Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / bafc8ad82d482f9ecb9111969a3fdcef366bf8cb^! / . / drivers / scsi / sg.c
commitbafc8ad82d482f9ecb9111969a3fdcef366bf8cb[log] [tgz]
authorJames Bottomley <JBottomley@Parallels.com>Fri Oct 25 10:25:14 2013 +0100
committerJames Bottomley <JBottomley@Parallels.com>Fri Oct 25 10:59:02 2013 +0100
tree6e6ad87c84fd2b8d6d2a78c1c5c160db3a3e18c7
parentc0d3b9c29ed22d449481bcfac267a879034a3a5b [diff] [blame]
[SCSI] Revert "sg: checking sdp->detached isn't protected when open"

This reverts commit e32c9e6300e3af659cbfe45e90a1e7dcd3572ada.

This is one of four patches that was causing this bug

[  205.372823] ================================================
[  205.372901] [ BUG: lock held when returning to user space! ]
[  205.372979] 3.12.0-rc6-hw-debug-pagealloc+ #67 Not tainted
[  205.373055] ------------------------------------------------
[  205.373132] megarc.bin/5283 is leaving the kernel with locks still held!
[  205.373212] 1 lock held by megarc.bin/5283:
[  205.373285]  #0:  (&sdp->o_sem){.+.+..}, at: [<ffffffff8161e650>] sg_open+0x3a0/0x4d0

Cc: Vaughan Cao <vaughan.cao@oracle.com>
Acked-by: Douglas Gilbert <dgilbert@interlog.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>

diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index 64df1ab..d4af132 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c

@@ -295,20 +295,23 @@
 	if (flags & O_EXCL)
 		sdp->exclude = 1;	/* used by release lock */
 
+	if (sdp->detached) {
+		retval = -ENODEV;
+		goto sem_out;
+	}
 	if (sfds_list_empty(sdp)) {	/* no existing opens on this device */
 		sdp->sgdebug = 0;
 		q = sdp->device->request_queue;
 		sdp->sg_tablesize = queue_max_segments(q);
 	}
-	sfp = sg_add_sfp(sdp, dev);
-	if (!IS_ERR(sfp))
+	if ((sfp = sg_add_sfp(sdp, dev)))
 		filp->private_data = sfp;
 		/* retval is already provably zero at this point because of the
 		 * check after retval = scsi_autopm_get_device(sdp->device))
 		 */
 	else {
-		retval = PTR_ERR(sfp);
-
+		retval = -ENOMEM;
+sem_out:
 		if (flags & O_EXCL) {
 			sdp->exclude = 0;	/* undo if error */
 			up_write(&sdp->o_sem);
@@ -2042,7 +2045,7 @@
 
 	sfp = kzalloc(sizeof(*sfp), GFP_ATOMIC | __GFP_NOWARN);
 	if (!sfp)
-		return ERR_PTR(-ENOMEM);
+		return NULL;
 
 	init_waitqueue_head(&sfp->read_wait);
 	rwlock_init(&sfp->rq_list_lock);
@@ -2057,10 +2060,6 @@
 	sfp->keep_orphan = SG_DEF_KEEP_ORPHAN;
 	sfp->parentdp = sdp;
 	write_lock_irqsave(&sg_index_lock, iflags);
-	if (sdp->detached) {
-		write_unlock_irqrestore(&sg_index_lock, iflags);
-		return ERR_PTR(-ENODEV);
-	}
 	list_add_tail(&sfp->sfd_siblings, &sdp->sfds);
 	write_unlock_irqrestore(&sg_index_lock, iflags);
 	SCSI_LOG_TIMEOUT(3, printk("sg_add_sfp: sfp=0x%p\n", sfp));