linux/drivers/scsi
Jens Axboe 2d097c5021 sr: get/drop reference to device in revalidate and check_events
We can't just use scsi_cd() to get the scsi_cd structure, we have
to grab a live reference to the device. For both callbacks, we're
not inside an open where we already hold a reference to the device.

This fixes device removal/addition under concurrent device access,
which otherwise could result in the below oops.

NULL pointer dereference at 0000000000000010
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP
Modules linked in:
sr 12:0:0:0: [sr2] scsi-1 drive
 scsi_debug crc_t10dif crct10dif_generic crct10dif_common nvme nvme_core sb_edac xl
sr 12:0:0:0: Attached scsi CD-ROM sr2
 sr_mod cdrom btrfs xor zstd_decompress zstd_compress xxhash lzo_compress zlib_defc
sr 12:0:0:0: Attached scsi generic sg7 type 5
 igb ahci libahci i2c_algo_bit libata dca [last unloaded: crc_t10dif]
CPU: 43 PID: 4629 Comm: systemd-udevd Not tainted 4.16.0+ #650
Hardware name: Dell Inc. PowerEdge T630/0NT78X, BIOS 2.3.4 11/09/2016
RIP: 0010:sr_block_revalidate_disk+0x23/0x190 [sr_mod]
RSP: 0018:ffff883ff357bb58 EFLAGS: 00010292
RAX: ffffffffa00b07d0 RBX: ffff883ff3058000 RCX: ffff883ff357bb66
RDX: 0000000000000003 RSI: 0000000000007530 RDI: ffff881fea631000
RBP: 0000000000000000 R08: ffff881fe4d38400 R09: 0000000000000000
R10: 0000000000000000 R11: 00000000000001b6 R12: 000000000800005d
R13: 000000000800005d R14: ffff883ffd9b3790 R15: 0000000000000000
FS:  00007f7dc8e6d8c0(0000) GS:ffff883fff340000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000010 CR3: 0000003ffda98005 CR4: 00000000003606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 ? __invalidate_device+0x48/0x60
 check_disk_change+0x4c/0x60
 sr_block_open+0x16/0xd0 [sr_mod]
 __blkdev_get+0xb9/0x450
 ? iget5_locked+0x1c0/0x1e0
 blkdev_get+0x11e/0x320
 ? bdget+0x11d/0x150
 ? _raw_spin_unlock+0xa/0x20
 ? bd_acquire+0xc0/0xc0
 do_dentry_open+0x1b0/0x320
 ? inode_permission+0x24/0xc0
 path_openat+0x4e6/0x1420
 ? cpumask_any_but+0x1f/0x40
 ? flush_tlb_mm_range+0xa0/0x120
 do_filp_open+0x8c/0xf0
 ? __seccomp_filter+0x28/0x230
 ? _raw_spin_unlock+0xa/0x20
 ? __handle_mm_fault+0x7d6/0x9b0
 ? list_lru_add+0xa8/0xc0
 ? _raw_spin_unlock+0xa/0x20
 ? __alloc_fd+0xaf/0x160
 ? do_sys_open+0x1a6/0x230
 do_sys_open+0x1a6/0x230
 do_syscall_64+0x5a/0x100
 entry_SYSCALL_64_after_hwframe+0x3d/0xa2

Reviewed-by: Lee Duncan <lduncan@suse.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2018-04-11 11:26:09 -06:00
..
