tcm_vhost: Use ACCESS_ONCE for vs->vs_tpg[target] access
authorAsias He <asias@redhat.com>
Tue, 2 Apr 2013 15:31:37 +0000 (23:31 +0800)
committerNicholas Bellinger <nab@linux-iscsi.org>
Tue, 2 Apr 2013 23:43:34 +0000 (16:43 -0700)
In vhost_scsi_handle_vq:

      tv_tpg = vs->vs_tpg[target];
      if (!tv_tpg) {
              ....
              return
      }

      tv_cmd = vhost_scsi_allocate_cmd(tv_tpg, &v_req,

1) vs->vs_tpg[target] might change after the NULL check and 2) the above
line might access tv_tpg from vs->vs_tpg[target]. To prevent 2), use
ACCESS_ONCE. Thanks mst for catching this up!

Signed-off-by: Asias He <asias@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
drivers/vhost/tcm_vhost.c

index 2968b4934659aab01dd626334a9ab7fc0e607383..dd9614eb2577c6474f33e26b183d2f1c4bb06c93 100644 (file)
@@ -661,7 +661,7 @@ static void vhost_scsi_handle_vq(struct vhost_scsi *vs,
 
                /* Extract the tpgt */
                target = v_req.lun[1];
-               tv_tpg = vs->vs_tpg[target];
+               tv_tpg = ACCESS_ONCE(vs->vs_tpg[target]);
 
                /* Target does not exist, fail the request */
                if (unlikely(!tv_tpg)) {