linux_old1/drivers/scsi
Huajun Li 267a6ad4ae [SCSI] scsi_scan: Fix 'Poison overwritten' warning caused by using freed 'shost'
In do_scan_async(), calling scsi_autopm_put_host(shost) may reference
freed shost, and cause Posison overwitten warning.
Yes, this case can happen, for example, an USB is disconnected just
when do_scan_async() thread starts to run, then scsi_host_put() called
in scsi_finish_async_scan() will lead to shost be freed(because the
refcount of shost->shost_gendev decreases to 1 after USB disconnects),
at this point, if references shost again, system will show following
warning msg.

To make scsi_autopm_put_host(shost) always reference a valid shost,
put it just before scsi_host_put() in function
scsi_finish_async_scan().

[  299.281565] =============================================================================
[  299.281634] BUG kmalloc-4096 (Tainted: G          I ): Poison overwritten
[  299.281682] -----------------------------------------------------------------------------
[  299.281684]
[  299.281752] INFO: 0xffff880056c305d0-0xffff880056c305d0. First byte
0x6a instead of 0x6b
[  299.281816] INFO: Allocated in scsi_host_alloc+0x4a/0x490 age=1688
cpu=1 pid=2004
[  299.281870] 	__slab_alloc+0x617/0x6c1
[  299.281901] 	__kmalloc+0x28c/0x2e0
[  299.281931] 	scsi_host_alloc+0x4a/0x490
[  299.281966] 	usb_stor_probe1+0x5b/0xc40 [usb_storage]
[  299.282010] 	storage_probe+0xa4/0xe0 [usb_storage]
[  299.282062] 	usb_probe_interface+0x172/0x330 [usbcore]
[  299.282105] 	driver_probe_device+0x257/0x3b0
[  299.282138] 	__driver_attach+0x103/0x110
[  299.282171] 	bus_for_each_dev+0x8e/0xe0
[  299.282201] 	driver_attach+0x26/0x30
[  299.282230] 	bus_add_driver+0x1c4/0x430
[  299.282260] 	driver_register+0xb6/0x230
[  299.282298] 	usb_register_driver+0xe5/0x270 [usbcore]
[  299.282337] 	0xffffffffa04ab03d
[  299.282364] 	do_one_initcall+0x47/0x230
[  299.282396] 	sys_init_module+0xa0f/0x1fe0
[  299.282429] INFO: Freed in scsi_host_dev_release+0x18a/0x1d0 age=85
cpu=0 pid=2008
[  299.282482] 	__slab_free+0x3c/0x2a1
[  299.282510] 	kfree+0x296/0x310
[  299.282536] 	scsi_host_dev_release+0x18a/0x1d0
[  299.282574] 	device_release+0x74/0x100
[  299.282606] 	kobject_release+0xc7/0x2a0
[  299.282637] 	kobject_put+0x54/0xa0
[  299.282668] 	put_device+0x27/0x40
[  299.282694] 	scsi_host_put+0x1d/0x30
[  299.282723] 	do_scan_async+0x1fc/0x2b0
[  299.282753] 	kthread+0xdf/0xf0
[  299.282782] 	kernel_thread_helper+0x4/0x10
[  299.282817] INFO: Slab 0xffffea00015b0c00 objects=7 used=7 fp=0x
      (null) flags=0x100000000004080
[  299.282882] INFO: Object 0xffff880056c30000 @offset=0 fp=0x          (null)
[  299.282884]
...

Signed-off-by: Huajun Li <huajun.li.lee@gmail.com>
Cc: stable@kernel.org
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2012-02-18 08:52:48 -06:00
..
