projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a1321dd) | patch
target: close target_put_sess_cmd() vs. core_tmr_abort_task() race
authorJoern Engel <joern@logfs.org>
Mon, 13 May 2013 20:30:06 +0000 (16:30 -0400)
committerNicholas Bellinger <nab@linux-iscsi.org>
Wed, 15 May 2013 08:47:35 +0000 (01:47 -0700)
commitccf5ae83a6cf3d9cfe9a7038bfe7cd38ab03d5e1
treecb3966328bce7584d4c24434490dc21a67ecb48btree | snapshot (tar.gz zip)
parenta1321ddd27e65c6ada5b9a12cae4ee2612d76893commit | diff
target: close target_put_sess_cmd() vs. core_tmr_abort_task() race

It is possible for one thread to to take se_sess->sess_cmd_lock in
core_tmr_abort_task() before taking a reference count on
se_cmd->cmd_kref, while another thread in target_put_sess_cmd() drops
se_cmd->cmd_kref before taking se_sess->sess_cmd_lock.

This introduces kref_put_spinlock_irqsave() and uses it in
target_put_sess_cmd() to close the race window.

Signed-off-by: Joern Engel <joern@logfs.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
drivers/target/target_core_transport.c diff | blob | blame | history
include/linux/kref.h diff | blob | blame | history