From: Tejun Heo Date: Fri, 13 May 2005 15:46:08 +0000 (+0900) Subject: [SCSI] remove a timer race in scsi_queue_insert() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=d8c37e7b9a619855e05d5d4e56c68f799b1f539c;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git [SCSI] remove a timer race in scsi_queue_insert() scsi_queue_insert() has four callers. Three callers call with timer disabled and one (the second invocation in scsi_dispatch_cmd()) calls with timer activated. scsi_queue_insert() used to always call scsi_delete_timer() and ignore the return value. This results in race with timer expiration. Remove scsi_delete_timer() call from scsi_queue_insert() and make the caller delete timer and check the return value. Signed-off-by: Tejun Heo Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c index 05d2bd075fd..0d730f646bc 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c @@ -638,10 +638,12 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) } spin_unlock_irqrestore(host->host_lock, flags); if (rtn) { - atomic_inc(&cmd->device->iodone_cnt); - scsi_queue_insert(cmd, - (rtn == SCSI_MLQUEUE_DEVICE_BUSY) ? - rtn : SCSI_MLQUEUE_HOST_BUSY); + if (scsi_delete_timer(cmd)) { + atomic_inc(&cmd->device->iodone_cnt); + scsi_queue_insert(cmd, + (rtn == SCSI_MLQUEUE_DEVICE_BUSY) ? + rtn : SCSI_MLQUEUE_HOST_BUSY); + } SCSI_LOG_MLQUEUE(3, printk("queuecommand : request rejected\n")); } diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index c3bb28c3fee..9f996499fa9 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -128,13 +128,7 @@ int scsi_queue_insert(struct scsi_cmnd *cmd, int reason) printk("Inserting command %p into mlqueue\n", cmd)); /* - * We are inserting the command into the ml queue. First, we - * cancel the timer, so it doesn't time out. - */ - scsi_delete_timer(cmd); - - /* - * Next, set the appropriate busy bit for the device/host. + * Set the appropriate busy bit for the device/host. * * If the host/device isn't busy, assume that something actually * completed, and that we should be able to queue a command now.