aacraid SCSI for-linus on 20180404 2018-04-05 15:05:53 -07:00
aic7xxx Merge branch 'fixes' into misc 2018-04-03 17:38:39 -07:00
aic94xx treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
arcmsr scsi: arcmsr: Change driver version to v1.40.00.05-20180309 2018-03-21 18:46:30 -04:00
arm scsi: fas216: fix sense buffer initialization 2018-01-22 20:04:01 -05:00
be2iscsi treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
bfa scsi: bfa: remove VLA 2018-03-15 00:35:43 -04:00
bnx2fc scsi: bnx2fc: Fix check in SCSI completion handler for timed out request 2018-01-30 21:27:02 -05:00
bnx2i scsi: bnx2i: Use zeroing allocator rather than allocator/memset 2018-01-04 01:13:28 -05:00
csiostor Merge branch 'fixes' into misc 2018-04-03 17:38:39 -07:00
cxgbi scsi: libcxgbi: use GFP_ATOMIC in cxgbi_conn_alloc_pdu() 2018-01-08 21:45:48 -05:00
cxlflash scsi: cxlflash: Staging to support future accelerators 2018-01-10 23:24:58 -05:00
device_handler Merge branch 'fixes' into misc 2018-04-03 17:38:39 -07:00
dpt
esas2r scsi: esas2r: remove initialization / cleanup dead wood 2018-03-19 22:54:47 -04:00
fcoe treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
fnic scsi: fnic: use 64-bit timestamps 2018-01-22 20:03:57 -05:00
hisi_sas scsi: hisi_sas: Remove depends on HAS_DMA in case of platform dependency 2018-03-21 18:34:21 -04:00
ibmvscsi scsi: ibmvfc: Avoid unnecessary port relogin 2018-03-15 00:52:33 -04:00
ibmvscsi_tgt scsi: ibmvscsis: add DRC indices to debug statements 2017-12-04 22:56:04 -05:00
isci scsi: isci: remove redundant initialization to 'bit' 2018-02-13 21:37:06 -05:00
libfc scsi: libfc: remove redundant initialization of 'disc' 2018-02-13 21:37:01 -05:00
libsas Merge branch 'fixes' into misc 2018-04-03 17:38:39 -07:00
lpfc scsi: lpfc: make several unions static, fix non-ANSI prototype 2018-03-14 23:36:37 -04:00
megaraid SCSI for-linus on 20180404 2018-04-05 15:05:53 -07:00
mpt3sas SCSI for-linus on 20180404 2018-04-05 15:05:53 -07:00
mvsas scsi: mvsas: fix wrong endianness of sgpio api 2018-03-01 21:07:48 -05:00
osd block: fix blk_rq_append_bio 2017-12-18 13:55:43 -07:00
pcmcia scsi: remove the fdomain and fdomain_cs drivers 2018-03-19 22:54:47 -04:00
pm8001 treewide: Remove TIMER_FUNC_TYPE and TIMER_DATA_TYPE casts 2017-11-21 16:35:54 -08:00
qedf scsi: qedf: use correct strncpy() size 2018-02-13 21:37:02 -05:00
qedi SCSI for-linus on 20180404 2018-04-05 15:05:53 -07:00
qla2xxx SCSI for-linus on 20180404 2018-04-05 15:05:53 -07:00
qla4xxx Merge branch 'fixes' into misc 2018-04-03 17:38:39 -07:00
smartpqi SCSI for-linus on 20180404 2018-04-05 15:05:53 -07:00
snic License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sym53c8xx_2 treewide: Align function definition open/close braces 2018-03-26 11:13:09 +02:00
ufs Merge branch 'fixes' into misc 2018-04-03 17:38:39 -07:00
.gitignore scsi: scsi_devinfo: Add scsi_devinfo_tbl.c 2017-10-25 05:40:22 -04:00
3w-9xxx.c scsi: 3w-9xxx: rework lock timeouts 2017-12-04 20:32:53 -05:00
3w-9xxx.h scsi: 3w-9xxx: rework lock timeouts 2017-12-04 20:32:53 -05:00
3w-sas.c scsi: 3ware: use 64-bit times for FW time sync 2017-12-04 20:32:53 -05:00
3w-sas.h
3w-xxxx.c
3w-xxxx.h
53c700_d.h_shipped
53c700.c scsi: 53c700: move bus reset to host reset 2017-08-25 17:21:11 -04:00
53c700.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
53c700.scr
a100u2w.c
a100u2w.h
a2091.c scsi: drop bus reset for wd33c93-compatible boards 2017-08-25 17:21:10 -04:00
a2091.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
a3000.c scsi: drop bus reset for wd33c93-compatible boards 2017-08-25 17:21:10 -04:00
a3000.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
a4000t.c
advansys.c
aha152x.c scsi: aha152x: drop host reset 2017-08-25 17:21:11 -04:00
aha152x.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
aha1542.c scsi: aha1542: constify pnp_device_id 2017-08-24 22:29:07 -04:00
aha1542.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
aha1740.c scsi: aha1740: stop using scsi_unregister 2018-03-15 00:26:54 -04:00
aha1740.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
am53c974.c
atari_scsi.c scsi: NCR5380: Move bus reset to host reset 2017-08-25 17:21:11 -04:00
atp870u.c scsi: atp870u: 64 bit bug in atp885_init() 2018-03-01 21:10:36 -05:00
atp870u.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
BusLogic.c
BusLogic.h
bvme6000_scsi.c
ch.c scsi: ch: add refcounting 2017-08-24 22:29:06 -04:00
