diff options
author | Mark Rustad <mark.d.rustad@intel.com> | 2012-06-21 15:23:42 -0400 |
---|---|---|
committer | James Bottomley <JBottomley@Parallels.com> | 2012-07-08 04:40:51 -0400 |
commit | 222a806af830fda34ad1f6bc991cd226916de060 (patch) | |
tree | fe6a727db036c0037f299a59d223ef95931140e2 /include | |
parent | bd0a521e88aa7a06ae7aabaed7ae196ed4ad867a (diff) |
[SCSI] Fix NULL dereferences in scsi_cmd_to_driver
Avoid crashing if the private_data pointer happens to be NULL. This has
been seen sometimes when a host reset happens, notably when there are
many LUNs:
host3: Assigned Port ID 0c1601
scsi host3: libfc: Host reset succeeded on port (0c1601)
BUG: unable to handle kernel NULL pointer dereference at 0000000000000350
IP: [<ffffffff81352bb8>] scsi_send_eh_cmnd+0x58/0x3a0
<snip>
Process scsi_eh_3 (pid: 4144, threadinfo ffff88030920c000, task ffff880326b160c0)
Stack:
000000010372e6ba 0000000000000282 000027100920dca0 ffffffffa0038ee0
0000000000000000 0000000000030003 ffff88030920dc80 ffff88030920dc80
00000002000e0000 0000000a00004000 ffff8803242f7760 ffff88031326ed80
Call Trace:
[<ffffffff8105b590>] ? lock_timer_base+0x70/0x70
[<ffffffff81352fbe>] scsi_eh_tur+0x3e/0xc0
[<ffffffff81353a36>] scsi_eh_test_devices+0x76/0x170
[<ffffffff81354125>] scsi_eh_host_reset+0x85/0x160
[<ffffffff81354291>] scsi_eh_ready_devs+0x91/0x110
[<ffffffff813543fd>] scsi_unjam_host+0xed/0x1f0
[<ffffffff813546a8>] scsi_error_handler+0x1a8/0x200
[<ffffffff81354500>] ? scsi_unjam_host+0x1f0/0x1f0
[<ffffffff8106ec3e>] kthread+0x9e/0xb0
[<ffffffff81509264>] kernel_thread_helper+0x4/0x10
[<ffffffff8106eba0>] ? kthread_freezable_should_stop+0x70/0x70
[<ffffffff81509260>] ? gs_change+0x13/0x13
Code: 25 28 00 00 00 48 89 45 c8 31 c0 48 8b 87 80 00 00 00 48 8d b5 60 ff ff ff 89 d1 48 89 fb 41 89 d6 4c 89 fa 48 8b 80 b8 00 00 00
<48> 8b 80 50 03 00 00 48 8b 00 48 89 85 38 ff ff ff 48 8b 07 4c
RIP [<ffffffff81352bb8>] scsi_send_eh_cmnd+0x58/0x3a0
RSP <ffff88030920dc50>
CR2: 0000000000000350
Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
Tested-by: Marcus Dennis <marcusx.e.dennis@intel.com>
Cc: <stable@kernel.org>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/scsi/scsi_cmnd.h | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/include/scsi/scsi_cmnd.h b/include/scsi/scsi_cmnd.h index 1e1198546c72..ac06cc595890 100644 --- a/include/scsi/scsi_cmnd.h +++ b/include/scsi/scsi_cmnd.h | |||
@@ -134,10 +134,16 @@ struct scsi_cmnd { | |||
134 | 134 | ||
135 | static inline struct scsi_driver *scsi_cmd_to_driver(struct scsi_cmnd *cmd) | 135 | static inline struct scsi_driver *scsi_cmd_to_driver(struct scsi_cmnd *cmd) |
136 | { | 136 | { |
137 | struct scsi_driver **sdp; | ||
138 | |||
137 | if (!cmd->request->rq_disk) | 139 | if (!cmd->request->rq_disk) |
138 | return NULL; | 140 | return NULL; |
139 | 141 | ||
140 | return *(struct scsi_driver **)cmd->request->rq_disk->private_data; | 142 | sdp = (struct scsi_driver **)cmd->request->rq_disk->private_data; |
143 | if (!sdp) | ||
144 | return NULL; | ||
145 | |||
146 | return *sdp; | ||
141 | } | 147 | } |
142 | 148 | ||
143 | extern struct scsi_cmnd *scsi_get_command(struct scsi_device *, gfp_t); | 149 | extern struct scsi_cmnd *scsi_get_command(struct scsi_device *, gfp_t); |