[SCSI] fix usb storage oops

The problem is that scsi_run_queue is called from scsi_next_command()
after doing a scsi_put_command.  If the command was the only thing
holding the reference on the scsi_device then the resulting device put
will tear down the block queue.  Fix this by taking a reference to the
device and holding it around scsi_run_queue()

Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>

diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index 4afef5cdcb17568c1380d3987d1e4c4661dc16e4..ce9d73a292e2a0f273992efd56e7cb7370f2bbc0 100644 (file)
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -542,10 +542,17 @@ static void scsi_requeue_command(struct request_queue *q, struct scsi_cmnd *cmd)
 
 void scsi_next_command(struct scsi_cmnd *cmd)
 {
-       struct request_queue *q = cmd->device->request_queue;
+       struct scsi_device *sdev = cmd->device;
+       struct request_queue *q = sdev->request_queue;
+
+       /* need to hold a reference on the device before we let go of the cmd */
+       get_device(&sdev->sdev_gendev);
 
        scsi_put_command(cmd);
        scsi_run_queue(q);
+
+       /* ok to remove device now */
+       put_device(&sdev->sdev_gendev);
 }
 
 void scsi_run_host_queues(struct Scsi_Host *shost)