constants.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dc395x.c scsi: dc395x: Convert timers to use timer_setup() 2017-10-27 02:22:00 -07:00
dc395x.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
dmx3191d.c scsi: NCR5380: Move bus reset to host reset 2017-08-25 17:21:11 -04:00
dpt_i2o.c SCSI for-linus on 20180404 2018-04-05 15:05:53 -07:00
dpti.h scsi: dpt_i2o: stop using scsi_unregister 2018-03-15 00:25:37 -04:00
esp_scsi.c scsi: esp_scsi: Always clear msg_out_len after MESSAGE OUT phase 2017-08-10 19:55:35 -04:00
esp_scsi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
FlashPoint.c
g_NCR5380.c scsi: NCR5380: Move bus reset to host reset 2017-08-25 17:21:11 -04:00
gdth_ioctl.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gdth_proc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gdth_proc.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
gdth.c scsi: gdth: Convert timers to use timer_setup() 2017-10-27 02:22:00 -07:00
gdth.h block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h> 2018-03-17 14:45:23 -06:00
gvp11.c scsi: drop bus reset for wd33c93-compatible boards 2017-08-25 17:21:10 -04:00
gvp11.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
hosts.c Merge branch 'fixes' into misc 2018-04-03 17:38:39 -07:00
hpsa_cmd.h scsi: hpsa: update discovery polling 2017-10-25 04:55:18 -04:00
hpsa.c Merge branch 'fixes' into misc 2018-04-03 17:38:39 -07:00
hpsa.h scsi: hpsa: fix selection of reply queue 2018-03-14 23:31:13 -04:00
hptiop.c scsi: hptiop: Simplify reset handling 2017-08-25 17:21:10 -04:00
hptiop.h
imm.c scsi: imm: drop duplicate bus_reset handler 2017-08-25 17:21:11 -04:00
imm.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
initio.c
initio.h
ipr.c scsi: ipr: Use dma_pool_zalloc() 2018-03-12 21:16:58 -04:00
ipr.h scsi: ipr: Use sgl_alloc_order() and sgl_free_order() 2018-02-13 21:49:14 -05:00
ips.c scsi: ips: don't set .detect and .release in the host template 2018-03-15 00:26:30 -04:00
ips.h
iscsi_boot_sysfs.c
iscsi_tcp.c for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
iscsi_tcp.h
jazz_esp.c scsi: jazz_esp, sun3x_esp: Pass struct device pointer in dma calls 2018-03-12 22:05:43 -04:00
Kconfig scsi: remove the sym53c416 driver 2018-03-19 22:54:47 -04:00
lasi700.c parisc/scsi/lasi700: Fix section mismatches 2017-08-22 16:34:36 +02:00
libiscsi_tcp.c scsi: doc: fix iscsi-related kernel-doc warnings 2018-01-03 23:10:06 -05:00
libiscsi.c scsi: doc: fix iscsi-related kernel-doc warnings 2018-01-03 23:10:06 -05:00
mac53c94.c
mac53c94.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mac_esp.c scsi: mac_esp: Fix PIO transfers for MESSAGE IN phase 2017-08-10 19:55:34 -04:00
mac_scsi.c scsi: NCR5380: Move bus reset to host reset 2017-08-25 17:21:11 -04:00
Makefile Merge branch 'fixes' into misc 2018-04-03 17:38:39 -07:00
megaraid.c
megaraid.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mesh.c
mesh.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mvme16x_scsi.c
mvme147.c scsi: mvme147: stop using scsi_module.c 2018-03-19 22:54:47 -04:00
mvme147.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mvumi.c
mvumi.h
ncr53c8xx.c treewide: setup_timer() -> timer_setup() 2017-11-21 15:57:07 -08:00
ncr53c8xx.h
NCR5380.c SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
NCR5380.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
NCR_D700.c
NCR_D700.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
NCR_Q720.c dma-coherent: remove the DMA_MEMORY_MAP and DMA_MEMORY_IO flags 2017-09-01 11:59:17 +02:00
NCR_Q720.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nsp32_debug.c
nsp32_io.h
nsp32.c scsi: nsp32: fix logic bug in error handling 2017-10-16 22:38:44 -04:00
nsp32.h
osst_detect.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
osst_options.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
osst.c scsi: osst: silence underflow warning in osst_verify_frame() 2017-08-24 22:29:01 -04:00
osst.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pmcraid.c scsi: pmcraid: Use sgl_alloc_order() and sgl_free_order() 2018-02-13 21:49:15 -05:00
pmcraid.h scsi: pmcraid: Use sgl_alloc_order() and sgl_free_order() 2018-02-13 21:49:15 -05:00
ppa.c scsi: ppa: mark expected switch fall-throughs 2017-12-04 20:32:52 -05:00
ppa.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ps3rom.c
qla1280.c timer: Remove init_timer_on_stack() in favor of timer_setup_on_stack() 2017-10-05 15:01:17 +02:00
