The existing code could allow the use of a list pointer that is
grabbed prior to the lock, changes while waiting for the lock, thus
is no longer valid while the lock is held.
-- james s
--- a/drivers/scsi/scsi.c 2006-02-06 06:01:12.000000000 -0500
+++ b/drivers/scsi/scsi.c.NEW 2006-02-21 17:30:31.000000000 -0500
@@ -1015,11 +1015,12 @@ EXPORT_SYMBOL(scsi_device_put);
struct scsi_device *__scsi_iterate_devices(struct Scsi_Host *shost,
struct scsi_device *prev)
{
- struct list_head *list = (prev ? &prev->siblings : &shost->__devices);
+ struct list_head *list;
struct scsi_device *next = NULL;
unsigned long flags;
spin_lock_irqsave(shost->host_lock, flags);
+ list = (prev ? &prev->siblings : &shost->__devices);
while (list->next != &shost->__devices) {
next = list_entry(list->next, struct scsi_device, siblings);
/* skip devices that we can't get a reference to */
-
: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
