diff options
| author | Nicholas Bellinger <nab@linux-iscsi.org> | 2013-12-11 18:45:32 -0500 |
|---|---|---|
| committer | Nicholas Bellinger <nab@linux-iscsi.org> | 2013-12-19 03:18:25 -0500 |
| commit | db6077fd0b7dd41dc6ff18329cec979379071f87 (patch) | |
| tree | 7491659574ec90fa70a41fa3401aadc8ab55e3cb | |
| parent | 63832aabec12a28a41a221773ab3819d30ba0a67 (diff) | |
iscsi-target: Fix incorrect np->np_thread NULL assignment
When shutting down a target there is a race condition between
iscsit_del_np() and __iscsi_target_login_thread().
The latter sets the thread pointer to NULL, and the former
tries to issue kthread_stop() on that pointer without any
synchronization.
This patch moves the np->np_thread NULL assignment into
iscsit_del_np(), after kthread_stop() has completed. It also
removes the signal_pending() + np_state check, and only
exits when kthread_should_stop() is true.
Reported-by: Hannes Reinecke <hare@suse.de>
Cc: <stable@vger.kernel.org> #3.12+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
| -rw-r--r-- | drivers/target/iscsi/iscsi_target.c | 1 | ||||
| -rw-r--r-- | drivers/target/iscsi/iscsi_target_login.c | 6 |
2 files changed, 1 insertions, 6 deletions
diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c index 02182ab017b1..00867190413c 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c | |||
| @@ -465,6 +465,7 @@ int iscsit_del_np(struct iscsi_np *np) | |||
| 465 | */ | 465 | */ |
| 466 | send_sig(SIGINT, np->np_thread, 1); | 466 | send_sig(SIGINT, np->np_thread, 1); |
| 467 | kthread_stop(np->np_thread); | 467 | kthread_stop(np->np_thread); |
| 468 | np->np_thread = NULL; | ||
| 468 | } | 469 | } |
| 469 | 470 | ||
| 470 | np->np_transport->iscsit_free_np(np); | 471 | np->np_transport->iscsit_free_np(np); |
diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c index 4eb93b2b6473..e29279e6b577 100644 --- a/drivers/target/iscsi/iscsi_target_login.c +++ b/drivers/target/iscsi/iscsi_target_login.c | |||
| @@ -1403,11 +1403,6 @@ old_sess_out: | |||
| 1403 | 1403 | ||
| 1404 | out: | 1404 | out: |
| 1405 | stop = kthread_should_stop(); | 1405 | stop = kthread_should_stop(); |
| 1406 | if (!stop && signal_pending(current)) { | ||
| 1407 | spin_lock_bh(&np->np_thread_lock); | ||
| 1408 | stop = (np->np_thread_state == ISCSI_NP_THREAD_SHUTDOWN); | ||
| 1409 | spin_unlock_bh(&np->np_thread_lock); | ||
| 1410 | } | ||
| 1411 | /* Wait for another socket.. */ | 1406 | /* Wait for another socket.. */ |
| 1412 | if (!stop) | 1407 | if (!stop) |
| 1413 | return 1; | 1408 | return 1; |
| @@ -1415,7 +1410,6 @@ exit: | |||
| 1415 | iscsi_stop_login_thread_timer(np); | 1410 | iscsi_stop_login_thread_timer(np); |
| 1416 | spin_lock_bh(&np->np_thread_lock); | 1411 | spin_lock_bh(&np->np_thread_lock); |
| 1417 | np->np_thread_state = ISCSI_NP_THREAD_EXIT; | 1412 | np->np_thread_state = ISCSI_NP_THREAD_EXIT; |
| 1418 | np->np_thread = NULL; | ||
| 1419 | spin_unlock_bh(&np->np_thread_lock); | 1413 | spin_unlock_bh(&np->np_thread_lock); |
| 1420 | 1414 | ||
| 1421 | return 0; | 1415 | return 0; |