Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit db6077fd authored by Nicholas Bellinger's avatar Nicholas Bellinger
Browse files

iscsi-target: Fix incorrect np->np_thread NULL assignment 



When shutting down a target there is a race condition between
iscsit_del_np() and __iscsi_target_login_thread().
The latter sets the thread pointer to NULL, and the former
tries to issue kthread_stop() on that pointer without any
synchronization.

This patch moves the np->np_thread NULL assignment into
iscsit_del_np(), after kthread_stop() has completed. It also
removes the signal_pending() + np_state check, and only
exits when kthread_should_stop() is true.

Reported-by: default avatarHannes Reinecke <hare@suse.de>
Cc: <stable@vger.kernel.org> #3.12+
Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
parent 63832aab

drivers/target/iscsi/iscsi_target.c

+1 −0
Original line number Diff line number Diff line
@@ -465,6 +465,7 @@ int iscsit_del_np(struct iscsi_np *np) 
		 */

		send_sig(SIGINT, np->np_thread, 1);

		kthread_stop(np->np_thread);

		np->np_thread = NULL;

	}



	np->np_transport->iscsit_free_np(np);

drivers/target/iscsi/iscsi_target_login.c

+0 −6
Original line number Diff line number Diff line
@@ -1403,11 +1403,6 @@ static int __iscsi_target_login_thread(struct iscsi_np *np) 


out:

	stop = kthread_should_stop();

	if (!stop && signal_pending(current)) {

		spin_lock_bh(&np->np_thread_lock);

		stop = (np->np_thread_state == ISCSI_NP_THREAD_SHUTDOWN);

		spin_unlock_bh(&np->np_thread_lock);

	}

	/* Wait for another socket.. */

	if (!stop)

		return 1;
@@ -1415,7 +1410,6 @@ static int __iscsi_target_login_thread(struct iscsi_np *np) 
	iscsi_stop_login_thread_timer(np);

	spin_lock_bh(&np->np_thread_lock);

	np->np_thread_state = ISCSI_NP_THREAD_EXIT;

	np->np_thread = NULL;

	spin_unlock_bh(&np->np_thread_lock);



	return 0;