summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoe Eykholt <jeykholt@cisco.com>2009-08-25 21:03:15 (GMT)
committerJames Bottomley <James.Bottomley@suse.de>2009-09-10 17:07:59 (GMT)
commit25b37b981e706c6df72c28c94f7787c3ea0cd343 (patch)
treed1b07c6ef9fc1b659056315b4ac95de27c9d0bd9
parent131203a1ef53f3a4deb3260031bc53c7e4db4a24 (diff)
downloadlinux-25b37b981e706c6df72c28c94f7787c3ea0cd343.tar.xz
[SCSI] libfc: fix: rport_recv_req needs disc_mutex when calling rport_lookup
The rport_lookup function must be called while holding the disc_mutex. Otherwise, the rdata could be deleted just after that by another thread. All callers now check the state after grabbing the rdata rp_mutex. Even though rport_lookup skips ports in DELETE state, it does that without holding the rdata rp_mutex, so that the state may change. Signed-off-by: Joe Eykholt <jeykholt@cisco.com> Signed-off-by: Robert Love <robert.w.love@intel.com> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
-rw-r--r--drivers/scsi/libfc/fc_rport.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/drivers/scsi/libfc/fc_rport.c b/drivers/scsi/libfc/fc_rport.c
index acdc72d..02200b2 100644
--- a/drivers/scsi/libfc/fc_rport.c
+++ b/drivers/scsi/libfc/fc_rport.c
@@ -932,14 +932,17 @@ void fc_rport_recv_req(struct fc_seq *sp, struct fc_frame *fp,
fh = fc_frame_header_get(fp);
s_id = ntoh24(fh->fh_s_id);
+ mutex_lock(&lport->disc.disc_mutex);
rdata = lport->tt.rport_lookup(lport, s_id);
if (!rdata) {
+ mutex_unlock(&lport->disc.disc_mutex);
els_data.reason = ELS_RJT_UNAB;
lport->tt.seq_els_rsp_send(sp, ELS_LS_RJT, &els_data);
fc_frame_free(fp);
return;
}
mutex_lock(&rdata->rp_mutex);
+ mutex_unlock(&lport->disc.disc_mutex);
op = fc_frame_payload_op(fp);
switch (op) {