The comment in iscsi_eh_session_reset is wrong and we don't wait for the EH to complete before tearing down the conn. This has us get a ref to the conn when we are not holding the eh_mutex/frwd_lock so it does not get freed from under us. Reviewed-by: Lee Duncan <lduncan@xxxxxxxx> Signed-off-by: Mike Christie <michael.christie@xxxxxxxxxx> --- drivers/scsi/libiscsi.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c index 6ca3d35a3d11..b7445d9e99d6 100644 --- a/drivers/scsi/libiscsi.c +++ b/drivers/scsi/libiscsi.c @@ -2492,7 +2492,6 @@ int iscsi_eh_session_reset(struct scsi_cmnd *sc) cls_session = starget_to_session(scsi_target(sc->device)); session = cls_session->dd_data; - conn = session->leadconn; mutex_lock(&session->eh_mutex); spin_lock_bh(&session->frwd_lock); @@ -2507,13 +2506,14 @@ int iscsi_eh_session_reset(struct scsi_cmnd *sc) return FAILED; } + conn = session->leadconn; + iscsi_get_conn(conn->cls_conn); + spin_unlock_bh(&session->frwd_lock); mutex_unlock(&session->eh_mutex); - /* - * we drop the lock here but the leadconn cannot be destoyed while - * we are in the scsi eh - */ + iscsi_conn_failure(conn, ISCSI_ERR_SCSI_EH_SESSION_RST); + iscsi_put_conn(conn->cls_conn); ISCSI_DBG_EH(session, "wait for relogin\n"); wait_event_interruptible(conn->ehwait, -- 2.25.1
