[752] in linux-scsi channel archive
Patch for st.c (1.1.37)
daemon@ATHENA.MIT.EDU (Stefan Voigt)
Fri Nov 3 13:02:37 1995
Date: Thu, 2 Nov 1995 20:53:46 +0100 (MET)
From: Stefan Voigt <voigt@pirx.franken.de>
To: linux-scsi@vger.rutgers.edu
Hello,
with 1.3.36 and 1.3.37 i have seen some kernel-oops. I tracked
this down to an NULL-pointer, being dereferenced in st_do_scsi.
Here is the patch:
--- st.c.old=09Thu Nov 2 20:13:54 1995
+++ st.c=09Wed Nov 1 13:23:16 1995
@@ -239,11 +239,12 @@
SCpnt->request.rq_dev =3D STp->devt;
=20
scsi_do_cmd(SCpnt, (void *)cmd, (STp->buffer)->b_data, bytes,
=09 st_sleep_done, timeout, retries);
=20
- down(SCpnt->request.sem);
+ if (SCpnt->request.sem !=3D NULL)
+ down(SCpnt->request.sem);
=20
(STp->buffer)->last_result_fatal =3D st_chk_result(SCpnt);
=20
return SCpnt;
}
The cause is the st_sleep_done function, which in line 191 "up"s the=20
semaphore pointed to and then assigns NULL to the pointer !!=20
Please, will someone with better knowledge of the scsi code than me,
check that the patch is the correct solution.
Stefan
--=20
Stefan Voigt voigt@pirx.franken.de=20
Hesselbergring 13 PGP fingerprint: (key 13EEBE91 / 1024)
90449 N=FCrnberg 64C5 7939 BAF7 825E 85CD 063D 1F0A B53E