aacraid drivers/scsi/aacraid/commctrl.c: fix mem leak in aac_send_raw_srb() 2012-01-08 14:15:21 -08:00
aic7xxx treewide: Fix typos in various parts of the kernel, and fix some comments. 2011-12-02 14:57:31 +01:00
aic7xxx_old Fix common misspellings 2011-03-31 11:26:23 -03:00
aic94xx Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2011-10-28 16:44:18 -07:00
arcmsr [SCSI] arcmsr: simplify assumptions in dma_alloc_coherent() 2011-05-01 16:32:23 -05:00
arm Fix common misspellings 2011-03-31 11:26:23 -03:00
be2iscsi SCSI updates for post 3.2 merge window 2012-01-10 10:36:08 -08:00
bfa [SCSI] bfa: Implement LUN Masking feature using the SCSI Slave Callouts. 2012-01-10 17:01:24 -06:00
bnx2fc [SCSI] bnx2fc: Bumped version to 1.0.9 2011-10-30 14:05:52 +04:00
bnx2i switch ->is_visible() to returning umode_t 2012-01-03 22:54:55 -05:00
cxgbi [SCSI] libcxgbi: do not print a message when memory allocation fails 2012-01-10 17:01:21 -06:00
device_handler [SCSI] scsi_dh_alua: Retry the check-condition in case Mode Parameters Changed 2012-01-10 17:01:24 -06:00
dpt atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
fcoe [SCSI] fcoe: Move fcoe_debug_logging from fcoe.h to fcoe.c 2012-01-16 12:46:31 +04:00
fnic [SCSI] fnic: fix incorrect use of SLAB_CACHE_DMA flag 2011-06-29 16:05:41 -05:00
ibmvscsi [SCSI] ibmvfc: Fix Virtual I/O failover hang 2011-06-29 12:08:39 -05:00
isci [SCSI] isci: Fix NULL ptr dereference when no firmware is being loaded 2012-02-18 08:37:00 -06:00
libfc [SCSI] libfc: remove redundant timer init for fcp 2012-01-16 12:47:18 +04:00
libsas scsi: Add export.h for EXPORT_SYMBOL/THIS_MODULE as required 2011-10-31 19:31:23 -04:00
lpfc [SCSI] lpfc 8.3.28: Update driver version to 8.3.28 2011-12-15 10:57:45 +04:00
megaraid [SCSI] megaraid_sas: Version and Changelog update 2012-01-16 11:28:33 +04:00
mpt2sas [SCSI] mpt2sas: Fix mismatch in mpt2sas_base_hard_reset_handler() mutex lock-unlock 2012-02-12 19:39:28 -06:00
mvsas [SCSI] mv_sas: OCZ RevoDrive3 & zDrive R4 support 2011-10-31 13:29:01 +04:00
osd scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
pcmcia module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
pm8001 [SCSI] isci: export phy events via ->lldd_control_phy() 2011-10-02 13:24:26 -05:00
qla2xxx [SCSI] qla2xxx: Update version number to 8.03.07.13-k. 2012-02-18 08:50:20 -06:00
qla4xxx [SCSI] qla4xxx: Update driver version to 5.02.00-k12 2012-01-16 12:36:13 +04:00
sym53c8xx_2 [SCSI] sym53c8xx: Fix NULL pointer dereference in slave_destroy 2012-01-10 17:01:18 -06:00
.gitignore
3w-9xxx.c [SCSI] 3w-9xxx: fix iommu_iova leak 2011-09-26 09:28:58 -05:00
3w-9xxx.h Fix common misspellings 2011-03-31 11:26:23 -03:00
3w-sas.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
3w-sas.h
3w-xxxx.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
3w-xxxx.h Fix common misspellings 2011-03-31 11:26:23 -03:00
53c700.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
53c700.h
53c700.scr Fix common misspellings 2011-03-31 11:26:23 -03:00
53c700_d.h_shipped Fix common misspellings 2011-03-31 11:26:23 -03:00
BusLogic.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
BusLogic.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
FlashPoint.c Fix common misspellings 2011-03-31 11:26:23 -03:00
Kconfig [SCSI] isci: update version to 1.1 2012-01-16 11:44:54 +04:00
Makefile Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2011-10-28 16:44:18 -07:00
NCR53c406a.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
NCR5380.c Fix common misspellings 2011-03-31 11:26:23 -03:00
NCR5380.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
NCR_D700.c
NCR_D700.h
NCR_Q720.c
NCR_Q720.h
a100u2w.c Merge branch 'master' into for-next 2010-12-22 18:57:02 +01:00
a100u2w.h
a2091.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
a2091.h
a3000.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
a3000.h
a4000t.c
advansys.c Fix common misspellings 2011-03-31 11:26:23 -03:00
aha152x.c [SCSI] aha152x: add missing ISA PNP IDs 2011-06-29 15:09:11 -05:00
aha152x.h
aha1542.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
aha1542.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
aha1740.c Fix common misspellings 2011-03-31 11:26:23 -03:00
aha1740.h
aic7xxx_old.c Fix common misspellings 2011-03-31 11:26:23 -03:00
atari_NCR5380.c [SCSI] atari_NCR5380: Provide a dummy NCR5380_exit() 2011-06-29 15:11:21 -05:00
atari_scsi.c [SCSI] atari_NCR5380: Provide a dummy NCR5380_exit() 2011-06-29 15:11:21 -05:00
atari_scsi.h
atp870u.c Fix common misspellings 2011-03-31 11:26:23 -03:00
atp870u.h
bvme6000_scsi.c
ch.c Merge branch 'llseek' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/bkl 2010-10-22 10:52:56 -07:00
constants.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-05-23 09:12:26 -07:00
dc395x.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
dc395x.h Fix common misspellings 2011-03-31 11:26:23 -03:00
dmx3191d.c
dpt_i2o.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
dpti.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
dtc.c
dtc.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
eata.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
eata_generic.h
eata_pio.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
eata_pio.h
esp_scsi.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-05-23 09:12:26 -07:00
esp_scsi.h
fd_mcs.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
fdomain.c Fix common misspellings 2011-03-31 11:26:23 -03:00
fdomain.h
g_NCR5380.c Fix common misspellings 2011-03-31 11:26:23 -03:00
g_NCR5380.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
g_NCR5380_mmio.c
gdth.c [SCSI] gdth: Add missing call to gdth_ioctl_free 2010-12-31 09:50:09 -06:00
gdth.h treewide: Fix comment and string typo 'bufer' 2011-12-06 09:53:40 +01:00
gdth_ioctl.h
gdth_proc.c [SCSI] gdth: Add missing call to gdth_ioctl_free 2010-12-31 09:50:09 -06:00
gdth_proc.h
gvp11.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
gvp11.h
hosts.c [SCSI] Make scsi_free_queue() kill pending SCSI commands 2011-10-30 13:20:28 +04:00
hpsa.c [SCSI] hpsa: do not sleep in atomic context in rmmod path. 2012-01-16 09:47:24 +04:00
hpsa.h [SCSI] hpsa: detect controller lockup 2011-10-30 14:35:01 +04:00
hpsa_cmd.h [SCSI] hpsa: fix potential array overflow in hpsa_update_scsi_devices 2011-10-30 14:34:04 +04:00
hptiop.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
hptiop.h
ibmmca.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
imm.c Fix common misspellings 2011-03-31 11:26:23 -03:00
imm.h
in2000.c Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-05-26 13:19:00 -07:00
in2000.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
initio.c Fix common misspellings 2011-03-31 11:26:23 -03:00
initio.h Fix common misspellings 2011-03-31 11:26:23 -03:00
ipr.c [SCSI] ipr: fix eeh recovery for 64-bit adapters 2012-02-18 08:33:13 -06:00
ipr.h PCI: Rework config space blocking services 2012-01-06 12:10:33 -08:00
ips.c treewide: Fix typos in various parts of the kernel, and fix some comments. 2011-12-02 14:57:31 +01:00
