From: Brian King <brking@us.ibm.com>
Date: Mon, 12 Dec 2005 19:05:08 +0000 (-0600)
Subject: [PATCH] Fix SCSI scanning slab corruption
X-Git-Tag: firefly_0821_release~38603^2~128
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=66e05225262cd9271fac13fe2fd1e9edb65e3978;p=firefly-linux-kernel-4.4.55.git

[PATCH] Fix SCSI scanning slab corruption

There is a double free in the scsi scan code if a LLDD's slave_alloc()
call fails.  There is a direct call to scsi_free_queue and then the
following put_device calls the release function, which also frees the
queue.

Remove the redundant scsi_free_queue.

Signed-off-by: Brian King <brking@us.ibm.com>
Tested-by: Nathan Lynch <ntl@pobox.com>
[ Also removed some strange whitespace artifacts in that area ]
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
---

diff --git a/drivers/scsi/scsi_scan.c b/drivers/scsi/scsi_scan.c
index 374853df9cca..94e5167f260d 100644
--- a/drivers/scsi/scsi_scan.c
+++ b/drivers/scsi/scsi_scan.c
@@ -266,8 +266,6 @@ static struct scsi_device *scsi_alloc_sdev(struct scsi_target *starget,
 			/*
 			 * if LLDD reports slave not present, don't clutter
 			 * console with alloc failure messages
-
-
 			 */
 			if (ret == -ENXIO)
 				display_failure_msg = 0;
@@ -279,7 +277,6 @@ static struct scsi_device *scsi_alloc_sdev(struct scsi_target *starget,
 
 out_device_destroy:
 	transport_destroy_device(&sdev->sdev_gendev);
-	scsi_free_queue(sdev->request_queue);
 	put_device(&sdev->sdev_gendev);
 out:
 	if (display_failure_msg)