Remove an SRP target from the SRP target list before invoking the last
scsi_host_put() call. This change is necessary because that last put
frees the memory that holds the srp_target_port structure.
This patch prevents the following kernel oops:
RIP: 0010:[<
ffffffff810b00d0>] __lock_acquire+0x500/0x1570
Call Trace:
[<
ffffffff810b11e4>] lock_acquire+0xa4/0x120
[<
ffffffff81531206>] _spin_lock+0x36/0x70
[<
ffffffffa01b6d8f>] srp_remove_work+0xef/0x180 [ib_srp]
[<
ffffffff8109125c>] worker_thread+0x21c/0x3d0
[<
ffffffff81096e86>] kthread+0x96/0xa0
[<
ffffffff8100c20a>] child_rip+0xa/0x20
Signed-off-by: Vu Pham <vuhuong@mellanox.com>
[ bvanassche - Modified path description and CC'ed stable. ]
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Roland Dreier <roland@purestorage.com>
cancel_work_sync(&target->tl_err_work);
srp_rport_put(target->rport);
srp_free_req_data(target);
+
+ spin_lock(&target->srp_host->target_lock);
+ list_del(&target->list);
+ spin_unlock(&target->srp_host->target_lock);
+
scsi_host_put(target->scsi_host);
}
WARN_ON_ONCE(target->state != SRP_TARGET_REMOVED);
srp_remove_target(target);
-
- spin_lock(&target->srp_host->target_lock);
- list_del(&target->list);
- spin_unlock(&target->srp_host->target_lock);
}
static void srp_rport_delete(struct srp_rport *rport)
projects / cascardo / linux.git / commitdiff