[SCSI] libfc: fix: rport_recv_req needs disc_mutex when calling rport_lookup
authorJoe Eykholt <jeykholt@cisco.com>
Tue, 25 Aug 2009 21:03:15 +0000 (14:03 -0700)
committerJames Bottomley <James.Bottomley@suse.de>
Thu, 10 Sep 2009 17:07:59 +0000 (12:07 -0500)
The rport_lookup function must be called while holding the disc_mutex.
Otherwise, the rdata could be deleted just after that by another thread.

All callers now check the state after grabbing the rdata rp_mutex.
Even though rport_lookup skips ports in DELETE state, it does that
without holding the rdata rp_mutex, so that the state may change.

Signed-off-by: Joe Eykholt <jeykholt@cisco.com>
Signed-off-by: Robert Love <robert.w.love@intel.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
drivers/scsi/libfc/fc_rport.c

index acdc72d6b87338541656d9007788666ff38e5f43..02200b26d897074a05a08a6bfff74bfde08cb533 100644 (file)
@@ -932,14 +932,17 @@ void fc_rport_recv_req(struct fc_seq *sp, struct fc_frame *fp,
        fh = fc_frame_header_get(fp);
        s_id = ntoh24(fh->fh_s_id);
 
+       mutex_lock(&lport->disc.disc_mutex);
        rdata = lport->tt.rport_lookup(lport, s_id);
        if (!rdata) {
+               mutex_unlock(&lport->disc.disc_mutex);
                els_data.reason = ELS_RJT_UNAB;
                lport->tt.seq_els_rsp_send(sp, ELS_LS_RJT, &els_data);
                fc_frame_free(fp);
                return;
        }
        mutex_lock(&rdata->rp_mutex);
+       mutex_unlock(&lport->disc.disc_mutex);
 
        op = fc_frame_payload_op(fp);
        switch (op) {