Thread (1 message) 1 message, 1 author, 2017-06-28

Re: [PATCH RESEND] scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state

From: "Martin K. Petersen" <martin.petersen@oracle.com>
Date: 2017-06-28 01:09:52
Also in: linux-scsi

Ewan,
The addition of the STARGET_REMOVE state had the side effect of
introducing a race condition that can cause a crash.

scsi_target_reap_ref_release() checks the starget->state to
see if it still in STARGET_CREATED, and if so, skips calling
transport_remove_device() and device_del(), because the starget->state
is only set to STARGET_RUNNING after scsi_target_add() has called
device_add() and transport_add_device().

However, if an rport loss occurs while a target is being scanned,
it can happen that scsi_remove_target() will be called while the
starget is still in the STARGET_CREATED state.  In this case, the
starget->state will be set to STARGET_REMOVE, and as a result,
scsi_target_reap_ref_release() will take the wrong path.  The end
result is a panic:
Johannes/Bart/James: Please review!

-- 
Martin K. Petersen	Oracle Linux Engineering
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help