Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b8678865 authored by Bart Van Assche's avatar Bart Van Assche Committed by Robert Love
Browse files

libfc: Fix a race in fc_exch_timer_set_locked() 



It is allowed to pass a zero timeout value to fc_seq_exch_abort().
Avoid that this can cause the timeout function to drop the exchange
reference before it has been increased by fc_exch_timer_set_locked().
This patch fixes a crash when running FCoE target code with poisoning
enabled in the memory allocator.

Signed-off-by: default avatarBart Van Assche <bvanassche@acm.org>
Cc: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: default avatarRobert Love <robert.w.love@intel.com>
parent 8d080236

drivers/scsi/libfc/fc_exch.c

+4 −3
Original line number Diff line number Diff line
@@ -360,9 +360,10 @@ static inline void fc_exch_timer_set_locked(struct fc_exch *ep, 


	FC_EXCH_DBG(ep, "Exchange timer armed : %d msecs\n", timer_msec);



	if (queue_delayed_work(fc_exch_workqueue, &ep->timeout_work,

			       msecs_to_jiffies(timer_msec)))

	fc_exch_hold(ep);		/* hold for timer */

	if (!queue_delayed_work(fc_exch_workqueue, &ep->timeout_work,

				msecs_to_jiffies(timer_msec)))

		fc_exch_release(ep);

}



/**