sd: fix crash when UA received on DIF enabled device
authorEwan D. Milne <emilne@redhat.com>
Fri, 2 Nov 2012 13:38:34 +0000 (09:38 -0400)
committerBen Hutchings <ben@decadent.org.uk>
Fri, 2 Aug 2013 20:15:05 +0000 (22:15 +0200)
commita84914b11f92186d5d638c5b0b3d2ad87ccad6ce
tree0e4185576801bbc964ee2765546449b1d1b376a2
parentf6c02a04b0409f2b55fa79f0bba7307434a22c83
sd: fix crash when UA received on DIF enabled device

commit 085b513f97d8d799d28491239be4b451bcd8c2c5 upstream.

sd_prep_fn will allocate a larger CDB for the command via mempool_alloc
for devices using DIF type 2 protection.  This CDB was being freed
in sd_done, which results in a kernel crash if the command is retried
due to a UNIT ATTENTION.  This change moves the code to free the larger
CDB into sd_unprep_fn instead, which is invoked after the request is
complete.

It is no longer necessary to call scsi_print_command separately for
this case as the ->cmnd will no longer be NULL in the normal code path.

Also removed conditional test for DIF type 2 when freeing the larger
CDB because the protection_type could have been changed via sysfs while
the command was executing.

Signed-off-by: Ewan D. Milne <emilne@redhat.com>
Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
drivers/scsi/sd.c