| Message ID | 20210910010220.24073-4-dinghui@sangfor.com.cn (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | fix several bugs about libiscsi | expand |
On 9/9/21 8:02 PM, Ding Hui wrote: > like commit fda290c5ae98 ("scsi: iscsi: Get ref to conn during reset > handling"), because in iscsi_exec_task_mgmt_fn(), the eh_mutex and > frwd_lock will be unlock, the conn also can be released if we not > hold ref. > This should not happen because we only access the conn if the session state is ISCSI_STATE_LOGGED_IN. So on entry of the iscsi_eh_* functions we grab the lock and mutex and check the session state. If logged in then we access the conn. We then drop the lock/mutex to do the TMF/IO and do a wait. When we wake up, we retake the lock/mutex and then check the state again. But yeah, the code sucks (it's my fault) in that its half refcount half locks and state checks like that. Ideally we should fully convert to the refcounts and move the teardown/freeing to the release function. I was going to do this in a patchset to fix up the EH/TMF code after I get my lock removal patches merged. > Signed-off-by: Ding Hui <dinghui@sangfor.com.cn> > --- > drivers/scsi/libiscsi.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c > index 69b3b2148328..4d3b37c20f8a 100644 > --- a/drivers/scsi/libiscsi.c > +++ b/drivers/scsi/libiscsi.c > @@ -2398,7 +2398,7 @@ int iscsi_eh_device_reset(struct scsi_cmnd *sc) > { > struct iscsi_cls_session *cls_session; > struct iscsi_session *session; > - struct iscsi_conn *conn; > + struct iscsi_conn *conn = NULL; > struct iscsi_tm *hdr; > int rc = FAILED; > > @@ -2417,6 +2417,7 @@ int iscsi_eh_device_reset(struct scsi_cmnd *sc) > if (!session->leadconn || session->state != ISCSI_STATE_LOGGED_IN) > goto unlock; > conn = session->leadconn; > + iscsi_get_conn(conn->cls_conn); > > /* only have one tmf outstanding at a time */ > if (session->tmf_state != TMF_INITIAL) > @@ -2463,6 +2464,8 @@ int iscsi_eh_device_reset(struct scsi_cmnd *sc) > done: > ISCSI_DBG_EH(session, "dev reset result = %s\n", > rc == SUCCESS ? "SUCCESS" : "FAILED"); > + if (conn) > + iscsi_put_conn(conn->cls_conn); > mutex_unlock(&session->eh_mutex); > return rc; > } > @@ -2560,7 +2563,7 @@ static int iscsi_eh_target_reset(struct scsi_cmnd *sc) > { > struct iscsi_cls_session *cls_session; > struct iscsi_session *session; > - struct iscsi_conn *conn; > + struct iscsi_conn *conn = NULL; > struct iscsi_tm *hdr; > int rc = FAILED; > > @@ -2579,6 +2582,7 @@ static int iscsi_eh_target_reset(struct scsi_cmnd *sc) > if (!session->leadconn || session->state != ISCSI_STATE_LOGGED_IN) > goto unlock; > conn = session->leadconn; > + iscsi_get_conn(conn->cls_conn); > > /* only have one tmf outstanding at a time */ > if (session->tmf_state != TMF_INITIAL) > @@ -2625,6 +2629,8 @@ static int iscsi_eh_target_reset(struct scsi_cmnd *sc) > done: > ISCSI_DBG_EH(session, "tgt %s reset result = %s\n", session->targetname, > rc == SUCCESS ? "SUCCESS" : "FAILED"); > + if (conn) > + iscsi_put_conn(conn->cls_conn); > mutex_unlock(&session->eh_mutex); > return rc; > } >
diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c index 69b3b2148328..4d3b37c20f8a 100644 --- a/drivers/scsi/libiscsi.c +++ b/drivers/scsi/libiscsi.c @@ -2398,7 +2398,7 @@ int iscsi_eh_device_reset(struct scsi_cmnd *sc) { struct iscsi_cls_session *cls_session; struct iscsi_session *session; - struct iscsi_conn *conn; + struct iscsi_conn *conn = NULL; struct iscsi_tm *hdr; int rc = FAILED; @@ -2417,6 +2417,7 @@ int iscsi_eh_device_reset(struct scsi_cmnd *sc) if (!session->leadconn || session->state != ISCSI_STATE_LOGGED_IN) goto unlock; conn = session->leadconn; + iscsi_get_conn(conn->cls_conn); /* only have one tmf outstanding at a time */ if (session->tmf_state != TMF_INITIAL) @@ -2463,6 +2464,8 @@ int iscsi_eh_device_reset(struct scsi_cmnd *sc) done: ISCSI_DBG_EH(session, "dev reset result = %s\n", rc == SUCCESS ? "SUCCESS" : "FAILED"); + if (conn) + iscsi_put_conn(conn->cls_conn); mutex_unlock(&session->eh_mutex); return rc; } @@ -2560,7 +2563,7 @@ static int iscsi_eh_target_reset(struct scsi_cmnd *sc) { struct iscsi_cls_session *cls_session; struct iscsi_session *session; - struct iscsi_conn *conn; + struct iscsi_conn *conn = NULL; struct iscsi_tm *hdr; int rc = FAILED; @@ -2579,6 +2582,7 @@ static int iscsi_eh_target_reset(struct scsi_cmnd *sc) if (!session->leadconn || session->state != ISCSI_STATE_LOGGED_IN) goto unlock; conn = session->leadconn; + iscsi_get_conn(conn->cls_conn); /* only have one tmf outstanding at a time */ if (session->tmf_state != TMF_INITIAL) @@ -2625,6 +2629,8 @@ static int iscsi_eh_target_reset(struct scsi_cmnd *sc) done: ISCSI_DBG_EH(session, "tgt %s reset result = %s\n", session->targetname, rc == SUCCESS ? "SUCCESS" : "FAILED"); + if (conn) + iscsi_put_conn(conn->cls_conn); mutex_unlock(&session->eh_mutex); return rc; }
like commit fda290c5ae98 ("scsi: iscsi: Get ref to conn during reset handling"), because in iscsi_exec_task_mgmt_fn(), the eh_mutex and frwd_lock will be unlock, the conn also can be released if we not hold ref. Signed-off-by: Ding Hui <dinghui@sangfor.com.cn> --- drivers/scsi/libiscsi.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)