[PATCH AUTOSEL for 4.14 024/110] scsi: core: check for device state in __scsi_remove_target()
From: Sasha Levin
Date: Sat Feb 03 2018 - 13:53:05 EST
From: Hannes Reinecke <hare@xxxxxxx>
[ Upstream commit 81b6c999897919d5a16fedc018fe375dbab091c5 ]
As it turned out device_get() doesn't use kref_get_unless_zero(), so we
will be always getting a device pointer. Consequently, we need to check
for the device state in __scsi_remove_target() to avoid tripping over
deleted objects.
Fixes: fbce4d97fd43 ("scsi: fixup kernel warning during rmmod()")
Reported-by: Jason Yan <yanaijie@xxxxxxxxxx>
Signed-off-by: Hannes Reinecke <hare@xxxxxxxx>
Reviewed-by: Bart Van Assche <bart.vanassche@xxxxxxx>
Reviewed-by: Ewan D. Milne <emilne@xxxxxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
---
drivers/scsi/scsi_sysfs.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
index f796bd61f3f0..40406c162d0d 100644
--- a/drivers/scsi/scsi_sysfs.c
+++ b/drivers/scsi/scsi_sysfs.c
@@ -1383,7 +1383,10 @@ static void __scsi_remove_target(struct scsi_target *starget)
* check.
*/
if (sdev->channel != starget->channel ||
- sdev->id != starget->id ||
+ sdev->id != starget->id)
+ continue;
+ if (sdev->sdev_state == SDEV_DEL ||
+ sdev->sdev_state == SDEV_CANCEL ||
!get_device(&sdev->sdev_gendev))
continue;
spin_unlock_irqrestore(shost->host_lock, flags);
--
2.11.0