leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[SCSI] fix race in scsi_target_reap

Browse Source 
This patch (as1357) fixes a race in SCSI target allocation and
release.  Putting a target in the STARGET_DEL state isn't protected by
the host lock, so an old target structure could be reused by a new
device even though it's about to be deleted.  The cure is to change
the state while still holding the host lock.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
This commit is contained in:
Alan Stern 2010-03-18 15:39:30 -04:00 committed by James Bottomley
parent 8a52da632c
commit f9e8894ae5
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
drivers/scsi/scsi_scan.c
View File

@ -492,19 +492,20 @@ void scsi_target_reap(struct scsi_target *starget)
struct Scsi_Host *shost = dev_to_shost(starget->dev.parent); struct Scsi_Host *shost = dev_to_shost(starget->dev.parent);
unsigned long flags; unsigned long flags;
enum scsi_target_state state; enum scsi_target_state state;
int empty; int empty = 0;
spin_lock_irqsave(shost->host_lock, flags); spin_lock_irqsave(shost->host_lock, flags);
state = starget->state; state = starget->state;
empty = --starget->reap_ref == 0 && if (--starget->reap_ref == 0 && list_empty(&starget->devices)) {
list_empty(&starget->devices) ? 1 : 0; empty = 1;
starget->state = STARGET_DEL;
}
spin_unlock_irqrestore(shost->host_lock, flags); spin_unlock_irqrestore(shost->host_lock, flags);
if (!empty) if (!empty)
return; return;
BUG_ON(state == STARGET_DEL); BUG_ON(state == STARGET_DEL);
starget->state = STARGET_DEL;
if (state == STARGET_CREATED) if (state == STARGET_CREATED)
scsi_target_destroy(starget); scsi_target_destroy(starget);
else else