diff options
author | Bart Van Assche <bvanassche@acm.org> | 2013-08-14 15:35:29 +0000 |
---|---|---|
committer | Robert Love <robert.w.love@intel.com> | 2013-09-04 13:16:25 -0700 |
commit | b86788658be425a5454246a954721d9122d2b3d6 (patch) | |
tree | c8faadee82cd2149e3af75996b51d4db90072724 | |
parent | 8d08023687e2515f2a48235aed80b6982025cd09 (diff) | |
download | lwn-b86788658be425a5454246a954721d9122d2b3d6.tar.gz lwn-b86788658be425a5454246a954721d9122d2b3d6.zip |
libfc: Fix a race in fc_exch_timer_set_locked()
It is allowed to pass a zero timeout value to fc_seq_exch_abort().
Avoid that this can cause the timeout function to drop the exchange
reference before it has been increased by fc_exch_timer_set_locked().
This patch fixes a crash when running FCoE target code with poisoning
enabled in the memory allocator.
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Cc: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Robert Love <robert.w.love@intel.com>
-rw-r--r-- | drivers/scsi/libfc/fc_exch.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c index f6bb0fbf422f..7000203845bd 100644 --- a/drivers/scsi/libfc/fc_exch.c +++ b/drivers/scsi/libfc/fc_exch.c @@ -360,9 +360,10 @@ static inline void fc_exch_timer_set_locked(struct fc_exch *ep, FC_EXCH_DBG(ep, "Exchange timer armed : %d msecs\n", timer_msec); - if (queue_delayed_work(fc_exch_workqueue, &ep->timeout_work, - msecs_to_jiffies(timer_msec))) - fc_exch_hold(ep); /* hold for timer */ + fc_exch_hold(ep); /* hold for timer */ + if (!queue_delayed_work(fc_exch_workqueue, &ep->timeout_work, + msecs_to_jiffies(timer_msec))) + fc_exch_release(ep); } /** |