[PATCH 03/16] libfc: fix oops in point-to-point mode

public inbox for linux-scsi@vger.kernel.org
 help / color / mirror / Atom feed

From: Robert Love <robert.w.love@intel.com>
To: James.Bottomley@suse.de, linux-scsi@vger.kernel.org
Cc: Joe Eykholt <jeykholt@cisco.com>, Robert Love <robert.w.love@intel.com>
Subject: [PATCH 03/16] libfc: fix oops in point-to-point mode
Date: Fri, 12 Mar 2010 16:07:46 -0800	[thread overview]
Message-ID: <20100313000746.22251.7776.stgit@localhost.localdomain> (raw)
In-Reply-To: <20100313000730.22251.54662.stgit@localhost.localdomain>

From: Joe Eykholt <jeykholt@cisco.com>

In point-to-point mode, if the PLOGI to the remote port times
out, it can get deleted by the remote port module.  Since there's
no reference by the local port, lport->ptp_data points to a freed
rport, and when the local port is reset and tries to logout again,
an oops occurs in mutex_lock_nested().

Hold a reference count on the point-to-point rdata.

Signed-off-by: Joe Eykholt <jeykholt@cisco.com>
Signed-off-by: Robert Love <robert.w.love@intel.com>
---

 drivers/scsi/libfc/fc_lport.c |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/libfc/fc_lport.c b/drivers/scsi/libfc/fc_lport.c
index 7ec8ce7..af7343a 100644
--- a/drivers/scsi/libfc/fc_lport.c
+++ b/drivers/scsi/libfc/fc_lport.c
@@ -227,9 +227,12 @@ static void fc_lport_ptp_setup(struct fc_lport *lport,
 			       u64 remote_wwnn)
 {
 	mutex_lock(&lport->disc.disc_mutex);
-	if (lport->ptp_rdata)
+	if (lport->ptp_rdata) {
 		lport->tt.rport_logoff(lport->ptp_rdata);
+		kref_put(&lport->ptp_rdata->kref, lport->tt.rport_destroy);
+	}
 	lport->ptp_rdata = lport->tt.rport_create(lport, remote_fid);
+	kref_get(&lport->ptp_rdata->kref);
 	lport->ptp_rdata->ids.port_name = remote_wwpn;
 	lport->ptp_rdata->ids.node_name = remote_wwnn;
 	mutex_unlock(&lport->disc.disc_mutex);
@@ -946,7 +949,11 @@ static void fc_lport_reset_locked(struct fc_lport *lport)
 	if (lport->dns_rdata)
 		lport->tt.rport_logoff(lport->dns_rdata);
 
-	lport->ptp_rdata = NULL;
+	if (lport->ptp_rdata) {
+		lport->tt.rport_logoff(lport->ptp_rdata);
+		kref_put(&lport->ptp_rdata->kref, lport->tt.rport_destroy);
+		lport->ptp_rdata = NULL;
+	}
 
 	lport->tt.disc_stop(lport);

next prev parent reply	other threads:[~2010-03-13  0:07 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-03-13  0:07 [PATCH 00/16] libfc, libfcoe and fcoe fixes for 2.6.34 Robert Love
2010-03-13  0:07 ` [PATCH 01/16] libfc: recode incoming PRLI handling Robert Love
2010-03-13  0:07 ` [PATCH 02/16] libfc: add definition for task attribute mask Robert Love
2010-03-13  0:07 ` Robert Love [this message]
2010-03-13  0:07 ` [PATCH 04/16] fcoe: call fcoe_ctlr_els_send even for ELS responses Robert Love
2010-03-13  0:07 ` [PATCH 05/16] libfcoe: fix debug message entering non-FIP mode Robert Love
2010-03-13  0:08 ` [PATCH 06/16] fcoe: save gateway address when receiving FLOGI request Robert Love
2010-03-13  0:08 ` [PATCH 07/16] libfc: recognize incoming FLOGI for point-to-point mode Robert Love
2010-03-13  0:08 ` [PATCH 08/16] libfc: send point-to-poin FLOGI LS_ACC to assigned D_DID Robert Love
2010-03-13  0:08 ` [PATCH 09/16] fcoe: remove an unused variable in fcoe_recv_frame() Robert Love
2010-03-13  0:08 ` [PATCH 10/16] libfcoe: eliminate unused link and last_link fields Robert Love
2010-03-13  0:08 ` [PATCH 11/16] libfc: fix sequence-initiative WARN in fc_seq_start_next Robert Love
2010-03-13  0:08 ` [PATCH 12/16] libfc: fixes unnecessary seq id jump Robert Love
2010-03-13  0:08 ` [PATCH 13/16] libfc: use offload EM instance again instead jumping to next EM Robert Love
2010-03-13  0:08 ` [PATCH 14/16] libfc: fix fcp pkt recovery in fc_fcp_recv_data Robert Love
2010-03-13  0:08 ` [PATCH 15/16] libfc: Add debug statements when fc_fcp returns DID_ERROR to scsi-ml Robert Love
2010-03-13  0:08 ` [PATCH 16/16] libfc, libfcoe, fcoe: use smp_processor_id() only when preempt disabled Robert Love

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7ec8ce7 dfblob:af7343a )
 OR (
bs:"[PATCH 03/16] libfc: fix oops in point-to-point mode" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20100313000746.22251.7776.stgit@localhost.localdomain \
    --to=robert.w.love@intel.com \
    --cc=James.Bottomley@suse.de \
    --cc=jeykholt@cisco.com \
    --cc=linux-scsi@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox