From 1e10e4ff41e7abc1a5d74d0da087588976c10d3b Mon Sep 17 00:00:00 2001
From: Gleb Chesnokov <gleb.chesnokov@scst.dev>
Date: Mon, 14 Nov 2022 13:38:27 +0300
Subject: [PATCH] scst_copy_mgr: Fix scst_cm_desig_list list corruption

This patch should fix the following bug:

list_del corruption. next->prev should be ffff955cb1ea2540, but was ffff955c54a32440
 ------------[ cut here ]------------
kernel BUG at lib/list_debug.c:54!
invalid opcode: 0000 [#1] SMP PTI
Workqueue: events vdev_inq_changed_fn [scst_vdisk]
RIP: 0010:__list_del_entry_valid.cold+0x1d/0x47
Call Trace:
 scst_cm_dev_unregister+0x66/0xd0 [scst]
 scst_cm_update_dev+0x41/0xc0 [scst]
 process_one_work+0x1ee/0x390
 worker_thread+0x53/0x3e0
 kthread+0x124/0x150
 ret_from_fork+0x1f/0x30

scst_cm_desig_list is a global list for all SCST devices. It must be
protected with scst_cm_mutex because it can be modified by
scst_cm_init_inq_finish() from another thread when scst_cm_update_dev()
is called.

Fixes: https://github.com/SCST-project/scst/issues/99
---
 scst/src/scst_copy_mgr.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scst/src/scst_copy_mgr.c b/scst/src/scst_copy_mgr.c
index 57ff72e37..5b79aa43e 100644
--- a/scst/src/scst_copy_mgr.c
+++ b/scst/src/scst_copy_mgr.c
@@ -2623,6 +2623,8 @@ static void scst_cm_dev_unregister(struct scst_device *dev, bool del_lun)
 
 	TRACE_DBG("dev %s, del_lun %d", dev->virt_name, del_lun);
 
+	mutex_lock(&scst_cm_mutex);
+
 	list_for_each_entry_safe(des, t, &scst_cm_desig_list, cm_desig_list_entry) {
 		if (des->desig_tgt_dev->dev == dev) {
 			TRACE_DBG("Deleting des %p", des);
@@ -2631,6 +2633,8 @@ static void scst_cm_dev_unregister(struct scst_device *dev, bool del_lun)
 		}
 	}
 
+	mutex_unlock(&scst_cm_mutex);
+
 	if (!del_lun)
 		goto out;