Commit 4d53a003 authored by Linus Torvalds's avatar Linus Torvalds

Make sure we don't access "cmd" in ide-scsi after having

started the command - it may not exist any more.

In particular, load the host early in order to do proper
locking without having to access the command structure later.

Noted by Andries Brouwer.
parent d0365251
...@@ -788,7 +788,8 @@ static inline int should_transform(ide_drive_t *drive, Scsi_Cmnd *cmd) ...@@ -788,7 +788,8 @@ static inline int should_transform(ide_drive_t *drive, Scsi_Cmnd *cmd)
static int idescsi_queue (Scsi_Cmnd *cmd, void (*done)(Scsi_Cmnd *)) static int idescsi_queue (Scsi_Cmnd *cmd, void (*done)(Scsi_Cmnd *))
{ {
idescsi_scsi_t *scsi = scsihost_to_idescsi(cmd->device->host); struct Scsi_Host *host = cmd->device->host;
idescsi_scsi_t *scsi = scsihost_to_idescsi(host);
ide_drive_t *drive = scsi->drive; ide_drive_t *drive = scsi->drive;
struct request *rq = NULL; struct request *rq = NULL;
idescsi_pc_t *pc = NULL; idescsi_pc_t *pc = NULL;
...@@ -839,9 +840,9 @@ static int idescsi_queue (Scsi_Cmnd *cmd, void (*done)(Scsi_Cmnd *)) ...@@ -839,9 +840,9 @@ static int idescsi_queue (Scsi_Cmnd *cmd, void (*done)(Scsi_Cmnd *))
rq->special = (char *) pc; rq->special = (char *) pc;
rq->bio = idescsi_dma_bio (drive, pc); rq->bio = idescsi_dma_bio (drive, pc);
rq->flags = REQ_SPECIAL; rq->flags = REQ_SPECIAL;
spin_unlock_irq(cmd->device->host->host_lock); spin_unlock_irq(host->host_lock);
(void) ide_do_drive_cmd (drive, rq, ide_end); (void) ide_do_drive_cmd (drive, rq, ide_end);
spin_lock_irq(cmd->device->host->host_lock); spin_lock_irq(host->host_lock);
return 0; return 0;
abort: abort:
if (pc) kfree (pc); if (pc) kfree (pc);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment