[PATCH] Remove ->rq_status from struct request
Jens Axboe [Fri, 28 Jul 2006 07:32:07 +0000 (09:32 +0200)]
After Christophs SCSI change, the only usage left is RQ_ACTIVE
and RQ_INACTIVE. The block layer sets RQ_INACTIVE right before freeing
the request, so any check for RQ_INACTIVE in a driver is a bug and
indicates use-after-free.

So kill/clean the remaining users, straight forward.

Signed-off-by: Jens Axboe <axboe@suse.de>

12 files changed:
arch/um/drivers/ubd_kern.c
block/ll_rw_blk.c
drivers/block/paride/pd.c
drivers/block/swim3.c
drivers/block/swim_iop.c
drivers/fc4/fc.c
drivers/ide/ide-floppy.c
drivers/ide/ide-io.c
drivers/ide/ide-tape.c
drivers/scsi/ide-scsi.c
drivers/scsi/scsi.c
include/linux/blkdev.h

index 5fa4c8e..fda4a39 100644 (file)
@@ -981,8 +981,6 @@ static int prepare_request(struct request *req, struct io_thread_req *io_req)
        __u64 offset;
        int len;
 
-       if(req->rq_status == RQ_INACTIVE) return(1);
-
        /* This should be impossible now */
        if((rq_data_dir(req) == WRITE) && !dev->openflags.w){
                printk("Write attempted on readonly ubd device %s\n",
index f746250..b94a396 100644 (file)
@@ -283,7 +283,6 @@ static inline void rq_init(request_queue_t *q, struct request *rq)
        INIT_LIST_HEAD(&rq->donelist);
 
        rq->errors = 0;
-       rq->rq_status = RQ_ACTIVE;
        rq->bio = rq->biotail = NULL;
        INIT_HLIST_NODE(&rq->hash);
        RB_CLEAR_NODE(&rq->rb_node);
@@ -2685,8 +2684,6 @@ void __blk_put_request(request_queue_t *q, struct request *req)
 
        elv_completed_request(q, req);
 
-       req->rq_status = RQ_INACTIVE;
-
        /*
         * Request may not have originated from ll_rw_blk. if not,
         * it didn't come out of our reserved rq pools
index 500d2eb..38578b9 100644 (file)
@@ -719,7 +719,6 @@ static int pd_special_command(struct pd_unit *disk,
 
        memset(&rq, 0, sizeof(rq));
        rq.errors = 0;
-       rq.rq_status = RQ_ACTIVE;
        rq.rq_disk = disk->gd;
        rq.ref_count = 1;
        rq.end_io_data = &wait;
index cc42e76..f2305ee 100644 (file)
@@ -319,8 +319,8 @@ static void start_request(struct floppy_state *fs)
                printk("do_fd_req: dev=%s cmd=%d sec=%ld nr_sec=%ld buf=%p\n",
                       req->rq_disk->disk_name, req->cmd,
                       (long)req->sector, req->nr_sectors, req->buffer);
-               printk("           rq_status=%d errors=%d current_nr_sectors=%ld\n",
-                      req->rq_status, req->errors, req->current_nr_sectors);
+               printk("           errors=%d current_nr_sectors=%ld\n",
+                      req->errors, req->current_nr_sectors);
 #endif
 
                if (req->sector < 0 || req->sector >= fs->total_secs) {
index 89e3c2f..dfda796 100644 (file)
@@ -529,8 +529,8 @@ static void start_request(struct floppy_state *fs)
                printk("do_fd_req: dev=%s cmd=%d sec=%ld nr_sec=%ld buf=%p\n",
                       CURRENT->rq_disk->disk_name, CURRENT->cmd,
                       CURRENT->sector, CURRENT->nr_sectors, CURRENT->buffer);
-               printk("           rq_status=%d errors=%d current_nr_sectors=%ld\n",
-                      CURRENT->rq_status, CURRENT->errors, CURRENT->current_nr_sectors);
+               printk("           errors=%d current_nr_sectors=%ld\n",
+                     CURRENT->errors, CURRENT->current_nr_sectors);
 #endif
 
                if (CURRENT->sector < 0 || CURRENT->sector >= fs->total_secs) {
index 1a159e8..22d1747 100644 (file)
@@ -974,7 +974,6 @@ int fcp_scsi_dev_reset(Scsi_Cmnd *SCpnt)
         */
 
        fc->rst_pkt->device->host->eh_action = &sem;
-       fc->rst_pkt->request->rq_status = RQ_SCSI_BUSY;
 
        fc->rst_pkt->done = fcp_scsi_reset_done;
 
index 0edc322..8ccee9c 100644 (file)
@@ -1281,8 +1281,7 @@ static ide_startstop_t idefloppy_do_request (ide_drive_t *drive, struct request
        idefloppy_pc_t *pc;
        unsigned long block = (unsigned long)block_s;
 
-       debug_log(KERN_INFO "rq_status: %d, dev: %s, flags: %lx, errors: %d\n",
-                       rq->rq_status,
+       debug_log(KERN_INFO "dev: %s, flags: %lx, errors: %d\n",
                        rq->rq_disk ? rq->rq_disk->disk_name : "?",
                        rq->flags, rq->errors);
        debug_log(KERN_INFO "sector: %ld, nr_sectors: %ld, "
index a3ffb04..38479a2 100644 (file)
@@ -1710,7 +1710,6 @@ int ide_do_drive_cmd (ide_drive_t *drive, struct request *rq, ide_action_t actio
        int must_wait = (action == ide_wait || action == ide_head_wait);
 
        rq->errors = 0;
-       rq->rq_status = RQ_ACTIVE;
 
        /*
         * we need to hold an extra reference to request for safe inspection
index 66f9678..2ebc376 100644 (file)
@@ -2423,8 +2423,8 @@ static ide_startstop_t idetape_do_request(ide_drive_t *drive,
 #if IDETAPE_DEBUG_LOG
 #if 0
        if (tape->debug_level >= 5)
-               printk(KERN_INFO "ide-tape: rq_status: %d, "
-                       "dev: %s, cmd: %ld, errors: %d\n", rq->rq_status,
+               printk(KERN_INFO "ide-tape:  %d, "
+                       "dev: %s, cmd: %ld, errors: %d\n",
                         rq->rq_disk->disk_name, rq->cmd[0], rq->errors);
 #endif
        if (tape->debug_level >= 2)
index 65b1969..1427a41 100644 (file)
@@ -708,7 +708,7 @@ static ide_startstop_t idescsi_issue_pc (ide_drive_t *drive, idescsi_pc_t *pc)
 static ide_startstop_t idescsi_do_request (ide_drive_t *drive, struct request *rq, sector_t block)
 {
 #if IDESCSI_DEBUG_LOG
-       printk (KERN_INFO "rq_status: %d, dev: %s, cmd: %x, errors: %d\n",rq->rq_status, rq->rq_disk->disk_name,rq->cmd[0],rq->errors);
+       printk (KERN_INFO "dev: %s, cmd: %x, errors: %d\n", rq->rq_disk->disk_name,rq->cmd[0],rq->errors);
        printk (KERN_INFO "sector: %ld, nr_sectors: %ld, current_nr_sectors: %d\n",rq->sector,rq->nr_sectors,rq->current_nr_sectors);
 #endif /* IDESCSI_DEBUG_LOG */
 
index 7a054f9..12f6639 100644 (file)
@@ -1065,7 +1065,7 @@ int scsi_device_cancel(struct scsi_device *sdev, int recovery)
 
        spin_lock_irqsave(&sdev->list_lock, flags);
        list_for_each_entry(scmd, &sdev->cmd_list, list) {
-               if (scmd->request && scmd->request->rq_status != RQ_INACTIVE) {
+               if (scmd->request) {
                        /*
                         * If we are unable to remove the timer, it means
                         * that the command has already timed out or
index d4c1dd0..8a3e309 100644 (file)
@@ -243,8 +243,6 @@ struct request {
 
        void *completion_data;
 
-       int rq_status;  /* should split this into a few status bits */
-       int errors;
        struct gendisk *rq_disk;
        unsigned long start_time;
 
@@ -262,14 +260,16 @@ struct request {
 
        unsigned short ioprio;
 
-       int tag;
-
-       int ref_count;
        request_queue_t *q;
 
        void *special;
        char *buffer;
 
+       int tag;
+       int errors;
+
+       int ref_count;
+
        /*
         * when request is used as a packet command carrier
         */
@@ -456,9 +456,6 @@ struct request_queue
        struct mutex            sysfs_lock;
 };
 
-#define RQ_INACTIVE            (-1)
-#define RQ_ACTIVE              1
-
 #define QUEUE_FLAG_CLUSTER     0       /* cluster several segments into 1 */
 #define QUEUE_FLAG_QUEUED      1       /* uses generic tag queueing */
 #define QUEUE_FLAG_STOPPED     2       /* queue is stopped */