From: James Bottomley Date: Fri, 25 Oct 2013 09:25:14 +0000 (+0100) Subject: [SCSI] Revert "sg: checking sdp->detached isn't protected when open" X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=bafc8ad82d482f9ecb9111969a3fdcef366bf8cb;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git [SCSI] Revert "sg: checking sdp->detached isn't protected when open" This reverts commit e32c9e6300e3af659cbfe45e90a1e7dcd3572ada. This is one of four patches that was causing this bug [ 205.372823] ================================================ [ 205.372901] [ BUG: lock held when returning to user space! ] [ 205.372979] 3.12.0-rc6-hw-debug-pagealloc+ #67 Not tainted [ 205.373055] ------------------------------------------------ [ 205.373132] megarc.bin/5283 is leaving the kernel with locks still held! [ 205.373212] 1 lock held by megarc.bin/5283: [ 205.373285] #0: (&sdp->o_sem){.+.+..}, at: [] sg_open+0x3a0/0x4d0 Cc: Vaughan Cao Acked-by: Douglas Gilbert Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 64df1ab141e5..d4af13269e85 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -295,20 +295,23 @@ sg_open(struct inode *inode, struct file *filp) if (flags & O_EXCL) sdp->exclude = 1; /* used by release lock */ + if (sdp->detached) { + retval = -ENODEV; + goto sem_out; + } if (sfds_list_empty(sdp)) { /* no existing opens on this device */ sdp->sgdebug = 0; q = sdp->device->request_queue; sdp->sg_tablesize = queue_max_segments(q); } - sfp = sg_add_sfp(sdp, dev); - if (!IS_ERR(sfp)) + if ((sfp = sg_add_sfp(sdp, dev))) filp->private_data = sfp; /* retval is already provably zero at this point because of the * check after retval = scsi_autopm_get_device(sdp->device)) */ else { - retval = PTR_ERR(sfp); - + retval = -ENOMEM; +sem_out: if (flags & O_EXCL) { sdp->exclude = 0; /* undo if error */ up_write(&sdp->o_sem); @@ -2042,7 +2045,7 @@ sg_add_sfp(Sg_device * sdp, int dev) sfp = kzalloc(sizeof(*sfp), GFP_ATOMIC | __GFP_NOWARN); if (!sfp) - return ERR_PTR(-ENOMEM); + return NULL; init_waitqueue_head(&sfp->read_wait); rwlock_init(&sfp->rq_list_lock); @@ -2057,10 +2060,6 @@ sg_add_sfp(Sg_device * sdp, int dev) sfp->keep_orphan = SG_DEF_KEEP_ORPHAN; sfp->parentdp = sdp; write_lock_irqsave(&sg_index_lock, iflags); - if (sdp->detached) { - write_unlock_irqrestore(&sg_index_lock, iflags); - return ERR_PTR(-ENODEV); - } list_add_tail(&sfp->sfd_siblings, &sdp->sfds); write_unlock_irqrestore(&sg_index_lock, iflags); SCSI_LOG_TIMEOUT(3, printk("sg_add_sfp: sfp=0x%p\n", sfp));