From: Michael Reed Date: Thu, 8 Dec 2005 03:46:27 +0000 (-0600) Subject: [SCSI] fix OOPS due to clearing eh_action prior to aborting eh command X-Git-Tag: v2.6.15-rc6~62^2~4 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=85631672e6a8032267058b4ccbe53f1924a5d0be;p=linux-2.6 [SCSI] fix OOPS due to clearing eh_action prior to aborting eh command The eh_action semaphore in scsi_eh_send_command is cleared after a command timeout. The command is subsequently aborted and the abort will try to call scsi_done() on it. Unfortunately, the scsi_eh_done() routine unconditinally completes the semaphore (which is now null). Fix this race by makiong the scsi_eh_done() routine check that the semaphore is non null before completing it (mirroring the ordinary command done/timeout logic). Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c index 18c5d25230..c0ae9e965f 100644 --- a/drivers/scsi/scsi_error.c +++ b/drivers/scsi/scsi_error.c @@ -422,10 +422,15 @@ static int scsi_eh_completed_normally(struct scsi_cmnd *scmd) **/ static void scsi_eh_done(struct scsi_cmnd *scmd) { + struct completion *eh_action; + SCSI_LOG_ERROR_RECOVERY(3, printk("%s scmd: %p result: %x\n", __FUNCTION__, scmd, scmd->result)); - complete(scmd->device->host->eh_action); + + eh_action = scmd->device->host->eh_action; + if (eh_action) + complete(eh_action); } /**