From 8587672dc4f84b347ff16b14999e2b3585aa7055 Mon Sep 17 00:00:00 2001
From: Israel Rukshin <israelr@mellanox.com>
Date: Wed, 17 Aug 2016 07:27:28 +0000
Subject: [PATCH] isert: fix race between ioctl events and disconnect flow

The ioctl events may arive after the isert connection has
started the teardown flow.
This scenario may occur on login logout stress.
It may lead to NULL derefrence bugs.

Signed-off-by: Israel Rukshin <israelr@mellanox.com>

git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@6940 d57e44dd-8a1f-0410-8b47-8ef2f437770f
---
 iscsi-scst/kernel/isert-scst/isert_login.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/iscsi-scst/kernel/isert-scst/isert_login.c b/iscsi-scst/kernel/isert-scst/isert_login.c
index 9671a4252..7ecab2595 100644
--- a/iscsi-scst/kernel/isert-scst/isert_login.c
+++ b/iscsi-scst/kernel/isert-scst/isert_login.c
@@ -51,6 +51,8 @@
 #include "isert.h"
 #include "iser_datamover.h"
 
+static DEFINE_MUTEX(conn_mgmt_mutex);
+
 static unsigned int n_devs;
 
 static int isert_major;
@@ -204,6 +206,8 @@ int isert_conn_alloc(struct iscsi_session *session,
 
 	lockdep_assert_held(&session->target->target_mutex);
 
+	mutex_lock(&conn_mgmt_mutex);
+
 	if (unlikely(!filp)) {
 		res = -EBADF;
 		goto out;
@@ -273,6 +277,7 @@ cleanup_conn:
 	conn->session = NULL;
 	isert_close_connection(conn);
 out:
+	mutex_unlock(&conn_mgmt_mutex);
 	TRACE_EXIT_RES(res);
 	return res;
 }
@@ -445,7 +450,10 @@ int isert_connection_closed(struct iscsi_conn *iscsi_conn)
 
 	TRACE_ENTRY();
 
+	mutex_lock(&conn_mgmt_mutex);
+
 	if (iscsi_conn->rd_state) {
+		mutex_unlock(&conn_mgmt_mutex);
 		res = isert_handle_close_connection(iscsi_conn);
 	} else {
 		struct isert_conn_dev *dev = isert_get_priv(iscsi_conn);
@@ -465,6 +473,7 @@ int isert_connection_closed(struct iscsi_conn *iscsi_conn)
 			isert_set_priv(iscsi_conn, NULL);
 		}
 
+		mutex_unlock(&conn_mgmt_mutex);
 		isert_free_connection(iscsi_conn);
 	}
 
@@ -681,6 +690,8 @@ static long isert_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 
 	TRACE_ENTRY();
 
+	mutex_lock(&conn_mgmt_mutex);
+
 	if (dev->state == CS_DISCONNECTED) {
 		res = -EPIPE;
 		goto out;
@@ -767,6 +778,7 @@ static long isert_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 	}
 
 out:
+	mutex_unlock(&conn_mgmt_mutex);
 	TRACE_EXIT_RES(res);
 	return res;
 }