Commit d8c37e7b authored by Tejun Heo 's avatar Tejun Heo Committed by James Bottomley
Browse files

[SCSI] remove a timer race in scsi_queue_insert()

scsi_queue_insert() has four callers.  Three callers call with
timer disabled and one (the second invocation in
scsi_dispatch_cmd()) calls with timer activated.
scsi_queue_insert() used to always call scsi_delete_timer()
and ignore the return value.  This results in race with timer
expiration.  Remove scsi_delete_timer() call from
scsi_queue_insert() and make the caller delete timer and check
the return value.

Signed-off-by: default avatarTejun Heo <>
Signed-off-by: default avatarJames Bottomley <>
parent 5b8ef842
......@@ -638,10 +638,12 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd)
spin_unlock_irqrestore(host->host_lock, flags);
if (rtn) {
if (scsi_delete_timer(cmd)) {
printk("queuecommand : request rejected\n"));
......@@ -128,13 +128,7 @@ int scsi_queue_insert(struct scsi_cmnd *cmd, int reason)
printk("Inserting command %p into mlqueue\n", cmd));
* We are inserting the command into the ml queue. First, we
* cancel the timer, so it doesn't time out.
* Next, set the appropriate busy bit for the device/host.
* Set the appropriate busy bit for the device/host.
* If the host/device isn't busy, assume that something actually
* completed, and that we should be able to queue a command now.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment