mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-08-27 19:29:37 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/target
History
Nicholas Bellinger 49cb77e297 target: Avoid mappedlun symlink creation during lun shutdown 
This patch closes a race between se_lun deletion during configfs
unlink in target_fabric_port_unlink() -> core_dev_del_lun()
-> core_tpg_remove_lun(), when transport_clear_lun_ref() blocks
waiting for percpu_ref RCU grace period to finish, but a new
NodeACL mappedlun is added before the RCU grace period has
completed.

This can happen in target_fabric_mappedlun_link() because it
only checks for se_lun->lun_se_dev, which is not cleared until
after transport_clear_lun_ref() percpu_ref RCU grace period
finishes.

This bug originally manifested as NULL pointer dereference
OOPsen in target_stat_scsi_att_intr_port_show_attr_dev() on
v4.1.y code, because it dereferences lun->lun_se_dev without
a explicit NULL pointer check.

In post v4.1 code with target-core RCU conversion, the code
in target_stat_scsi_att_intr_port_show_attr_dev() no longer
uses se_lun->lun_se_dev, but the same race still exists.

To address the bug, go ahead and set se_lun>lun_shutdown as
early as possible in core_tpg_remove_lun(), and ensure new
NodeACL mappedlun creation in target_fabric_mappedlun_link()
fails during se_lun shutdown.

Reported-by: James Shen <jcs@datera.io>
Cc: James Shen <jcs@datera.io>
Tested-by: James Shen <jcs@datera.io>
Cc: stable@vger.kernel.org # 3.10+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2017-03-30 01:36:52 -07:00
..
iscsi iscsi-target: Fix TMR reference leak during session shutdown 2017-03-30 01:36:51 -07:00
loopback target: Minimize #include directives 2016-12-09 10:22:28 -08:00
sbp sbp-target: Add an #include directive 2016-12-09 10:20:10 -08:00
tcm_fc Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-03-02 14:52:05 -08:00
Kconfig block: make scsi_request and scsi ioctl support optional 2017-01-31 10:53:05 -07:00
Makefile target: Put TCMU under a new config option 2015-04-19 22:41:12 -07:00
target_core_alua.c target: fix race during implicit transition work flushes 2017-03-18 14:47:29 -07:00
target_core_alua.h target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_configfs.c target: Drop pointless tfo->check_stop_free check 2017-03-18 14:42:50 -07:00
target_core_device.c target: Fix NULL dereference during LUN lookup + active I/O shutdown 2017-02-26 16:08:44 -08:00
target_core_fabric_configfs.c target: Avoid mappedlun symlink creation during lun shutdown 2017-03-30 01:36:52 -07:00
target_core_fabric_lib.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
target_core_file.c target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_file.h target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_hba.c target: Fix target_sense_desc_format NULL pointer dereference 2015-09-24 23:17:23 -07:00
target_core_iblock.c block,fs: use REQ_* flags directly 2016-11-01 09:43:26 -06:00
target_core_iblock.h target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_internal.h target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_pr.c locking/atomic, kref: Add kref_read() 2017-01-14 11:37:18 +01:00
target_core_pr.h target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_pscsi.c target: allow ALUA setup for some passthrough backends 2017-03-18 14:47:25 -07:00
target_core_pscsi.h target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_rd.c target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_rd.h target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_sbc.c target: Fix VERIFY_16 handling in sbc_parse_cdb 2017-03-07 22:15:23 -08:00
target_core_spc.c target: Remove enum transport_lunflags_table 2016-03-10 21:48:55 -08:00
target_core_stat.c target: Add counters for ABORT_TASK success + failure 2017-02-26 16:21:06 -08:00
target_core_tmr.c target: Add counters for ABORT_TASK success + failure 2017-02-26 16:21:06 -08:00
target_core_tpg.c target: Avoid mappedlun symlink creation during lun shutdown 2017-03-30 01:36:52 -07:00
target_core_transport.c target: Drop pointless tfo->check_stop_free check 2017-03-18 14:42:50 -07:00
target_core_ua.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-07-04 14:13:43 -07:00
target_core_ua.h target: Minimize #include directives 2016-12-09 10:22:28 -08:00
target_core_user.c tcmu: Allow cmd_time_out to be set to zero (disabled) 2017-03-30 01:36:44 -07:00
target_core_xcopy.c target: Use correct SCSI status during EXTENDED_COPY exception 2017-02-08 07:46:54 -08:00
target_core_xcopy.h target: check for XCOPY parameter truncation 2017-01-10 08:41:27 -08:00