ips.h Fix common misspellings 2011-03-31 11:26:23 -03:00
iscsi_boot_sysfs.c switch ->is_visible() to returning umode_t 2012-01-03 22:54:55 -05:00
iscsi_tcp.c switch ->is_visible() to returning umode_t 2012-01-03 22:54:55 -05:00
iscsi_tcp.h [SCSI] iscsi_tcp: use iscsi_conn_get_addr_param libiscsi function 2011-02-24 12:41:10 -05:00
jazz_esp.c misc latin1 to utf8 conversions 2012-01-02 13:04:55 +01:00
lasi700.c
libiscsi.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
libiscsi_tcp.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
libsrp.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
mac53c94.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
mac53c94.h
mac_esp.c mac_esp: rename irq 2012-01-22 14:50:03 +01:00
mac_scsi.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k 2012-01-26 12:43:57 -08:00
mac_scsi.h
megaraid.c [SCSI] megaraid: fix sparse warnings 2012-01-16 12:28:03 +04:00
megaraid.h Fix common misspellings 2011-03-31 11:26:23 -03:00
mesh.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
mesh.h
mvme16x_scsi.c
mvme147.c
mvme147.h
mvumi.c [SCSI] mvumi: Add Marvell UMI driver 2011-08-27 08:36:58 -06:00
mvumi.h [SCSI] mvumi: Add Marvell UMI driver 2011-08-27 08:36:58 -06:00
ncr53c8xx.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
ncr53c8xx.h
nsp32.c module_param: make bool parameters really bool (drivers & misc) 2012-01-13 09:32:20 +10:30
nsp32.h Fix common misspellings 2011-03-31 11:26:23 -03:00
nsp32_debug.c treewide: fix a few typos in comments 2011-05-10 10:16:21 +02:00
nsp32_io.h
osst.c [SCSI] osst: fix warning 2011-05-24 13:09:41 -04:00
osst.h Fix common misspellings 2011-03-31 11:26:23 -03:00
osst_detect.h
osst_options.h
pas16.c
pas16.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
pmcraid.c SCSI, pmcraid: Fix spelling error in a pmcraid_err() call 2011-12-15 16:35:38 +01:00
pmcraid.h Remove unneeded version.h includes from drivers/scsi/ 2011-09-15 14:57:07 +02:00
ppa.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
ppa.h
ps3rom.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
qla1280.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
qla1280.h
qlogicfas.c
qlogicfas408.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
qlogicfas408.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
qlogicpti.c [SCSI] qlogicpti: fix timeout 2011-10-16 10:58:52 -05:00
qlogicpti.h of/device: Replace struct of_device with struct platform_device 2010-08-06 09:25:50 -06:00
raid_class.c
script_asm.pl
scsi.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
scsi.h
scsi_debug.c Fix common misspellings 2011-03-31 11:26:23 -03:00
scsi_devinfo.c [SCSI] Blacklist Traxdata CDR4120 and IOMEGA Zip drive to avoid lock ups. 2011-06-29 15:08:47 -05:00
scsi_error.c [SCSI] add flag to skip the runtime PM calls on the host 2012-01-08 19:14:57 -05:00
scsi_ioctl.c
scsi_lib.c [SCSI] don't change sdev starvation list order without request dispatched 2012-01-16 11:54:04 +04:00
scsi_lib_dma.c scsi: Add export.h for EXPORT_SYMBOL/THIS_MODULE as required 2011-10-31 19:31:23 -04:00
scsi_logging.h
scsi_module.c
scsi_netlink.c Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security 2012-01-14 18:36:33 -08:00
scsi_pm.c [SCSI] runtime resume parent for child's system-resume 2012-01-08 19:14:59 -05:00
scsi_priv.h [SCSI] scsi_dh: code cleanup and remove the references to scsi_dev_info 2011-12-15 10:55:00 +04:00
scsi_proc.c scsi: fix scsi_proc new kernel-doc warning 2011-05-28 23:12:11 -07:00
scsi_sas_internal.h
