[SCSI] Revert "sg: checking sdp->detached isn't protected when open"

This reverts commit e32c9e6300e3af659cbfe45e90a1e7dcd3572ada. This is one of four patches that was causing this bug [ 205.372823] ================================================ [ 205.372901] [ BUG: lock held when returning to user space! ] [ 205.372979] 3.12.0-rc6-hw-debug-pagealloc+ #67 Not tainted [ 205.373055] ------------------------------------------------ [ 205.373132] megarc.bin/5283 is leaving the kernel with locks still held! [ 205.373212] 1 lock held by megarc.bin/5283: [ 205.373285] #0: (&sdp->o_sem){.+.+..}, at: [<ffffffff8161e650>] sg_open+0x3a0/0x4d0 Cc: Vaughan Cao <vaughan.cao@oracle.com> Acked-by: Douglas Gilbert <dgilbert@interlog.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
author: James Bottomley <JBottomley@Parallels.com> 2013-10-25 05:25:14 -0400
committer: James Bottomley <JBottomley@Parallels.com> 2013-10-25 05:59:02 -0400
commit: bafc8ad82d482f9ecb9111969a3fdcef366bf8cb (patch)
tree: 6e6ad87c84fd2b8d6d2a78c1c5c160db3a3e18c7
parent: c0d3b9c29ed22d449481bcfac267a879034a3a5b (diff)
1 files changed, 8 insertions, 9 deletions
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index 64df1ab141e5..d4af13269e85 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -295,20 +295,23 @@ sg_open(struct inode *inode, struct file *filp)
        if (flags & O_EXCL)
                sdp->exclude = 1;       /* used by release lock */
+        if (sdp->detached) {
+                retval = -ENODEV;
+                goto sem_out;
+        }
        if (sfds_list_empty(sdp)) {     /* no existing opens on this device */
                sdp->sgdebug = 0;
                q = sdp->device->request_queue;
                sdp->sg_tablesize = queue_max_segments(q);
        }
-        sfp = sg_add_sfp(sdp, dev);
+        if ((sfp = sg_add_sfp(sdp, dev)))
-        if (!IS_ERR(sfp))
                filp->private_data = sfp;
                /* retval is already provably zero at this point because of the
                 * check after retval = scsi_autopm_get_device(sdp->device))
                 */
        else {
-                retval = PTR_ERR(sfp);
+                retval = -ENOMEM;
+sem_out:
                if (flags & O_EXCL) {
                        sdp->exclude = 0;       /* undo if error */
                        up_write(&sdp->o_sem);
@@ -2042,7 +2045,7 @@ sg_add_sfp(Sg_device * sdp, int dev)
        sfp = kzalloc(sizeof(*sfp), GFP_ATOMIC | __GFP_NOWARN);
        if (!sfp)
-                return ERR_PTR(-ENOMEM);
+                return NULL;
        init_waitqueue_head(&sfp->read_wait);
        rwlock_init(&sfp->rq_list_lock);
@@ -2057,10 +2060,6 @@ sg_add_sfp(Sg_device * sdp, int dev)
        sfp->keep_orphan = SG_DEF_KEEP_ORPHAN;
        sfp->parentdp = sdp;
        write_lock_irqsave(&sg_index_lock, iflags);
-        if (sdp->detached) {
-                write_unlock_irqrestore(&sg_index_lock, iflags);
-                return ERR_PTR(-ENODEV);
-        }
        list_add_tail(&sfp->sfd_siblings, &sdp->sfds);
        write_unlock_irqrestore(&sg_index_lock, iflags);
