iscsi-target: Fix incorrect np->np_thread NULL assignment
When shutting down a target there is a race condition between iscsit_del_np() and __iscsi_target_login_thread(). The latter sets the thread pointer to NULL, and the former tries to issue kthread_stop() on that pointer without any synchronization. This patch moves the np->np_thread NULL assignment into iscsit_del_np(), after kthread_stop() has completed. It also removes the signal_pending() + np_state check, and only exits when kthread_should_stop() is true. Reported-by: Hannes Reinecke <hare@suse.de> Cc: <stable@vger.kernel.org> #3.12+ Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
This commit is contained in:
parent
63832aabec
commit
db6077fd0b
2 changed files with 1 additions and 6 deletions
|
@ -465,6 +465,7 @@ int iscsit_del_np(struct iscsi_np *np)
|
|||
*/
|
||||
send_sig(SIGINT, np->np_thread, 1);
|
||||
kthread_stop(np->np_thread);
|
||||
np->np_thread = NULL;
|
||||
}
|
||||
|
||||
np->np_transport->iscsit_free_np(np);
|
||||
|
|
|
@ -1403,11 +1403,6 @@ static int __iscsi_target_login_thread(struct iscsi_np *np)
|
|||
|
||||
out:
|
||||
stop = kthread_should_stop();
|
||||
if (!stop && signal_pending(current)) {
|
||||
spin_lock_bh(&np->np_thread_lock);
|
||||
stop = (np->np_thread_state == ISCSI_NP_THREAD_SHUTDOWN);
|
||||
spin_unlock_bh(&np->np_thread_lock);
|
||||
}
|
||||
/* Wait for another socket.. */
|
||||
if (!stop)
|
||||
return 1;
|
||||
|
@ -1415,7 +1410,6 @@ static int __iscsi_target_login_thread(struct iscsi_np *np)
|
|||
iscsi_stop_login_thread_timer(np);
|
||||
spin_lock_bh(&np->np_thread_lock);
|
||||
np->np_thread_state = ISCSI_NP_THREAD_EXIT;
|
||||
np->np_thread = NULL;
|
||||
spin_unlock_bh(&np->np_thread_lock);
|
||||
|
||||
return 0;
|
||||
|
|
Loading…
Reference in a new issue