From: Joe Eykholt Date: Tue, 25 Aug 2009 21:03:15 +0000 (-0700) Subject: [SCSI] libfc: fix: rport_recv_req needs disc_mutex when calling rport_lookup X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=25b37b981e706c6df72c28c94f7787c3ea0cd343;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git [SCSI] libfc: fix: rport_recv_req needs disc_mutex when calling rport_lookup The rport_lookup function must be called while holding the disc_mutex. Otherwise, the rdata could be deleted just after that by another thread. All callers now check the state after grabbing the rdata rp_mutex. Even though rport_lookup skips ports in DELETE state, it does that without holding the rdata rp_mutex, so that the state may change. Signed-off-by: Joe Eykholt Signed-off-by: Robert Love Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/libfc/fc_rport.c b/drivers/scsi/libfc/fc_rport.c index acdc72d6b873..02200b26d897 100644 --- a/drivers/scsi/libfc/fc_rport.c +++ b/drivers/scsi/libfc/fc_rport.c @@ -932,14 +932,17 @@ void fc_rport_recv_req(struct fc_seq *sp, struct fc_frame *fp, fh = fc_frame_header_get(fp); s_id = ntoh24(fh->fh_s_id); + mutex_lock(&lport->disc.disc_mutex); rdata = lport->tt.rport_lookup(lport, s_id); if (!rdata) { + mutex_unlock(&lport->disc.disc_mutex); els_data.reason = ELS_RJT_UNAB; lport->tt.seq_els_rsp_send(sp, ELS_LS_RJT, &els_data); fc_frame_free(fp); return; } mutex_lock(&rdata->rp_mutex); + mutex_unlock(&lport->disc.disc_mutex); op = fc_frame_payload_op(fp); switch (op) {