Commit b5a10549 authored by Bart Van Assche's avatar Bart Van Assche Committed by Ben Hutchings

Stop accepting SCSI requests before removing a device

commit b485462a upstream.

Avoid that the code for requeueing SCSI requests triggers a
crash by making sure that that code isn't scheduled anymore
after a device has been removed.

Also, source code inspection of __scsi_remove_device() revealed
a race condition in this function: no new SCSI requests must be
accepted for a SCSI device after device removal started.
Signed-off-by: default avatarBart Van Assche <bvanassche@acm.org>
Reviewed-by: default avatarMike Christie <michaelc@cs.wisc.edu>
Acked-by: default avatarTejun Heo <tj@kernel.org>
Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
[bwh: Backported to 3.2: adjust context]
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
parent 3f5ec1a1
...@@ -155,13 +155,14 @@ static int __scsi_queue_insert(struct scsi_cmnd *cmd, int reason, int unbusy) ...@@ -155,13 +155,14 @@ static int __scsi_queue_insert(struct scsi_cmnd *cmd, int reason, int unbusy)
/* /*
* Requeue this command. It will go before all other commands * Requeue this command. It will go before all other commands
* that are already in the queue. * that are already in the queue. Schedule requeue work under
* lock such that the kblockd_schedule_work() call happens
* before blk_cleanup_queue() finishes.
*/ */
spin_lock_irqsave(q->queue_lock, flags); spin_lock_irqsave(q->queue_lock, flags);
blk_requeue_request(q, cmd->request); blk_requeue_request(q, cmd->request);
spin_unlock_irqrestore(q->queue_lock, flags);
kblockd_schedule_work(q, &device->requeue_work); kblockd_schedule_work(q, &device->requeue_work);
spin_unlock_irqrestore(q->queue_lock, flags);
return 0; return 0;
} }
......
...@@ -963,13 +963,20 @@ void __scsi_remove_device(struct scsi_device *sdev) ...@@ -963,13 +963,20 @@ void __scsi_remove_device(struct scsi_device *sdev)
device_del(dev); device_del(dev);
} else } else
put_device(&sdev->sdev_dev); put_device(&sdev->sdev_dev);
/*
* Stop accepting new requests and wait until all queuecommand() and
* scsi_run_queue() invocations have finished before tearing down the
* device.
*/
scsi_device_set_state(sdev, SDEV_DEL); scsi_device_set_state(sdev, SDEV_DEL);
blk_cleanup_queue(sdev->request_queue);
cancel_work_sync(&sdev->requeue_work);
if (sdev->host->hostt->slave_destroy) if (sdev->host->hostt->slave_destroy)
sdev->host->hostt->slave_destroy(sdev); sdev->host->hostt->slave_destroy(sdev);
transport_destroy_device(dev); transport_destroy_device(dev);
/* Freeing the queue signals to block that we're done */
blk_cleanup_queue(sdev->request_queue);
put_device(dev); put_device(dev);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment