iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/scsi
History
Vitaly Kuznetsov be821fd8e6 scsi_sysfs: protect against double execution of __scsi_remove_device() 
On some host errors storvsc module tries to remove sdev by scheduling a job
which does the following:

   sdev = scsi_device_lookup(wrk->host, 0, 0, wrk->lun);
   if (sdev) {
       scsi_remove_device(sdev);
       scsi_device_put(sdev);
   }

While this code seems correct the following crash is observed:

 general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC
 RIP: 0010:[<ffffffff81169979>]  [<ffffffff81169979>] bdi_destroy+0x39/0x220
 ...
 [<ffffffff814aecdc>] ? _raw_spin_unlock_irq+0x2c/0x40
 [<ffffffff8127b7db>] blk_cleanup_queue+0x17b/0x270
 [<ffffffffa00b54c4>] __scsi_remove_device+0x54/0xd0 [scsi_mod]
 [<ffffffffa00b556b>] scsi_remove_device+0x2b/0x40 [scsi_mod]
 [<ffffffffa00ec47d>] storvsc_remove_lun+0x3d/0x60 [hv_storvsc]
 [<ffffffff81080791>] process_one_work+0x1b1/0x530
 ...

The problem comes with the fact that many such jobs (for the same device)
are being scheduled simultaneously. While scsi_remove_device() uses
shost->scan_mutex and scsi_device_lookup() will fail for a device in
SDEV_DEL state there is no protection against someone who did
scsi_device_lookup() before we actually entered __scsi_remove_device(). So
the whole scenario looks like that: two callers do simultaneous (or
preemption happens) calls to scsi_device_lookup() ant these calls succeed
for both of them, after that they try doing scsi_remove_device().
shost->scan_mutex only serializes their calls to __scsi_remove_device()
and we end up doing the cleanup path twice.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2015-11-19 12:15:09 -05:00
..
aacraid
aacraid: aac_src_intr_message() can be static
2015-05-25 08:46:25 -07:00
aic7xxx
aic7xxx: Fix typo in error message
2015-08-07 14:36:05 +02:00
aic94xx
aic94xx: remove SCSI host before detaching from SAS transport
2015-11-09 19:36:50 -05:00
arcmsr
libnvdimm for 4.3:
2015-09-08 14:35:59 -07:00
arm
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
be2iscsi
be2iscsi: Fix bogus WARN_ON length check
2015-11-11 20:25:28 -05:00
bfa
bfa: Fix incorrect de-reference of pointer
2015-09-06 11:39:53 -07:00
bnx2fc
bnx2fc: Do not log error for netevents that need no action
2015-10-27 10:29:13 +09:00
bnx2i
bnx2i: Fix call trace while device reset
2015-06-02 17:15:24 -07:00
csiostor
csiostor: fix an error code in csio_hw_init()
2015-05-25 08:46:26 -07:00
cxgbi
libcxgbi: use kvfree() in cxgbi_free_big_mem()
2015-06-30 19:45:00 -07:00
cxlflash
cxlflash: Remove unused variable from queuecommand
2015-08-26 18:08:47 -07:00
device_handler
scsi_dh: kill struct scsi_dh_data
2015-08-28 13:14:57 -07:00
dpt
esas2r
SCSI misc on 20150209
2015-02-11 10:28:45 -08:00
fcoe
SCSI misc on 20150911
2015-09-11 18:15:18 -07:00
fnic
fnic: check pci_map_single() return value
2015-10-27 11:05:45 +09:00
ibmvscsi
ibmvscsi: set max_lun to 32
2015-11-11 21:01:15 -05:00
isci
isci: remove SCSI host before detaching from SAS transport
2015-11-09 19:36:04 -05:00
libfc
SCSI misc on 20150901
2015-09-02 12:22:54 -07:00
libsas
Merge branch 'for-4.0-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata
2015-03-24 17:08:29 -07:00
lpfc
lpfc: Update version to 11.0.0.0 for upstream patch set
2015-10-27 10:24:46 +09:00
megaraid
megaraid_sas: Fix sparse warning
2015-11-09 11:07:16 -05:00
mpt3sas
mpt3sas: Fix use sas_is_tlr_enabled API before enabling MPI2_SCSIIO_CONTROL_TLR_ON flag
2015-11-13 15:25:11 -05:00
mvsas
mvsas: don't allow negative timeouts
2015-11-13 15:44:40 -05:00
osd
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2015-04-14 09:50:27 -07:00
pcmcia
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
pm8001
pm80xx: remove the SCSI host before detaching from SAS transport
2015-11-09 19:41:31 -05:00
qla2xxx
qla2xxx: Fix rwlock recursion
2015-11-17 18:21:22 -05:00
qla4xxx
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
2015-06-24 16:49:49 -07:00
snic
snic: driver for Cisco SCSI HBA
2015-06-19 16:57:51 -07:00
sym53c8xx_2
scsi: drop reason argument from ->change_queue_depth
2014-11-24 14:45:27 +01:00
ufs
scsi: ufs-qcom: add QUniPro hardware support and power optimizations
2015-11-09 18:03:55 -05:00
.gitignore
3w-9xxx.c
3w-9xxx: don't unmap bounce buffered commands
2015-10-07 10:24:48 -07:00
3w-9xxx.h
3w-9xxx: fix command completion race
2015-04-27 10:10:19 -07:00
3w-sas.c
3w-sas: fix command completion race
2015-04-27 10:04:39 -07:00
3w-sas.h
3w-sas: fix command completion race
2015-04-27 10:04:39 -07:00
3w-xxxx.c
3w-xxxx: fix command completion race
2015-04-27 10:05:55 -07:00
3w-xxxx.h
3w-xxxx: fix command completion race
2015-04-27 10:05:55 -07:00
53c700_d.h_shipped
53c700.c
[SCSI] Fix printk typos in drivers/scsi
2015-08-07 14:28:45 +02:00
53c700.h
53c700.scr
a100u2w.c
scsi: a100u2w: trivial typo in printk
2015-08-07 15:03:42 +02:00
a100u2w.h
a2091.c
zorro: ZTWO_VADDR() should return "void __iomem *"
2013-11-26 11:09:07 +01:00
a2091.h
a3000.c
scsi: drop owner assignment from platform_drivers
2014-10-20 16:21:33 +02:00
a3000.h
a4000t.c
scsi: drop owner assignment from platform_drivers
2014-10-20 16:21:33 +02:00
advansys.c
advansys: fix big-endian builds
2015-11-18 10:16:19 -05:00
aha152x.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
aha152x.h
aha1542.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
aha1542.h
aha1542: fix include guard and remove useless changelog
2015-04-09 18:08:31 -07:00
aha1740.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
aha1740.h
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
am53c974.c
am53c974: Fix crash during modprobe
2015-04-17 10:13:56 -07:00
atari_NCR5380.c
ncr5380: Harmonize jiffies conversion with msecs_to_jiffies
2015-03-09 10:45:26 -04:00
atari_scsi.c
ncr5380: Drop owner assignment from platform_drivers
2015-03-09 07:18:14 -04:00
atp870u.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
atp870u.h
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
BusLogic.c
scsi: replace seq_printf with seq_puts
2015-02-02 09:57:45 -08:00
BusLogic.h
[SCSI] BusLogic: Port driver to 64-bit.
2013-06-26 18:32:47 -07:00
bvme6000_scsi.c
scsi: drop owner assignment from platform_drivers
2014-10-20 16:21:33 +02:00
ch.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial
2015-04-14 09:50:27 -07:00
constants.c
scsi: Conditionally compile in constants.c
2015-01-09 15:44:31 +01:00
dc395x.c
scsi: print single-character strings with seq_putc
2015-02-02 09:57:46 -08:00
dc395x.h
dmx3191d.c
dmx3191d: Use NO_IRQ
2014-11-20 09:11:11 +01:00
dpt_i2o.c
x86/vm86: Clean up vm86.h includes
2015-07-31 13:31:10 +02:00
dpti.h
scsi: use 64-bit LUNs
2014-07-17 22:07:37 +02:00
dtc.c
ncr5380: Drop legacy scsi.h include
2014-11-20 09:11:10 +01:00
dtc.h
ncr5380: Remove *_RELEASE macros
2014-11-20 09:11:10 +01:00
eata_generic.h
eata_pio.c
scsi: replace seq_printf with seq_puts
2015-02-02 09:57:45 -08:00
eata_pio.h
eata.c
scsi: drop reason argument from ->change_queue_depth
2014-11-24 14:45:27 +01:00
esp_scsi.c
esp_scsi: remove check for ESP_MAX_TAGS
2015-01-09 15:44:23 +01:00
esp_scsi.h
esp_scsi: correctly detect am53c974
2014-11-24 16:13:16 +01:00
fdomain.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
fdomain.h
FlashPoint.c
[SCSI] BusLogic: Port driver to 64-bit.
2013-06-26 18:32:47 -07:00
g_NCR5380_mmio.c
g_NCR5380.c
ncr5380: Harmonize jiffies conversion with msecs_to_jiffies
2015-03-09 10:45:26 -04:00
g_NCR5380.h
ncr5380: Remove *_RELEASE macros
2014-11-20 09:11:10 +01:00
gdth_ioctl.h
gdth_proc.c
scsi: replace seq_printf with seq_puts
2015-02-02 09:57:45 -08:00
gdth_proc.h
gdth.c
scsi: rename SERVICE_ACTION_IN to SERVICE_ACTION_IN_16
2014-11-24 20:01:40 +01:00
gdth.h
gvp11.c
zorro: ZTWO_VADDR() should return "void __iomem *"
2013-11-26 11:09:07 +01:00
gvp11.h
hosts.c
scsi: remove ordered_tag host template field
2014-11-12 11:19:41 +01:00
hpsa_cmd.h
hpsa: add in sas transport class
2015-11-09 12:39:28 -05:00
hpsa.c
hpsa: logical vs bitwise AND typo
2015-11-13 16:49:35 -05:00
hpsa.h
hpsa: add in sas transport class
2015-11-09 12:39:28 -05:00
hptiop.c
hptiop: Support HighPoint RR36xx HBAs and Support SAS tape and SAS media changer
2015-08-12 13:14:57 -07:00
hptiop.h
hptiop: Support HighPoint RR36xx HBAs and Support SAS tape and SAS media changer
2015-08-12 13:14:57 -07:00
imm.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
imm.h
in2000.c
scsi: print single-character strings with seq_putc
2015-02-02 09:57:46 -08:00
in2000.h
initio.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
initio.h
ipr.c
ipr: Issue Configure Cache Parameters command.
2015-11-09 19:32:08 -05:00
ipr.h
ipr: Driver version 2.6.3.
2015-11-09 19:32:41 -05:00
ips.c
ips: remove pointless #warning
2015-06-02 17:24:54 -07:00
ips.h
iscsi_boot_sysfs.c
[SCSI] iscsi_boot_sysfs: Fix a memory leak in iscsi_boot_destroy_kset()
2014-03-15 10:19:19 -07:00
iscsi_tcp.c
scsi: drop reason argument from ->change_queue_depth
2014-11-24 14:45:27 +01:00
iscsi_tcp.h
net: Fix use after free by removing length arg from sk_data_ready callbacks.
2014-04-11 16:15:36 -04:00
jazz_esp.c
scsi: drop owner assignment from platform_drivers
2014-10-20 16:21:33 +02:00
Kconfig
mpt3sas: Single driver module which supports both SAS 2.0 & SAS 3.0 HBAs
2015-11-11 19:50:11 -05:00
lasi700.c
libiscsi_tcp.c
[SCSI] libiscsi: Reduce locking contention in fast path
2014-03-15 10:19:18 -07:00
libiscsi.c
libiscsi: Fix iscsi_check_transport_timeouts possible infinite loop
2015-09-17 07:25:02 -07:00
mac53c94.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
mac53c94.h
mac_esp.c
scsi: drop owner assignment from platform_drivers
2014-10-20 16:21:33 +02:00
mac_scsi.c
ncr5380: Drop owner assignment from platform_drivers
2015-03-09 07:18:14 -04:00
Makefile
mpt3sas: Single driver module which supports both SAS 2.0 & SAS 3.0 HBAs
2015-11-11 19:50:11 -05:00
megaraid.c
megaraid : use dev_printk when possible
2015-08-26 07:23:04 -07:00
megaraid.h
[SCSI] megaraid: simplify internal command handling
2014-03-27 08:26:31 -07:00
mesh.c
powerpc: Move Power Macintosh drivers to generic byteswappers
2015-03-23 14:29:40 +11:00
mesh.h
mvme16x_scsi.c
scsi: drop owner assignment from platform_drivers
2014-10-20 16:21:33 +02:00
mvme147.c
mvme147.h
mvumi.c
mvumi: 64bit value for seconds_since1970
2015-11-11 20:45:23 -05:00
mvumi.h
ncr53c8xx.c
scsi: drop reason argument from ->change_queue_depth
2014-11-24 14:45:27 +01:00
ncr53c8xx.h
scsi: Remove CONFIG_SCSI_MULTI_LUN
2014-07-17 22:07:35 +02:00
NCR53c406a.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
NCR5380.c
ncr5380: Harmonize jiffies conversion with msecs_to_jiffies
2015-03-09 10:45:26 -04:00
NCR5380.h
atari_NCR5380: Move static co-routine variables to host data
2014-11-20 09:11:20 +01:00
NCR_D700.c
NCR_D700.h
NCR_Q720.c
NCR_Q720.h
nsp32_debug.c
nsp32_io.h
nsp32.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
nsp32.h
osst_detect.h
osst_options.h
osst.c
scsi: remove scsi_driver owner field
2014-11-24 20:01:28 +01:00
osst.h
pas16.c
ncr5380: Drop legacy scsi.h include
2014-11-20 09:11:10 +01:00
pas16.h
ncr5380: Remove *_RELEASE macros
2014-11-20 09:11:10 +01:00
pmcraid.c
scsi: pmcraid: replace struct timeval with ktime_get_real_seconds()
2015-11-11 20:51:04 -05:00
pmcraid.h
ppa.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
ppa.h
ps3rom.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
qla1280.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
qla1280.h
qlogicfas408.c
qlogicfas408.h
qlogicfas.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
qlogicpti.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
qlogicpti.h
raid_class.c
script_asm.pl
scsi_common.c
scsi: Protect against buffer possible overflow in scsi_set_sense_information
2015-07-23 22:53:05 -07:00
scsi_debug.c
scsi_debug: resp_request: remove unused variable
2015-09-06 11:03:14 -07:00
scsi_devinfo.c
SCSI: fix bug in scsi_dev_info_list matching
2015-10-27 11:09:41 +09:00
scsi_dh.c
scsi_dh: Use the correct module name when loading device handler
2015-10-01 10:46:28 -07:00
scsi_error.c
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
2015-09-11 19:00:42 -07:00
scsi_ioctl.c
scsi: return EAGAIN when resetting a device under EH
2014-11-12 11:16:12 +01:00
scsi_lib_dma.c
scsi_lib.c
scsi_dh: kill struct scsi_dh_data
2015-08-28 13:14:57 -07:00
scsi_logging.c
scsi_logging: return void for dev_printk() functions
2015-02-04 08:00:24 -08:00
scsi_logging.h
scsi: simplify scsi_log_(send|completion)
2014-11-12 11:16:05 +01:00
scsi_module.c
scsi_netlink.c
net: Use netlink_ns_capable to verify the permisions of netlink messages
2014-04-24 13:44:54 -04:00
scsi_pm.c
SCSI: Fix NULL pointer dereference in runtime PM
2015-08-18 08:14:14 -07:00
scsi_priv.h
scsi_dh: integrate into the core SCSI code
2015-08-28 13:14:56 -07:00
scsi_proc.c
scsi: print single-character strings with seq_putc
2015-02-02 09:57:46 -08:00
scsi_sas_internal.h
scsi_scan.c
scsi: report 'INQUIRY result too short' once per host
2015-11-19 12:12:16 -05:00
scsi_sysctl.c
scsi: convert use of typedef ctl_table to struct ctl_table
2014-06-06 16:08:16 -07:00
scsi_sysfs.c
scsi_sysfs: protect against double execution of __scsi_remove_device()
2015-11-19 12:15:09 -05:00
scsi_trace.c
scsi: print single-character strings with seq_putc
2015-02-02 09:57:46 -08:00
scsi_transport_api.h
scsi_transport_fc.c
scsi_transport_fc: Add support for 25Gbit speed
2015-04-10 07:40:32 -07:00
scsi_transport_iscsi.c
SCSI misc on 20150901
2015-09-02 12:22:54 -07:00
scsi_transport_sas.c
scsi_transport_sas: Remove check for SAS expander when querying bay/enclosure IDs.
2015-09-06 11:13:41 -07:00
scsi_transport_spi.c
[SCSI] Fix printk typos in drivers/scsi
2015-08-07 14:28:45 +02:00
scsi_transport_srp.c
IB/srp: Avoid using uninitialized variable
2015-07-14 13:20:09 -04:00
scsi_typedefs.h
scsi.c
Move code that is used both by initiator and target drivers
2015-06-01 07:32:43 -07:00
scsi.h
scsicam.c
scsi: PC partition tables are little endian
2014-11-12 11:15:54 +01:00
sd_dif.c
sd: Fix missing ATO tag check
2015-04-16 10:37:12 -07:00
sd.c
sd: Clear PS bit before Mode Select.
2015-11-11 21:10:26 -05:00
sd.h
scsi: introduce sdev_prefix_printk()
2014-11-12 11:15:57 +01:00
ses.c
ses: Add power_status to SES device slot
2015-01-09 15:44:19 +01:00
sg.c
sg: Fix double-free when drives detach during SG_IO
2015-11-02 23:51:25 -05:00
sgiwd93.c
scsi: drop owner assignment from platform_drivers
2014-10-20 16:21:33 +02:00
sim710.c
sni_53c710.c
scsi: drop owner assignment from platform_drivers
2014-10-20 16:21:33 +02:00
sr_ioctl.c
sr: reduce debug noise in sr_do_ioctl
2015-01-20 19:43:24 +01:00
sr_vendor.c
scsi: Implement sr_printk()
2014-07-17 22:07:39 +02:00
sr.c
scsi: remove scsi_driver owner field
2014-11-24 20:01:28 +01:00
sr.h
scsi: introduce sdev_prefix_printk()
2014-11-12 11:15:57 +01:00
st_options.h
st.c
st: fix potential null pointer dereference.
2015-11-19 12:12:42 -05:00
st.h
st: implement tape statistics
2015-06-02 08:03:25 -07:00
stex.c
scsi: don't force tagged_supported in drivers
2014-11-12 11:19:44 +01:00
storvsc_drv.c
storvsc: Set the error code correctly in failure conditions
2015-08-26 22:41:36 -07:00
sun3_scsi_vme.c
scsi/NCR5380: merge sun3_scsi_vme.c into sun3_scsi.c
2014-05-28 12:16:28 +02:00
sun3_scsi.c
ncr5380: Drop owner assignment from platform_drivers
2015-03-09 07:18:14 -04:00
sun3_scsi.h
sun3_scsi: Move macro definitions
2014-11-20 09:11:15 +01:00
sun3x_esp.c
arch, drivers: don't include <asm/io.h> directly, use <linux/io.h> instead
2015-08-10 23:07:05 -04:00
sun_esp.c
scsi: drop owner assignment from platform_drivers
2014-10-20 16:21:33 +02:00
sym53c416.c
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
sym53c416.h
t128.c
ncr5380: Drop legacy scsi.h include
2014-11-20 09:11:10 +01:00
t128.h
ncr5380: Remove *_RELEASE macros
2014-11-20 09:11:10 +01:00
u14-34f.c
scsi: drop reason argument from ->change_queue_depth
2014-11-24 14:45:27 +01:00
ultrastor.c
ultrastor.h
virtio_scsi.c
virtio/vhost: fixes for 4.2
2015-07-23 13:07:04 -07:00
vmw_pvscsi.c
vmw_pscsi: simplify ->change_queue_depth
2014-11-24 14:45:28 +01:00
vmw_pvscsi.h
PCI: Move PCI_VENDOR_ID_VMWARE to pci_ids.h
2014-09-24 11:52:09 -06:00
wd33c93.c
scsi: print single-character strings with seq_putc
2015-02-02 09:57:46 -08:00
wd33c93.h
wd719x.c
[SCSI] Fix printk typos in drivers/scsi
2015-08-07 14:28:45 +02:00
wd719x.h
scsi: Do not set cmd_per_lun to 1 in the host template
2015-05-31 18:06:28 -07:00
wd7000.c
scsi: replace seq_printf with seq_puts
2015-02-02 09:57:45 -08:00
xen-scsifront.c
xen: Use correctly the Xen memory terminologies
2015-09-08 18:03:49 +01:00
zalon.c
zorro7xx.c
zorro: ZTWO_VADDR() should return "void __iomem *"
2013-11-26 11:09:07 +01:00