diff options
| author | David S. Miller <davem@davemloft.net> | 2013-08-01 18:08:34 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-10-13 14:51:08 -0700 |
| commit | ffc8f511cbea2ff61941c26a243c70136994094d (patch) | |
| tree | 976fa22a077681a71182aee13087d10067e18ac8 /net | |
| parent | a821af3f7d73022d45550200241e6e671127ec81 (diff) | |
| download | kernel_samsung_espresso10-ffc8f511cbea2ff61941c26a243c70136994094d.zip kernel_samsung_espresso10-ffc8f511cbea2ff61941c26a243c70136994094d.tar.gz kernel_samsung_espresso10-ffc8f511cbea2ff61941c26a243c70136994094d.tar.bz2 | |
esp_scsi: Fix tag state corruption when autosensing.
[ Upstream commit 21af8107f27878813d0364733c0b08813c2c192a ]
Meelis Roos reports a crash in esp_free_lun_tag() in the presense
of a disk which has died.
The issue is that when we issue an autosense command, we do so by
hijacking the original command that caused the check-condition.
When we do so we clear out the ent->tag[] array when we issue it via
find_and_prep_issuable_command(). This is so that the autosense
command is forced to be issued non-tagged.
That is problematic, because it is the value of ent->tag[] which
determines whether we issued the original scsi command as tagged
vs. non-tagged (see esp_alloc_lun_tag()).
And that, in turn, is what trips up the sanity checks in
esp_free_lun_tag(). That function needs the original ->tag[] values
in order to free up the tag slot properly.
Fix this by remembering the original command's tag values, and
having esp_alloc_lun_tag() and esp_free_lun_tag() use them.
Reported-by: Meelis Roos <mroos@linux.ee>
Tested-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
0 files changed, 0 insertions, 0 deletions