OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/drivers/target/iscsi
History
Mike Christie fd81f0711d scsi: target: iscsi: Fix cmd abort fabric stop race 
[ Upstream commit f36199355c ]

Maurizio found a race where the abort and cmd stop paths can race as
follows:

 1. thread1 runs iscsit_release_commands_from_conn and sets
    CMD_T_FABRIC_STOP.

 2. thread2 runs iscsit_aborted_task and then does __iscsit_free_cmd. It
    then returns from the aborted_task callout and we finish
    target_handle_abort and do:

    target_handle_abort -> transport_cmd_check_stop_to_fabric ->
	lio_check_stop_free -> target_put_sess_cmd

    The cmd is now freed.

 3. thread1 now finishes iscsit_release_commands_from_conn and runs
    iscsit_free_cmd while accessing a command we just released.

In __target_check_io_state we check for CMD_T_FABRIC_STOP and set the
CMD_T_ABORTED if the driver is not cleaning up the cmd because of a session
shutdown. However, iscsit_release_commands_from_conn only sets the
CMD_T_FABRIC_STOP and does not check to see if the abort path has claimed
completion ownership of the command.

This adds a check in iscsit_release_commands_from_conn so only the abort or
fabric stop path cleanup the command.

Link: https://lore.kernel.org/r/1605318378-9269-1-git-send-email-michael.christie@oracle.com
Reported-by: Maurizio Lombardi <mlombard@redhat.com>
Reviewed-by: Maurizio Lombardi <mlombard@redhat.com>
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2020-12-02 08:49:49 +01:00
..
cxgbit
Kconfig
Makefile
iscsi_target.c scsi: target: iscsi: Fix cmd abort fabric stop race 2020-12-02 08:49:49 +01:00
iscsi_target.h
iscsi_target_auth.c
iscsi_target_auth.h
iscsi_target_configfs.c
iscsi_target_datain_values.c
iscsi_target_datain_values.h
iscsi_target_device.c
iscsi_target_device.h
iscsi_target_erl0.c
iscsi_target_erl0.h
iscsi_target_erl1.c
iscsi_target_erl1.h
iscsi_target_erl2.c
iscsi_target_erl2.h
iscsi_target_login.c
iscsi_target_login.h
iscsi_target_nego.c
iscsi_target_nego.h
iscsi_target_nodeattrib.c
iscsi_target_nodeattrib.h
iscsi_target_parameters.c
iscsi_target_parameters.h
iscsi_target_seq_pdu_list.c
iscsi_target_seq_pdu_list.h
iscsi_target_stat.c
iscsi_target_tmr.c
iscsi_target_tmr.h
iscsi_target_tpg.c
iscsi_target_tpg.h
iscsi_target_transport.c
iscsi_target_util.c
iscsi_target_util.h