target: close target_put_sess_cmd() vs. core_tmr_abort_task() race (ccf5ae83) · Commits · Mirrors / github.com / raspberrypi_linux

Commit ccf5ae83 authored May 13, 2013 by

Joern Engel Committed by Nicholas Bellinger May 15, 2013

target: close target_put_sess_cmd() vs. core_tmr_abort_task() race



It is possible for one thread to to take se_sess->sess_cmd_lock in
core_tmr_abort_task() before taking a reference count on
se_cmd->cmd_kref, while another thread in target_put_sess_cmd() drops
se_cmd->cmd_kref before taking se_sess->sess_cmd_lock.

This introduces kref_put_spinlock_irqsave() and uses it in
target_put_sess_cmd() to close the race window.

Signed-off-by: Joern Engel <joern@logfs.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

parent a1321ddd

Hide whitespace changes

Inline Side-by-side

Please register or to comment