Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f9e8894a authored by Alan Stern's avatar Alan Stern Committed by James Bottomley
Browse files

[SCSI] fix race in scsi_target_reap 



This patch (as1357) fixes a race in SCSI target allocation and
release.  Putting a target in the STARGET_DEL state isn't protected by
the host lock, so an old target structure could be reused by a new
device even though it's about to be deleted.  The cure is to change
the state while still holding the host lock.

Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
Signed-off-by: default avatarJames Bottomley <James.Bottomley@suse.de>
parent 8a52da63

drivers/scsi/scsi_scan.c

+5 −4
Original line number Diff line number Diff line
@@ -492,19 +492,20 @@ void scsi_target_reap(struct scsi_target *starget) 
	struct Scsi_Host *shost = dev_to_shost(starget->dev.parent);

	unsigned long flags;

	enum scsi_target_state state;

	int empty;

	int empty = 0;



	spin_lock_irqsave(shost->host_lock, flags);

	state = starget->state;

	empty = --starget->reap_ref == 0 &&

		list_empty(&starget->devices) ? 1 : 0;

	if (--starget->reap_ref == 0 && list_empty(&starget->devices)) {

		empty = 1;

		starget->state = STARGET_DEL;

	}

	spin_unlock_irqrestore(shost->host_lock, flags);



	if (!empty)

		return;



	BUG_ON(state == STARGET_DEL);

	starget->state = STARGET_DEL;

	if (state == STARGET_CREATED)

		scsi_target_destroy(starget);

	else