From d8c37e7b9a619855e05d5d4e56c68f799b1f539c Mon Sep 17 00:00:00 2001 From: Tejun Heo Date: Sat, 14 May 2005 00:46:08 +0900 Subject: [PATCH] [SCSI] remove a timer race in scsi_queue_insert() scsi_queue_insert() has four callers. Three callers call with timer disabled and one (the second invocation in scsi_dispatch_cmd()) calls with timer activated. scsi_queue_insert() used to always call scsi_delete_timer() and ignore the return value. This results in race with timer expiration. Remove scsi_delete_timer() call from scsi_queue_insert() and make the caller delete timer and check the return value. Signed-off-by: Tejun Heo Signed-off-by: James Bottomley --- drivers/scsi/scsi.c | 10 ++++++---- drivers/scsi/scsi_lib.c | 8 +------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c index 05d2bd075fd4..0d730f646bce 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c @@ -638,10 +638,12 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) } spin_unlock_irqrestore(host->host_lock, flags); if (rtn) { - atomic_inc(&cmd->device->iodone_cnt); - scsi_queue_insert(cmd, - (rtn == SCSI_MLQUEUE_DEVICE_BUSY) ? - rtn : SCSI_MLQUEUE_HOST_BUSY); + if (scsi_delete_timer(cmd)) { + atomic_inc(&cmd->device->iodone_cnt); + scsi_queue_insert(cmd, + (rtn == SCSI_MLQUEUE_DEVICE_BUSY) ? + rtn : SCSI_MLQUEUE_HOST_BUSY); + } SCSI_LOG_MLQUEUE(3, printk("queuecommand : request rejected\n")); } diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index c3bb28c3feef..9f996499fa9d 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -128,13 +128,7 @@ int scsi_queue_insert(struct scsi_cmnd *cmd, int reason) printk("Inserting command %p into mlqueue\n", cmd)); /* - * We are inserting the command into the ml queue. First, we - * cancel the timer, so it doesn't time out. - */ - scsi_delete_timer(cmd); - - /* - * Next, set the appropriate busy bit for the device/host. + * Set the appropriate busy bit for the device/host. * * If the host/device isn't busy, assume that something actually * completed, and that we should be able to queue a command now. -- 2.20.1