scst: Avoid that reassigning a session triggers a kernel crash

This patch fixes the following kernel bug: BUG: unable to handle kernel NULL pointer dereference at 0000000000000064 IP: [<ffffffffa069e59c>] scst_alloc_add_tgt_dev+0x9c/0x540 [scst] Call Trace: [<ffffffffa06a1b57>] scst_check_reassign_sessions+0x367/0x3b0 [scst] [<ffffffffa06a1cb7>] scst_acg_add_acn+0x117/0x1a0 [scst] [<ffffffffa06a5e42>] scst_acg_ini_mgmt_store_work_fn+0x152/0x370 [scst] [<ffffffffa06a93a6>] sysfs_work_thread_fn+0xa6/0x2f0 [scst] [<ffffffff8108dd72>] kthread+0xd2/0xf0 [<ffffffff816912bc>] ret_from_fork+0x7c/0xb0 Reported-by: Zhen Xu <zhenxu.zj@gmail.com> git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@5476 d57e44dd-8a1f-0410-8b47-8ef2f437770f
2026-05-22 05:01:27 +00:00 · 2014-04-24 18:49:52 +00:00
parent 7922cc2dfb
commit e7179af46b
1 changed files with 3 additions and 2 deletions
--- a/scst/src/scst_lib.c
+++ b/scst/src/scst_lib.c
@@ -4360,7 +4360,8 @@ out_deinit:

 /*
 * scst_mutex supposed to be held, there must not be parallel activity in this
- * session.
+ * session. May be invoked from inside scst_check_reassign_sessions() which
+ * means that sess->acg can be NULL.
 */
 static int scst_alloc_add_tgt_dev(struct scst_session *sess,
 	struct scst_acg_dev *acg_dev, struct scst_tgt_dev **out_tgt_dev)
@@ -4388,7 +4389,7 @@ static int scst_alloc_add_tgt_dev(struct scst_session *sess,
 	tgt_dev->tgt_dev_rd_only = acg_dev->acg_dev_rd_only || dev->dev_rd_only;
 	tgt_dev->sess = sess;
 	atomic_set(&tgt_dev->tgt_dev_cmd_count, 0);
-	if (sess->acg->acg_black_hole_type != SCST_ACG_BLACK_HOLE_NONE)
+	if (acg_dev->acg->acg_black_hole_type != SCST_ACG_BLACK_HOLE_NONE)
 		set_bit(SCST_TGT_DEV_BLACK_HOLE, &tgt_dev->tgt_dev_flags);
 	else
 		clear_bit(SCST_TGT_DEV_BLACK_HOLE, &tgt_dev->tgt_dev_flags);