scsi_dh: check queuedata pointer before proceeding further

BugLink: http://bugs.launchpad.net/bugs/890952 commit a18a920c70d48a8e4a2b750d8a183b3c1a4be514 upstream. This patch validates sdev pointer in scsi_dh_activate before proceeding further. Without this check we might see the panic as below. I have seen this panic multiple times.. Call trace: #0 [ffff88007d647b50] machine_kexec at ffffffff81020902 #1 [ffff88007d647ba0] crash_kexec at ffffffff810875b0 #2 [ffff88007d647c70] oops_end at ffffffff8139c650 #3 [ffff88007d647c90] __bad_area_nosemaphore at ffffffff8102dd15 #4 [ffff88007d647d50] page_fault at ffffffff8139b8cf [exception RIP: scsi_dh_activate+0x82] RIP: ffffffffa0041922 RSP: ffff88007d647e00 RFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000000093c5 RDX: 00000000000093c5 RSI: ffffffffa02e6640 RDI: ffff88007cc88988 RBP: 000000000000000f R8: ffff88007d646000 R9: 0000000000000000 R10: ffff880082293790 R11: 00000000ffffffff R12: ffff88007cc88988 R13: 0000000000000000 R14: 0000000000000286 R15: ffff880037b845e0 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0000 #5 [ffff88007d647e38] run_workqueue at ffffffff81060268 #6 [ffff88007d647e78] worker_thread at ffffffff81060386 #7 [ffff88007d647ee8] kthread at ffffffff81064436 #8 [ffff88007d647f48] kernel_thread at ffffffff81003fba Signed-off-by: Babu Moger <babu.moger@netapp.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
author: Moger, Babu <Babu.Moger@netapp.com> 2011-10-26 14:29:38 -0400
committer: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com> 2011-11-21 12:55:13 -0500
commit: 320b9ba8fcddaae2a209d779b7adf990d8e6e2fd (patch)
tree: 983df63535473d31a44ee7943aee966bf3dd7519
parent: a5226fbd0b9d3370e10fdc1124eabb9e9ecfacca (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/drivers/scsi/device_handler/scsi_dh.c b/drivers/scsi/device_handler/scsi_dh.c
index 0119b814779..d973325ded2 100644
--- a/drivers/scsi/device_handler/scsi_dh.c
+++ b/drivers/scsi/device_handler/scsi_dh.c
@@ -398,7 +398,15 @@ int scsi_dh_activate(struct request_queue *q, activate_complete fn, void *data)
        spin_lock_irqsave(q->queue_lock, flags);
        sdev = q->queuedata;
-        if (sdev && sdev->scsi_dh_data)
+        if (!sdev) {
+                spin_unlock_irqrestore(q->queue_lock, flags);
+                err = SCSI_DH_NOSYS;
+                if (fn)
+                        fn(data, err);
+                return err;
+        }
+        if (sdev->scsi_dh_data)
                scsi_dh = sdev->scsi_dh_data->scsi_dh;
        dev = get_device(&sdev->sdev_gendev);
        if (!scsi_dh || !dev ||
author	Moger, Babu <Babu.Moger@netapp.com>	2011-10-26 14:29:38 -0400
committer	Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>	2011-11-21 12:55:13 -0500
commit	320b9ba8fcddaae2a209d779b7adf990d8e6e2fd (patch)
tree	983df63535473d31a44ee7943aee966bf3dd7519
parent	a5226fbd0b9d3370e10fdc1124eabb9e9ecfacca (diff)

diff --git a/drivers/scsi/device_handler/scsi_dh.c b/drivers/scsi/device_handler/scsi_dh.c index 0119b814779..d973325ded2 100644 --- a/drivers/scsi/device_handler/scsi_dh.c +++ b/drivers/scsi/device_handler/scsi_dh.c
@@ -398,7 +398,15 @@ int scsi_dh_activate(struct request_queue q, activate_complete fn, void data)
398		398
399	spin_lock_irqsave(q->queue_lock, flags);	399	spin_lock_irqsave(q->queue_lock, flags);
400	sdev = q->queuedata;	400	sdev = q->queuedata;
401	if (sdev && sdev->scsi_dh_data)	401	if (!sdev) {
		402	spin_unlock_irqrestore(q->queue_lock, flags);
		403	err = SCSI_DH_NOSYS;
		404	if (fn)
		405	fn(data, err);
		406	return err;
		407	}
		408
		409	if (sdev->scsi_dh_data)
402	scsi_dh = sdev->scsi_dh_data->scsi_dh;	410	scsi_dh = sdev->scsi_dh_data->scsi_dh;
403	dev = get_device(&sdev->sdev_gendev);	411	dev = get_device(&sdev->sdev_gendev);
404	if (!scsi_dh \|\| !dev \|\|	412	if (!scsi_dh \|\| !dev \|\|