mirror of https://gitee.com/openkylin/linux.git
scsi: ibmvfc: Protect vhost->task_set increment by the host lock
In the discovery thread, ibmvfc does a vhost->task_set++ without any lock held. This could result in two targets getting the same cancel key, which could have strange effects in error recovery. The actual probability of this occurring should be extremely small, since this should all be done in a single threaded loop from the discovery thread, but let's fix it up anyway to be safe. Link: https://lore.kernel.org/r/1600286999-22059-1-git-send-email-brking@linux.vnet.ibm.com Signed-off-by: Brian King <brking@linux.vnet.ibm.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
This commit is contained in:
parent
3c9a7c58ea
commit
2584e5aef8
|
@ -4184,11 +4184,11 @@ static int ibmvfc_alloc_target(struct ibmvfc_host *vhost,
|
||||||
tgt->wwpn = wwpn;
|
tgt->wwpn = wwpn;
|
||||||
tgt->vhost = vhost;
|
tgt->vhost = vhost;
|
||||||
tgt->need_login = 1;
|
tgt->need_login = 1;
|
||||||
tgt->cancel_key = vhost->task_set++;
|
|
||||||
timer_setup(&tgt->timer, ibmvfc_adisc_timeout, 0);
|
timer_setup(&tgt->timer, ibmvfc_adisc_timeout, 0);
|
||||||
kref_init(&tgt->kref);
|
kref_init(&tgt->kref);
|
||||||
ibmvfc_init_tgt(tgt, ibmvfc_tgt_implicit_logout);
|
ibmvfc_init_tgt(tgt, ibmvfc_tgt_implicit_logout);
|
||||||
spin_lock_irqsave(vhost->host->host_lock, flags);
|
spin_lock_irqsave(vhost->host->host_lock, flags);
|
||||||
|
tgt->cancel_key = vhost->task_set++;
|
||||||
list_add_tail(&tgt->queue, &vhost->targets);
|
list_add_tail(&tgt->queue, &vhost->targets);
|
||||||
|
|
||||||
unlock_out:
|
unlock_out:
|
||||||
|
|
Loading…
Reference in New Issue