On 04/11/12 16:10, Martin K. Petersen wrote:
> diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c
> index 2cfcbff..386f0c5 100644
> --- a/drivers/scsi/scsi_error.c
> +++ b/drivers/scsi/scsi_error.c
> @@ -835,7 +835,7 @@ static int scsi_send_eh_cmnd(struct scsi_cmnd *scmd, unsigned char *cmnd,
>
> scsi_eh_restore_cmnd(scmd, &ses);
>
> - if (sdrv->eh_action)
> + if (sdrv && sdrv->eh_action)
> rtn = sdrv->eh_action(scmd, cmnd, cmnd_size, rtn);
>
> return rtn;
> diff --git a/include/scsi/scsi_cmnd.h b/include/scsi/scsi_cmnd.h
> index 377df4a..1e11985 100644
> --- a/include/scsi/scsi_cmnd.h
> +++ b/include/scsi/scsi_cmnd.h
> @@ -134,6 +134,9 @@ struct scsi_cmnd {
>
> static inline struct scsi_driver *scsi_cmd_to_driver(struct scsi_cmnd *cmd)
> {
> + if (!cmd->request->rq_disk)
> + return NULL;
> +
> return *(struct scsi_driver **)cmd->request->rq_disk->private_data;
> }
What if the rq_disk pointer is cleared by another kernel thread after it
has been checked but before it is used ?
Personally I would feel more comfortable if code inside sd_eh_action() /
sd_show_max_medium_access_timeouts() /
sd_store_max_medium_access_timeouts() would be moved inside the SCSI
core such that scsi_send_eh_cmnd() doesn't have to access struct
scsi_driver.
Bart.
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
