From: Robert Love <robert.w.love@intel.com>
To: linux-scsi@vger.kernel.org
Cc: Bart Van Assche <bvanassche@acm.org>,
Neil Horman <nhorman@tuxdriver.com>
Subject: [PATCH 08/16] libfc: Fix a race in fc_exch_timer_set_locked()
Date: Thu, 05 Sep 2013 12:13:01 -0700 [thread overview]
Message-ID: <20130905191301.15235.71555.stgit@fritz> (raw)
In-Reply-To: <20130905191218.15235.85917.stgit@fritz>
From: Bart Van Assche <bvanassche@acm.org>
It is allowed to pass a zero timeout value to fc_seq_exch_abort().
Avoid that this can cause the timeout function to drop the exchange
reference before it has been increased by fc_exch_timer_set_locked().
This patch fixes a crash when running FCoE target code with poisoning
enabled in the memory allocator.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Cc: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Robert Love <robert.w.love@intel.com>
---
drivers/scsi/libfc/fc_exch.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c
index f6bb0fb..7000203 100644
--- a/drivers/scsi/libfc/fc_exch.c
+++ b/drivers/scsi/libfc/fc_exch.c
@@ -360,9 +360,10 @@ static inline void fc_exch_timer_set_locked(struct fc_exch *ep,
FC_EXCH_DBG(ep, "Exchange timer armed : %d msecs\n", timer_msec);
- if (queue_delayed_work(fc_exch_workqueue, &ep->timeout_work,
- msecs_to_jiffies(timer_msec)))
- fc_exch_hold(ep); /* hold for timer */
+ fc_exch_hold(ep); /* hold for timer */
+ if (!queue_delayed_work(fc_exch_workqueue, &ep->timeout_work,
+ msecs_to_jiffies(timer_msec)))
+ fc_exch_release(ep);
}
/**
next prev parent reply other threads:[~2013-09-05 19:13 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-05 19:12 [PATCH 00/16] libfc, libfcoe, fcoe updates for 3.12(+) Robert Love
2013-09-05 19:12 ` [PATCH 01/16] fcoe: ensure that skb placed on the fip_recv_list are unshared Robert Love
2013-09-05 19:12 ` [PATCH 02/16] fcoe: make sure fcoe frames are unshared prior to manipulating them Robert Love
2013-09-05 19:12 ` [PATCH 03/16] fcoe: cleanup return codes from fcoe_rcv Robert Love
2013-09-05 19:12 ` [PATCH 04/16] libfc: Source code comment spelling fixes Robert Love
2013-09-05 19:12 ` [PATCH 05/16] libfc: Debug code fixes Robert Love
2013-09-05 19:12 ` [PATCH 06/16] libfc: Micro-optimize fc_setup_exch_mgr() Robert Love
2013-09-05 19:12 ` [PATCH 07/16] libfc: Clarify fc_exch_find() Robert Love
2013-09-05 19:13 ` Robert Love [this message]
2013-09-05 19:13 ` [PATCH 09/16] libfc: Protect ep->esb_stat changes via ex_lock Robert Love
2013-09-05 19:13 ` [PATCH 10/16] libfc: Avoid that sending after an abort triggers a kernel warning Robert Love
2013-09-05 19:13 ` [PATCH 11/16] libfc: Reduce exchange lock contention in fc_exch_recv_abts() Robert Love
2013-09-05 19:13 ` [PATCH 12/16] libfc: Do not invoke the response handler after fc_exch_done() Robert Love
2013-09-05 19:13 ` [PATCH 13/16] fcp: Do not interpret check condition as underrun Robert Love
2013-09-05 19:13 ` [PATCH 14/16] fcoe: Declare fcoe_ctlr_mode_set() static Robert Love
2013-09-05 19:13 ` [PATCH 15/16] fcoe: Add missing newlines in debug messages Robert Love
2013-09-05 19:13 ` [PATCH 16/16] fcoe: Reduce fcoe_sysfs_fcf_add() stack usage Robert Love
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130905191301.15235.71555.stgit@fritz \
--to=robert.w.love@intel.com \
--cc=bvanassche@acm.org \
--cc=linux-scsi@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.