aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/s390
diff options
context:
space:
mode:
authorStefan Weinhuber <wein@de.ibm.com>2008-02-19 09:29:27 -0500
committerMartin Schwidefsky <schwidefsky@de.ibm.com>2008-02-19 09:29:33 -0500
commit03513bccad33667ed738cfd96dc5757e539e0bdb (patch)
treefd6d91ac38deb371bb29b567894056a8c8f9e4e0 /drivers/s390
parent11ab244c9faead91683a12e4cb10d26b279bb4aa (diff)
[S390] dasd: fix locking in __dasd_device_process_final_queue
After setting the status of the cqr and releasing the lock for the block cqr queue, we call the cqr callback function, which will usually just trigger the dasd_block_tasklet. But when the tasklet is already running the cqr might be processed before we invoke the callback function. In rare cases the callback pointer may already be invalid by the time we want to call it, which will result in a panic. Solution: Call the callback function first and then release the lock. Signed-off-by: Stefan Weinhuber <wein@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'drivers/s390')
-rw-r--r--drivers/s390/block/dasd.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/drivers/s390/block/dasd.c b/drivers/s390/block/dasd.c
index d984e0fae63..ccf46c96adb 100644
--- a/drivers/s390/block/dasd.c
+++ b/drivers/s390/block/dasd.c
@@ -1149,12 +1149,14 @@ static void __dasd_device_process_final_queue(struct dasd_device *device,
1149{ 1149{
1150 struct list_head *l, *n; 1150 struct list_head *l, *n;
1151 struct dasd_ccw_req *cqr; 1151 struct dasd_ccw_req *cqr;
1152 struct dasd_block *block;
1152 1153
1153 list_for_each_safe(l, n, final_queue) { 1154 list_for_each_safe(l, n, final_queue) {
1154 cqr = list_entry(l, struct dasd_ccw_req, devlist); 1155 cqr = list_entry(l, struct dasd_ccw_req, devlist);
1155 list_del_init(&cqr->devlist); 1156 list_del_init(&cqr->devlist);
1156 if (cqr->block) 1157 block = cqr->block;
1157 spin_lock_bh(&cqr->block->queue_lock); 1158 if (block)
1159 spin_lock_bh(&block->queue_lock);
1158 switch (cqr->status) { 1160 switch (cqr->status) {
1159 case DASD_CQR_SUCCESS: 1161 case DASD_CQR_SUCCESS:
1160 cqr->status = DASD_CQR_DONE; 1162 cqr->status = DASD_CQR_DONE;
@@ -1172,15 +1174,13 @@ static void __dasd_device_process_final_queue(struct dasd_device *device,
1172 cqr, cqr->status); 1174 cqr, cqr->status);
1173 BUG(); 1175 BUG();
1174 } 1176 }
1175 if (cqr->block)
1176 spin_unlock_bh(&cqr->block->queue_lock);
1177 if (cqr->callback != NULL) 1177 if (cqr->callback != NULL)
1178 (cqr->callback)(cqr, cqr->callback_data); 1178 (cqr->callback)(cqr, cqr->callback_data);
1179 if (block)
1180 spin_unlock_bh(&block->queue_lock);
1179 } 1181 }
1180} 1182}
1181 1183
1182
1183
1184/* 1184/*
1185 * Take a look at the first request on the ccw queue and check 1185 * Take a look at the first request on the ccw queue and check
1186 * if it reached its expire time. If so, terminate the IO. 1186 * if it reached its expire time. If so, terminate the IO.