• Nicholas Bellinger's avatar
    target: Fix race between iscsi-target connection shutdown + ABORT_TASK · cb0a0062
    Nicholas Bellinger authored
    [ Upstream commit 064cdd2d ]
    
    This patch fixes a race in iscsit_release_commands_from_conn() ->
    iscsit_free_cmd() -> transport_generic_free_cmd() + wait_for_tasks=1,
    where CMD_T_FABRIC_STOP could end up being set after the final
    kref_put() is called from core_tmr_abort_task() context.
    
    This results in transport_generic_free_cmd() blocking indefinately
    on se_cmd->cmd_wait_comp, because the target_release_cmd_kref()
    check for CMD_T_FABRIC_STOP returns false.
    
    To address this bug, make iscsit_release_commands_from_conn()
    do list_splice and set CMD_T_FABRIC_STOP early while holding
    iscsi_conn->cmd_lock.  Also make iscsit_aborted_task() only
    remove iscsi_cmd_t if CMD_T_FABRIC_STOP has not already been
    set.
    
    Finally in target_release_cmd_kref(), only honor fabric_stop
    if CMD_T_ABORTED has been set.
    
    Cc: Mike Christie <mchristi@redhat.com>
    Cc: Quinn Tran <quinn.tran@qlogic.com>
    Cc: Himanshu Madhani <himanshu.madhani@qlogic.com>
    Cc: Christoph Hellwig <hch@lst.de>
    Cc: Hannes Reinecke <hare@suse.de>
    Cc: stable@vger.kernel.org # 3.14+
    Tested-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
    Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
    Signed-off-by: default avatarSasha Levin <alexander.levin@verizon.com>
    cb0a0062
iscsi_target.c 129 KB