commit 534ef056db8a8fb6b9d50188d88ed5d1fbc66673 · tjh.dev/kernel

tjh.dev / kernel

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

[SCSI] aic79xx: check for non-NULL scb in ahd_handle_nonpkt_busfree

When removing several devices aic79xx will occasionally Oops
in ahd_handle_nonpkt_busfree during rescan. Looking at the
code I found that we're indeed not checking if the scb in
question is NULL. So check for it before accessing it.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>

authored by Hannes Reinecke and committed by James Bottomley 16 years ago 534ef056 51375ee8

+31 -22

1 changed file

expand all

unified split

drivers

scsi

aic7xxx

aic79xx_core.c

+31 -22

drivers/scsi/aic7xxx/aic79xx_core.c

··· 3171 3171 tinfo->curr.transport_version = 2; 3172 3172 tinfo->goal.transport_version = 2; 3173 3173 tinfo->goal.ppr_options = 0; 3174 - /* 3175 - * Remove any SCBs in the waiting for selection 3176 - * queue that may also be for this target so 3177 - * that command ordering is preserved. 3178 - */ 3179 - ahd_freeze_devq(ahd, scb); 3180 - ahd_qinfifo_requeue_tail(ahd, scb); 3174 + if (scb != NULL) { 3175 + /* 3176 + * Remove any SCBs in the waiting 3177 + * for selection queue that may 3178 + * also be for this target so that 3179 + * command ordering is preserved. 3180 + */ 3181 + ahd_freeze_devq(ahd, scb); 3182 + ahd_qinfifo_requeue_tail(ahd, scb); 3183 + } 3181 3184 printerror = 0; 3182 3185 } 3183 3186 } else if (ahd_sent_msg(ahd, AHDMSG_EXT, MSG_EXT_WDTR, FALSE) ··· 3197 3194 MSG_EXT_WDTR_BUS_8_BIT, 3198 3195 AHD_TRANS_CUR|AHD_TRANS_GOAL, 3199 3196 /*paused*/TRUE); 3200 - /* 3201 - * Remove any SCBs in the waiting for selection 3202 - * queue that may also be for this target so that 3203 - * command ordering is preserved. 3204 - */ 3205 - ahd_freeze_devq(ahd, scb); 3206 - ahd_qinfifo_requeue_tail(ahd, scb); 3197 + if (scb != NULL) { 3198 + /* 3199 + * Remove any SCBs in the waiting for 3200 + * selection queue that may also be for 3201 + * this target so that command ordering 3202 + * is preserved. 3203 + */ 3204 + ahd_freeze_devq(ahd, scb); 3205 + ahd_qinfifo_requeue_tail(ahd, scb); 3206 + } 3207 3207 printerror = 0; 3208 3208 } else if (ahd_sent_msg(ahd, AHDMSG_EXT, MSG_EXT_SDTR, FALSE) 3209 3209 && ppr_busfree == 0) { ··· 3223 3217 /*ppr_options*/0, 3224 3218 AHD_TRANS_CUR|AHD_TRANS_GOAL, 3225 3219 /*paused*/TRUE); 3226 - /* 3227 - * Remove any SCBs in the waiting for selection 3228 - * queue that may also be for this target so that 3229 - * command ordering is preserved. 3230 - */ 3231 - ahd_freeze_devq(ahd, scb); 3232 - ahd_qinfifo_requeue_tail(ahd, scb); 3220 + if (scb != NULL) { 3221 + /* 3222 + * Remove any SCBs in the waiting for 3223 + * selection queue that may also be for 3224 + * this target so that command ordering 3225 + * is preserved. 3226 + */ 3227 + ahd_freeze_devq(ahd, scb); 3228 + ahd_qinfifo_requeue_tail(ahd, scb); 3229 + } 3233 3230 printerror = 0; 3234 3231 } else if ((ahd->msg_flags & MSG_FLAG_EXPECT_IDE_BUSFREE) != 0 3235 3232 && ahd_sent_msg(ahd, AHDMSG_1B, ··· 3260 3251 * the message phases. We check it last in case we 3261 3252 * had to send some other message that caused a busfree. 3262 3253 */ 3263 - if (printerror != 0 3254 + if (scb != NULL && printerror != 0 3264 3255 && (lastphase == P_MESGIN || lastphase == P_MESGOUT) 3265 3256 && ((ahd->msg_flags & MSG_FLAG_EXPECT_PPR_BUSFREE) != 0)) { 3266 3257