iscsi-target: Fix potential dead-lock during node acl delete
authorNicholas Bellinger <nab@linux-iscsi.org>
Wed, 20 Jan 2016 00:15:27 +0000 (16:15 -0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 25 Feb 2016 19:57:47 +0000 (11:57 -0800)
commit 26a99c19f810b2593410899a5b304b21b47428a6 upstream.

This patch is a iscsi-target specific bug-fix for a dead-lock
that can occur during explicit struct se_node_acl->acl_group
se_session deletion via configfs rmdir(2), when iscsi-target
time2retain timer is still active.

It changes iscsi-target to obtain se_portal_group->session_lock
internally using spin_in_locked() to check for the specific
se_node_acl configfs shutdown rmdir(2) case.

Note this patch is intended for stable, and the subsequent
v4.5-rc patch converts target_core_tpg.c to use proper
se_sess->sess_kref reference counting for both se_node_acl
deletion + se_node_acl->queue_depth se_session restart.

Reported-by:: Sagi Grimberg <sagig@mellanox.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Andy Grover <agrover@redhat.com>
Cc: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/target/iscsi/iscsi_target_configfs.c

index c45b3365d63dd48f8475e1a4d9941781a2f49a0b..200d779d0c03a0825ec6791ca990420c07e1a605 100644 (file)
@@ -1730,7 +1730,8 @@ static void lio_tpg_release_fabric_acl(
 }
 
 /*
- * Called with spin_lock_bh(struct se_portal_group->session_lock) held..
+ * Called with spin_lock_irq(struct se_portal_group->session_lock) held
+ * or not held.
  *
  * Also, this function calls iscsit_inc_session_usage_count() on the
  * struct iscsi_session in question.
@@ -1738,19 +1739,32 @@ static void lio_tpg_release_fabric_acl(
 static int lio_tpg_shutdown_session(struct se_session *se_sess)
 {
        struct iscsi_session *sess = se_sess->fabric_sess_ptr;
+       struct se_portal_group *se_tpg = se_sess->se_tpg;
+       bool local_lock = false;
+
+       if (!spin_is_locked(&se_tpg->session_lock)) {
+               spin_lock_irq(&se_tpg->session_lock);
+               local_lock = true;
+       }
 
        spin_lock(&sess->conn_lock);
        if (atomic_read(&sess->session_fall_back_to_erl0) ||
            atomic_read(&sess->session_logout) ||
            (sess->time2retain_timer_flags & ISCSI_TF_EXPIRED)) {
                spin_unlock(&sess->conn_lock);
+               if (local_lock)
+                       spin_unlock_irq(&sess->conn_lock);
                return 0;
        }
        atomic_set(&sess->session_reinstatement, 1);
        spin_unlock(&sess->conn_lock);
 
        iscsit_stop_time2retain_timer(sess);
+       spin_unlock_irq(&se_tpg->session_lock);
+
        iscsit_stop_session(sess, 1, 1);
+       if (!local_lock)
+               spin_lock_irq(&se_tpg->session_lock);
 
        return 1;
 }