qla1280.h timer: Remove init_timer_on_stack() in favor of timer_setup_on_stack() 2017-10-05 15:01:17 +02:00
qlogicfas408.c scsi: qlogicfas: move bus_reset to host_reset 2017-08-25 17:21:11 -04:00
qlogicfas408.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
qlogicfas.c scsi: qlogicfas: move bus_reset to host_reset 2017-08-25 17:21:11 -04:00
qlogicpti.c scsi: qlogicpti: fixup qlogicpti_reset() definition 2017-08-28 22:15:46 -04:00
qlogicpti.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
raid_class.c scsi: raid_class: Add 'JBOD' RAID level 2018-02-12 11:43:25 -05:00
script_asm.pl
scsi_common.c scsi: core: doc. fixes to scsi_common.c 2017-12-11 21:39:39 -05:00
scsi_debug.c SCSI for-linus on 20180404 2018-04-05 15:05:53 -07:00
scsi_debugfs.c scsi: sd: Remove zone write locking 2018-01-08 22:27:32 -05:00
scsi_debugfs.h
scsi_devinfo.c scsi: devinfo: remove dasd devices from the scsi subsystem 2018-03-21 18:34:23 -04:00
scsi_dh.c scsi: dh: add new rdac devices 2017-12-07 21:32:03 -05:00
scsi_error.c Merge branch 'fixes' into misc 2018-04-03 17:38:39 -07:00
scsi_ioctl.c scsi: Suppress gcc 7 fall-through warnings reported with W=1 2017-08-25 17:08:07 -04:00
scsi_lib_dma.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
scsi_lib.c SCSI for-linus on 20180404 2018-04-05 15:05:53 -07:00
scsi_logging.c
scsi_logging.h SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
scsi_netlink.c
scsi_pm.c
scsi_priv.h scsi: dh: Remove scsi_dh_remove_device() 2017-12-07 21:13:45 -05:00
scsi_proc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
scsi_sas_internal.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
scsi_scan.c scsi: core: Use blist_flags_t consistently 2017-12-14 22:30:24 -05:00
scsi_sysctl.c
scsi_sysfs.c SCSI for-linus on 20180404 2018-04-05 15:05:53 -07:00
scsi_trace.c
scsi_transport_api.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
scsi_transport_fc.c scsi: scsi_transport_fc: fix typos on 64/128 GBit define names 2018-01-03 22:51:02 -05:00
scsi_transport_iscsi.c SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
scsi_transport_sas.c bsg: split handling of SCSI CDBs vs transport requeues 2018-03-13 11:40:24 -06:00
scsi_transport_spi.c scsi: scsi_transport_spi: make two const arrays static, shrinks object size 2018-02-15 18:20:14 -05:00
scsi_transport_srp.c Revert "scsi: make 'state' device attribute pollable" 2017-11-07 09:04:32 -08:00
scsi_typedefs.h
scsi.c scsi: core: fix two wrong indentation cases 2018-02-27 22:26:12 -05:00
scsi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
scsicam.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sd_dif.c
sd_zbc.c Merge branch 'fixes' into misc 2018-04-03 17:38:39 -07:00
sd.c for-4.17/block-20180402 2018-04-05 14:27:02 -07:00
sd.h scsi: sd: Remove zone write locking 2018-01-08 22:27:32 -05:00
sense_codes.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ses.c scsi: ses: don't ask for diagnostic pages repeatedly during probe 2017-12-04 22:55:59 -05:00
sg.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
sgiwd93.c scsi: drop bus reset for wd33c93-compatible boards 2017-08-25 17:21:10 -04:00
sim710.c
sni_53c710.c
sr_ioctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sr_vendor.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sr.c sr: get/drop reference to device in revalidate and check_events 2018-04-11 11:26:09 -06:00
sr.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
st_options.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
st.c scsi: st: fix kernel-doc mismatch 2017-12-04 20:32:53 -05:00
st.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
stex.c
storvsc_drv.c Merge branch 'fixes' into misc 2018-04-03 17:38:39 -07:00
sun3_scsi_vme.c
sun3_scsi.c scsi: NCR5380: Move bus reset to host reset 2017-08-25 17:21:11 -04:00
sun3x_esp.c scsi: jazz_esp, sun3x_esp: Pass struct device pointer in dma calls 2018-03-12 22:05:43 -04:00
sun_esp.c
virtio_scsi.c scsi: virtio_scsi: unify scsi_host_template 2018-03-14 23:31:13 -04:00
vmw_pvscsi.c
vmw_pvscsi.h
wd33c93.c scsi: drop bus reset for wd33c93-compatible boards 2017-08-25 17:21:10 -04:00
wd33c93.h
wd719x.c scsi: wd719x: make card_types static const, shrinks object size 2017-12-04 20:32:55 -05:00
wd719x.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xen-scsifront.c
zalon.c parisc/scsi/zalon: Fix section mismatches 2017-08-22 16:34:36 +02:00
zorro7xx.c