[PATCH 2/2] Another crash in linux kernel at diconnect of usb strorage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>

Asynchronous scan (scsi_add_lun()) sets state to SDEV_RUNNING,
but the device is not registered in sysfs.
Before async scan it was OK, because before releasing scan_mutex
old code called either scsi_sysfs_add_sdev() or scsi_destroy_sdev()
and, therefore, completed the work or discarded it.

With async scan the invariant is broken and scsi crashes
in __scsi_remove_device() when trying to unregister not registered
devices.

The fix could be introducing new state(s), which is equivalent
to SDEV_RUNNING, except for one thing, we know that scsi_sysfs_add_sdev()
has not been called yet. Or a separate flag, because the state
can be SDEV_BLOCK or even something else.

Simpler way is just to check that the device is regstered in sysfs
before unregistering. Another operations in __scsi_remove_device()
seem to be idempotent or even required, because  scsi_add_lun()
makes some part of work duplicated in scsi_sysfs_add_sdev().

Signed-off-by: Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>
CC: James E.J. Bottomley <James.Bottomley@xxxxxxx>
Signed-off-by: Denis V. Lunev <den@xxxxxxxxxx>
---
 drivers/scsi/scsi_sysfs.c |   12 ++++++++++--
 1 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
index 5c7eb63..ea02e9b 100644
--- a/drivers/scsi/scsi_sysfs.c
+++ b/drivers/scsi/scsi_sysfs.c
@@ -927,9 +927,17 @@ void __scsi_remove_device(struct scsi_device *sdev)
 		return;
 
 	bsg_unregister_queue(sdev->request_queue);
-	device_unregister(&sdev->sdev_dev);
+	/* Asynchronous scan violates invariant that SDEV_RUNNING
+	 * implies that device is registered in sysfs.
+	 * We could introduce new state flag or extend set of state,
+	 * but just plain checking that device is registered already
+	 * before trying to unregister it is enough.
+	 */
+	if (sdev->sdev_dev.kobj.parent)
+		device_unregister(&sdev->sdev_dev);
 	transport_remove_device(dev);
-	device_del(dev);
+	if (dev->kobj.parent)
+		device_del(dev);
 	scsi_device_set_state(sdev, SDEV_DEL);
 	if (sdev->host->hostt->slave_destroy)
 		sdev->host->hostt->slave_destroy(sdev);
-- 
1.6.4.4

--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux