From mboxrd@z Thu Jan 1 00:00:00 1970 From: James Bottomley Subject: Re: [PATCH] SCSI IOCTL: Check for device deletion [was Re: __elv_add_request OOPS] Date: Thu, 26 May 2011 22:53:04 -0500 Message-ID: <1306468385.4048.73.camel@mulgrave.site> References: <4DDB8BF6.2000304@fusionio.com> <4DDCB1C8.7040708@fusionio.com> <4DDD5240.2060308@fusionio.com> <4DDD55D6.1080909@fusionio.com> <1306356735.1641.61.camel@mulgrave.site> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1306356735.1641.61.camel@mulgrave.site> Sender: linux-kernel-owner@vger.kernel.org To: Parag Warudkar Cc: Linus Torvalds , Jens Axboe , "linux-kernel@vger.kernel.org" , "akpm@linux-foundation.org" , Linux SCSI List List-Id: linux-scsi@vger.kernel.org On Wed, 2011-05-25 at 15:52 -0500, James Bottomley wrote: > On Wed, 2011-05-25 at 16:42 -0400, Parag Warudkar wrote: > > Yeah - that makes sense. By that logic, looks like we can only disallow > > for SDEV_DEL (if we decide to do that check here). > > I don't think this is the root cause. I think q is non-NULL but has > already been released, so we're just getting a NULL deref on the actual > list head. > > Does this fix it? It adds the refcounting at approximately the correct > places. Of course, we'll now be trying elevator operations on an extant > queue but one whose elevator functions have been destroyed, so there are > probably additional state guards to place. > > James > > --- > > diff --git a/drivers/scsi/scsi_scan.c b/drivers/scsi/scsi_scan.c > index 58584dc..44e8ca3 100644 > --- a/drivers/scsi/scsi_scan.c > +++ b/drivers/scsi/scsi_scan.c > @@ -297,7 +297,7 @@ static struct scsi_device *scsi_alloc_sdev(struct scsi_target *starget, > kfree(sdev); > goto out; > } > - > + blk_get_queue(sdev->request_queue); Apparently we can't do this because blk_[put|get]_queue aren't exported for use in modules (and SCSI can be modular), so this caused a build failure in linux-next. James