scsi_scan.c [SCSI] scsi_scan: Fix 'Poison overwritten' warning caused by using freed 'shost' 2012-02-18 08:52:48 -06:00
scsi_sysctl.c
scsi_sysfs.c [SCSI] scsi: Added support for adapter and firmware reset 2011-08-27 08:36:46 -06:00
scsi_tgt_if.c scsi: Add export.h for EXPORT_SYMBOL/THIS_MODULE as required 2011-10-31 19:31:23 -04:00
scsi_tgt_lib.c [SCSI] esp, scsi_tgt_lib, fcoe: use list_move() instead of list_del()/list_add() combination 2011-05-01 10:20:10 -05:00
scsi_tgt_priv.h
scsi_trace.c [SCSI] scsi_trace: Decode UNMAP bit in WRITE SAME(10) 2011-05-24 12:38:36 -04:00
scsi_transport_api.h
scsi_transport_fc.c [SCSI] scsi_transport_fc: Clear Devloss Callback Done flag in fc_remote_port_rolechg 2012-01-16 09:37:01 +04:00
scsi_transport_fc_internal.h
scsi_transport_iscsi.c SCSI updates for post 3.2 merge window 2012-01-10 10:36:08 -08:00
scsi_transport_sas.c [SCSI] libsas: disable scanning lun > 0 on ata devices 2011-10-02 12:29:19 -05:00
scsi_transport_spi.c switch ->is_visible() to returning umode_t 2012-01-03 22:54:55 -05:00
scsi_transport_srp.c
scsi_transport_srp_internal.h
scsi_typedefs.h
scsi_wait_scan.c
scsicam.c fs: move code out of buffer.c 2012-01-03 22:54:07 -05:00
sd.c block: fail SCSI passthrough ioctls on partition devices 2012-01-14 15:07:24 -08:00
sd.h [SCSI] sd: remove arbitrary SD_MAX_DISKS namespace limit 2011-10-30 12:58:11 +04:00
sd_dif.c block: Make the integrity mapped property a bio flag 2010-10-15 15:49:20 +02:00
ses.c [SCSI] ses: requesting a fault indication 2011-06-29 12:14:25 -05:00
sg.c [SCSI] sg: convert to kstrtoul_from_user() 2012-01-16 12:17:29 +04:00
sgiwd93.c update David Miller's old email address 2011-04-06 06:19:38 -07:00
sim710.c
sni_53c710.c misc latin1 to utf8 conversions 2012-01-02 13:04:55 +01:00
sr.c [SCSI] sr: check_events() ignore GET_EVENT when TUR says otherwise 2011-07-21 14:15:58 -07:00
sr.h [SCSI] sr: check_events() ignore GET_EVENT when TUR says otherwise 2011-07-21 14:15:58 -07:00
sr_ioctl.c scsi: Fix up files implicitly depending on module.h inclusion 2011-10-31 19:31:24 -04:00
sr_vendor.c
st.c [SCSI] st: fix race in st_scsi_execute_end 2011-10-30 13:27:28 +04:00
st.h
st_options.h
stex.c SCSI host lock push-down 2010-11-16 13:33:23 -08:00
sun3_NCR5380.c [SCSI] sun3: Remove commented out merge_contiguous_buffers 2011-06-29 15:15:05 -05:00
sun3_scsi.c [SCSI] sun3: Add various missing NDEBUG* definitions 2011-06-29 15:14:54 -05:00
sun3_scsi.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
sun3_scsi_vme.c [SCSI] sun3: Add various missing NDEBUG* definitions 2011-06-29 15:14:54 -05:00
sun3x_esp.c
sun_esp.c dt/sparc: Eliminate users of of_platform_{,un}register_driver 2011-02-28 01:36:39 -07:00
sym53c416.c Fix common misspellings 2011-03-31 11:26:23 -03:00
sym53c416.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
t128.c
t128.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
tmscsim.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
tmscsim.h
u14-34f.c [SCSI] remove cmd->serial_number litter 2011-05-01 10:22:40 -05:00
ultrastor.c [SCSI] Fix Ultrastor asm snippet 2011-05-24 13:25:35 -04:00
ultrastor.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
vmw_pvscsi.c treewide: Fix typos in various parts of the kernel, and fix some comments. 2011-12-02 14:57:31 +01:00
vmw_pvscsi.h
wd33c93.c Merge branch 'trivial' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6 2011-05-26 13:19:00 -07:00
wd33c93.h SCSI host lock push-down 2010-11-16 13:33:23 -08:00
wd7000.c Fix common misspellings 2011-03-31 11:26:23 -03:00
zalon.c
zorro7xx.c