scsi_host_alloc does not check for used shost->host_no

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi everyone,
First of all, it is the first time I am sending something to one of the kernel mail lists. So, if it is not the right place for that, if it is not the only place for that, or I am doing something wrong, or wherever, please, just let me know.
After a good time investigating why modprobe/rmmod pata_pdc2027x lots of times was driven to a kernel panic I found out that the problem was on scsi host layer (if I can call it like this).
In a brief explanation, every time a scsi host is allocated a shost structure get an host_no attribute assigned an as far as I can see it should be unique. The point is that this host_no value comes from a variable that is incremented every time a scsi host is allocated and in a first moment, we will not have two shost structs with the same host_no. But for instance, when this always incremented variable overflows, it does not work anymore and it can happen to have to different shost structures with the same host_no.
I made a patch that solves the problem in a very simple way, but I don't know how acceptable it is. I am sending it in attachment and any feedback will be welcome. 

Thanks
Daniel Debonzi

diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c
index c6457bf..2e191f4 100644
--- a/drivers/scsi/hosts.c
+++ b/drivers/scsi/hosts.c
@@ -310,7 +310,7 @@ struct device_type scsi_host_type = {
  **/
 struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize)
 {
-	struct Scsi_Host *shost;
+	struct Scsi_Host *shost, *tmp_shost;
 	gfp_t gfp_mask = GFP_KERNEL;
 	int rval;
 
@@ -332,7 +332,18 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize)
 
 	mutex_init(&shost->scan_mutex);
 
+	/* 
+	 * Look if host_no is not been used somewhere else. Is is used to
+	 * happen when scsi_host_next_hn overflows and goes back to 0.
+	 */
+ host_no_already_exists:
 	shost->host_no = scsi_host_next_hn++; /* XXX(hch): still racy */
+        if(!IS_ERR(tmp_shost = scsi_host_lookup(shost->host_no)))
+          {
+            scsi_host_put(tmp_shost);
+            goto host_no_already_exists;
+          }
+
 	shost->dma_channel = 0xff;
 
 	/* These three are default values which can be overridden */
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux