linux-scsi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Nicholas Mc Guire <der.herr@hofr.at>
To: "James E.J. Bottomley" <JBottomley@parallels.com>
Cc: linux-scsi@vger.kernel.org
Subject: RFC scsi: aic94xx: use of complete() looks racy
Date: Mon, 9 Mar 2015 09:32:08 +0100	[thread overview]
Message-ID: <20150309083208.GA21902@opentech.at> (raw)


Hi !

 while reviewing some type missmatch of wait_for_completion_timeout in 
 drivers/scsi/aic94xx/aic94xx_tmf.c:asd_clear_nexus() a question regarding
 the struct completion use came up:

(line numbers are from 4.0-rc2 linux-next)
351     tascb->completion = &completion;
352
353     ASD_DPRINTK("task not done, clearing nexus\n");
354     if (tascb->tag_valid)
355             res = asd_clear_nexus_tag(task);
356     else
357             res = asd_clear_nexus_index(task);
358     leftover = wait_for_completion_timeout(&completion,
359                                            AIC94XX_SCB_TIMEOUT);
360     tascb->completion = NULL;

this looks racy - atleast I was not able to figure out what would prevent
complete() from accessing a NULL pointer (similarly on line 524/525+545)

e.g. in asd_clear_nexus_tasklet_complete()
85         tcs->dl_opcode = dl->opcode;
86         complete(ascb->completion);
87         asd_ascb_free(ascb);

so if the timeout ever occured would that not result in a NULL access ?

what am I overlooking here ?

thx!
hofrat

                 reply	other threads:[~2015-03-09  8:32 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150309083208.GA21902@opentech.at \
    --to=der.herr@hofr.at \
    --cc=JBottomley@parallels.com \
    --cc=linux-scsi@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).