From 65d7dd2f3479ef5aec1d9ddd1481cb7851c11af6 Mon Sep 17 00:00:00 2001 From: Vu Pham Date: Thu, 10 Oct 2013 13:50:29 +0200 Subject: [PATCH] IB/srp: Remove target from list before freeing Scsi_Host structure Remove an SRP target from the SRP target list before invoking the last scsi_host_put() call. This change is necessary because that last put frees the memory that holds the srp_target_port structure. This patch prevents the following kernel oops: RIP: 0010:[] __lock_acquire+0x500/0x1570 Call Trace: [] lock_acquire+0xa4/0x120 [] _spin_lock+0x36/0x70 [] srp_remove_work+0xef/0x180 [ib_srp] [] worker_thread+0x21c/0x3d0 [] kthread+0x96/0xa0 [] child_rip+0xa/0x20 Signed-off-by: Vu Pham [ bvanassche - Modified path description and CC'ed stable. ] Signed-off-by: Bart Van Assche Cc: Signed-off-by: Roland Dreier --- drivers/infiniband/ulp/srp/ib_srp.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c index a8f8d0b8a777..a8c06c4451c0 100644 --- a/drivers/infiniband/ulp/srp/ib_srp.c +++ b/drivers/infiniband/ulp/srp/ib_srp.c @@ -666,6 +666,11 @@ static void srp_remove_target(struct srp_target_port *target) cancel_work_sync(&target->tl_err_work); srp_rport_put(target->rport); srp_free_req_data(target); + + spin_lock(&target->srp_host->target_lock); + list_del(&target->list); + spin_unlock(&target->srp_host->target_lock); + scsi_host_put(target->scsi_host); } @@ -677,10 +682,6 @@ static void srp_remove_work(struct work_struct *work) WARN_ON_ONCE(target->state != SRP_TARGET_REMOVED); srp_remove_target(target); - - spin_lock(&target->srp_host->target_lock); - list_del(&target->list); - spin_unlock(&target->srp_host->target_lock); } static void srp_rport_delete(struct srp_rport *rport)