From: Tejun Heo <tj@kernel.org>
Date: Wed, 14 Apr 2010 23:57:37 +0000 (+0900)
Subject: libata: fix locking around blk_abort_request()
X-Git-Tag: firefly_0821_release~10186^2~1715
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=03f7b5c5020942f14e83ec2eb2bd89134f7f3919;p=firefly-linux-kernel-4.4.55.git

libata: fix locking around blk_abort_request()

commit fa41efdae7de61191a7bda3a00e88ef69afb5bb9 upstream.

blk_abort_request() expectes queue lock to be held by the caller.
Grab it before calling the function.

Lack of this synchronization led to infinite loop on corrupt
q->timeout_list.

Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c
index 7d8d3c3b4c80..c85992ba8dff 100644
--- a/drivers/ata/libata-eh.c
+++ b/drivers/ata/libata-eh.c
@@ -870,6 +870,8 @@ static void ata_eh_set_pending(struct ata_port *ap, int fastdrain)
 void ata_qc_schedule_eh(struct ata_queued_cmd *qc)
 {
 	struct ata_port *ap = qc->ap;
+	struct request_queue *q = qc->scsicmd->device->request_queue;
+	unsigned long flags;
 
 	WARN_ON(!ap->ops->error_handler);
 
@@ -881,7 +883,9 @@ void ata_qc_schedule_eh(struct ata_queued_cmd *qc)
 	 * Note that ATA_QCFLAG_FAILED is unconditionally set after
 	 * this function completes.
 	 */
+	spin_lock_irqsave(q->queue_lock, flags);
 	blk_abort_request(qc->scsicmd->request);
+	spin_unlock_irqrestore(q->queue_lock, flags);
 }
 
 /**