From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx> Hi folks, This series addresses a long standing race between when fabric driver se_node_acl lookup and associated pointer dereference happens, and when kref_get() of ->acl_kref actually occurs within __transport_register_session() code. To address this bug, patch #1 makes get_initiator_node_acl lookup obtain ->acl_kref while ->acl_node_mutex is held, and uses existing core_tpg_del_initiator_node_acl() logic for shutdown based on struct kref + struct completion. Also while auditing existing se_node_acl lookup users, there is one particular case in target-core during session queue depth change where lookup is completely unnecessary. Go ahead and drop this pointless lookup in patch #2. Finally, convert the last two remaining fabric drivers that once upon a time where using some manner of internal or quasi internal driver methods for node acl lookup. Do this for tcm_fc + ib_srpt drivers in patch #3 + #4. Please review, --nab Nicholas Bellinger (4): target: Obtain se_node_acl->acl_kref during get_initiator_node_acl target: Remove useless set_initiator_node_queue_depth acl lookup tcm_fc: Convert acl lookup to modern get_initiator_node_acl usage ib_srpt: Convert acl lookup to modern get_initiator_node_acl usage drivers/infiniband/ulp/srpt/ib_srpt.c | 78 ++++++---------------------- drivers/infiniband/ulp/srpt/ib_srpt.h | 2 - drivers/target/iscsi/iscsi_target_configfs.c | 6 +-- drivers/target/iscsi/iscsi_target_tpg.c | 10 ---- drivers/target/iscsi/iscsi_target_tpg.h | 2 - drivers/target/target_core_tpg.c | 29 ++++------- drivers/target/target_core_transport.c | 18 ++++--- drivers/target/tcm_fc/tfc_conf.c | 26 +++------- drivers/target/tcm_fc/tfc_sess.c | 18 ++++--- include/target/target_core_fabric.h | 2 +- 10 files changed, 61 insertions(+), 130 deletions(-) -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html