On 5/23/21 10:57 AM, Mike Christie wrote: > If scsi-ml is aborting a task when we are tearing down the conn we could > free the conn while the abort thread is accessing the conn. This has the > abort handler get a ref to the conn so it won't be freed from under it. > > Note: this is not needed for device/target reset because we are holding > the eh_mutex when accessing the conn. > > Signed-off-by: Mike Christie <michael.christie@xxxxxxxxxx> > --- > drivers/scsi/libiscsi.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c > index ab39d7f65bbb..6ca3d35a3d11 100644 > --- a/drivers/scsi/libiscsi.c > +++ b/drivers/scsi/libiscsi.c > @@ -2285,6 +2285,7 @@ int iscsi_eh_abort(struct scsi_cmnd *sc) > } > > conn = session->leadconn; > + iscsi_get_conn(conn->cls_conn); > conn->eh_abort_cnt++; > age = session->age; > > @@ -2295,9 +2296,7 @@ int iscsi_eh_abort(struct scsi_cmnd *sc) > ISCSI_DBG_EH(session, "sc completed while abort in progress\n"); > > spin_unlock(&session->back_lock); > - spin_unlock_bh(&session->frwd_lock); > - mutex_unlock(&session->eh_mutex); > - return SUCCESS; > + goto success; > } > ISCSI_DBG_EH(session, "aborting [sc %p itt 0x%x]\n", sc, task->itt); > __iscsi_get_task(task); > @@ -2364,6 +2363,7 @@ int iscsi_eh_abort(struct scsi_cmnd *sc) > ISCSI_DBG_EH(session, "abort success [sc %p itt 0x%x]\n", > sc, task->itt); > iscsi_put_task(task); > + iscsi_put_conn(conn->cls_conn); > mutex_unlock(&session->eh_mutex); > return SUCCESS; > > @@ -2373,6 +2373,7 @@ int iscsi_eh_abort(struct scsi_cmnd *sc) > ISCSI_DBG_EH(session, "abort failed [sc %p itt 0x%x]\n", sc, > task ? task->itt : 0); > iscsi_put_task(task); > + iscsi_put_conn(conn->cls_conn); > mutex_unlock(&session->eh_mutex); > return FAILED; > } > Reviewed-by: Lee Duncan <lduncan@xxxxxxxx>
