aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorMatthew Dharm <mdharm-usb@one-eyed-alien.net>2005-07-28 17:45:50 -0400
committerGreg Kroah-Hartman <gregkh@suse.de>2005-09-08 19:22:55 -0400
commit26186ba77b493204ae0fadc3c88a67b14f22168f (patch)
tree6fc0d50a4d286df33b18f21e0994b09637d0c6c8 /drivers
parent77f46328fb83b64befd889ebce6d7fb959932509 (diff)
[PATCH] USB Storage: close a race condition in disconnect near queuecommand
This patch started life as as534, and has been re-diffed against the latest tree. usb-storage has a small loophole, a window between the time queuecommand accepts a new command and the time the control thread starts to execute it. If disconnect is called during that window, the driver won't cancel the pending command -- we've been relying on the SCSI core to cancel it for us during host removal. But it's better for usb-storage to cancel it; this avoids races and reduces reliance on the SCSI core. Fortunately cancelling these commands is easy to do; the key is to do it _before_ calling scsi_remove_host. Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Matthew Dharm <mdharm-usb@one-eyed-alien.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/usb/storage/usb.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/drivers/usb/storage/usb.c b/drivers/usb/storage/usb.c
index 255771151399..97b9ebb8a082 100644
--- a/drivers/usb/storage/usb.c
+++ b/drivers/usb/storage/usb.c
@@ -833,6 +833,19 @@ static void quiesce_and_remove_host(struct us_data *us)
833 /* Wait for the current command to finish, then remove the host */ 833 /* Wait for the current command to finish, then remove the host */
834 down(&us->dev_semaphore); 834 down(&us->dev_semaphore);
835 up(&us->dev_semaphore); 835 up(&us->dev_semaphore);
836
837 /* queuecommand won't accept any new commands and the control
838 * thread won't execute a previously-queued command. If there
839 * is such a command pending, complete it with an error. */
840 if (us->srb) {
841 us->srb->result = DID_NO_CONNECT << 16;
842 scsi_lock(us_to_host(us));
843 us->srb->scsi_done(us->srb);
844 us->srb = NULL;
845 scsi_unlock(us_to_host(us));
846 }
847
848 /* Now we own no commands so it's safe to remove the SCSI host */
836 scsi_remove_host(us_to_host(us)); 849 scsi_remove_host(us_to_host(us));
837} 850}
838 851