORPHAN;
sfp->parentdp = sdp;
write_lock_irqsave(&sg_index_lock, iflags);
if (sdp->detached) {
write_unlock_irqrestore(&sg_index_lock, iflags);
return ERR_PTR(-ENODEV);
}
list_add_tail(&sfp->sfd_siblings, &sdp->sfds);
write_unlock_irqrestore(&sg_index_lock, iflags);
SCSI_LOG_TIMEOUT(3, printk("sg_add_sfp: sfp=0x%p\n", sfp));
Expand Down

0 comments on commit bafc8ad

Please sign in to comment.