[PATCH] Fix SCSI scanning slab corruption
authorBrian King <brking@us.ibm.com>
Mon, 12 Dec 2005 19:05:08 +0000 (13:05 -0600)
committerLinus Torvalds <torvalds@g5.osdl.org>
Mon, 12 Dec 2005 20:35:39 +0000 (12:35 -0800)
There is a double free in the scsi scan code if a LLDD's slave_alloc()
call fails.  There is a direct call to scsi_free_queue and then the
following put_device calls the release function, which also frees the
queue.

Remove the redundant scsi_free_queue.

Signed-off-by: Brian King <brking@us.ibm.com>
Tested-by: Nathan Lynch <ntl@pobox.com>
[ Also removed some strange whitespace artifacts in that area ]
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
drivers/scsi/scsi_scan.c

index 374853df9cca10fb733b9eff4ffc8aa373ee5ffc..94e5167f260dbc93642b554ac2378cbc5f546908 100644 (file)
@@ -266,8 +266,6 @@ static struct scsi_device *scsi_alloc_sdev(struct scsi_target *starget,
                        /*
                         * if LLDD reports slave not present, don't clutter
                         * console with alloc failure messages
-
-
                         */
                        if (ret == -ENXIO)
                                display_failure_msg = 0;
@@ -279,7 +277,6 @@ static struct scsi_device *scsi_alloc_sdev(struct scsi_target *starget,
 
 out_device_destroy:
        transport_destroy_device(&sdev->sdev_gendev);
-       scsi_free_queue(sdev->request_queue);
        put_device(&sdev->sdev_gendev);
 out:
        if (display_failure_msg)