• David S. Miller's avatar
    [SCSI] esp: Fix OOPS in esp_reset_cleanup(). · eadc49b1
    David S. Miller authored
    OOPS reported by Friedrich Oslage <bluebird@porno-bullen.de>
    
    The problem here is that tp->starget is set every time a lun
    is allocated for a particular target so we can catch the
    sdev_target parent value.
    
    The reset handler uses the NULL'ness of this value to determine
    which targets are active.
    
    But esp_slave_destroy() does not NULL out this value when appropriate.
    
    So for every target that doesn't respond, the SCSI bus scan causes
    a stale pointer to be left here, with ensuing crashes like you're
    seeing.
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Cc: Stable Tree <stable@kernel.org>
    Signed-off-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
    eadc49b1
esp_scsi.h 21.2 KB