        SCSI_LOG_TIMEOUT(3, printk("sg_add_sfp: sfp=0x%p\n", sfp));
author	James Bottomley <JBottomley@Parallels.com>	2013-10-25 05:25:14 -0400
committer	James Bottomley <JBottomley@Parallels.com>	2013-10-25 05:59:02 -0400
commit	bafc8ad82d482f9ecb9111969a3fdcef366bf8cb (patch)
tree	6e6ad87c84fd2b8d6d2a78c1c5c160db3a3e18c7
parent	c0d3b9c29ed22d449481bcfac267a879034a3a5b (diff)

diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 64df1ab141e5..d4af13269e85 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c
@@ -295,20 +295,23 @@ sg_open(struct inode inode, struct file filp)
295	if (flags & O_EXCL)	295	if (flags & O_EXCL)
296	sdp->exclude = 1; /* used by release lock */	296	sdp->exclude = 1; /* used by release lock */
297		297
		298	if (sdp->detached) {
		299	retval = -ENODEV;
		300	goto sem_out;
		301	}
298	if (sfds_list_empty(sdp)) { /* no existing opens on this device */	302	if (sfds_list_empty(sdp)) { /* no existing opens on this device */
299	sdp->sgdebug = 0;	303	sdp->sgdebug = 0;
300	q = sdp->device->request_queue;	304	q = sdp->device->request_queue;
301	sdp->sg_tablesize = queue_max_segments(q);	305	sdp->sg_tablesize = queue_max_segments(q);
302	}	306	}
303	sfp = sg_add_sfp(sdp, dev);	307	if ((sfp = sg_add_sfp(sdp, dev)))
304	if (!IS_ERR(sfp))
305	filp->private_data = sfp;	308	filp->private_data = sfp;
306	/* retval is already provably zero at this point because of the	309	/* retval is already provably zero at this point because of the
307	* check after retval = scsi_autopm_get_device(sdp->device))	310	* check after retval = scsi_autopm_get_device(sdp->device))
308	*/	311	*/
309	else {	312	else {
310	retval = PTR_ERR(sfp);	313	retval = -ENOMEM;
311		314	sem_out:
312	if (flags & O_EXCL) {	315	if (flags & O_EXCL) {
313	sdp->exclude = 0; /* undo if error */	316	sdp->exclude = 0; /* undo if error */
314	up_write(&sdp->o_sem);	317	up_write(&sdp->o_sem);
@@ -2042,7 +2045,7 @@ sg_add_sfp(Sg_device * sdp, int dev)
2042		2045
2043	sfp = kzalloc(sizeof(*sfp), GFP_ATOMIC \| __GFP_NOWARN);	2046	sfp = kzalloc(sizeof(*sfp), GFP_ATOMIC \| __GFP_NOWARN);
2044	if (!sfp)	2047	if (!sfp)
2045	return ERR_PTR(-ENOMEM);	2048	return NULL;
2046		2049
2047	init_waitqueue_head(&sfp->read_wait);	2050	init_waitqueue_head(&sfp->read_wait);
2048	rwlock_init(&sfp->rq_list_lock);	2051	rwlock_init(&sfp->rq_list_lock);
@@ -2057,10 +2060,6 @@ sg_add_sfp(Sg_device * sdp, int dev)
2057	sfp->keep_orphan = SG_DEF_KEEP_ORPHAN;	2060	sfp->keep_orphan = SG_DEF_KEEP_ORPHAN;
2058	sfp->parentdp = sdp;	2061	sfp->parentdp = sdp;
2059	write_lock_irqsave(&sg_index_lock, iflags);	2062	write_lock_irqsave(&sg_index_lock, iflags);
2060	if (sdp->detached) {
2061	write_unlock_irqrestore(&sg_index_lock, iflags);
2062	return ERR_PTR(-ENODEV);
2063	}
2064	list_add_tail(&sfp->sfd_siblings, &sdp->sfds);	2063	list_add_tail(&sfp->sfd_siblings, &sdp->sfds);
2065	write_unlock_irqrestore(&sg_index_lock, iflags);	2064	write_unlock_irqrestore(&sg_index_lock, iflags);
2066	SCSI_LOG_TIMEOUT(3, printk("sg_add_sfp: sfp=0x%p\n", sfp));	2065	SCSI_LOG_TIMEOUT(3, printk("sg_add_sfp: sfp=0x%p\n", sfp));