From e7179af46b65591f4aa4def39d9a10f898829dbf Mon Sep 17 00:00:00 2001 From: Bart Van Assche Date: Thu, 24 Apr 2014 18:49:52 +0000 Subject: [PATCH] scst: Avoid that reassigning a session triggers a kernel crash This patch fixes the following kernel bug: BUG: unable to handle kernel NULL pointer dereference at 0000000000000064 IP: [] scst_alloc_add_tgt_dev+0x9c/0x540 [scst] Call Trace: [] scst_check_reassign_sessions+0x367/0x3b0 [scst] [] scst_acg_add_acn+0x117/0x1a0 [scst] [] scst_acg_ini_mgmt_store_work_fn+0x152/0x370 [scst] [] sysfs_work_thread_fn+0xa6/0x2f0 [scst] [] kthread+0xd2/0xf0 [] ret_from_fork+0x7c/0xb0 Reported-by: Zhen Xu git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@5476 d57e44dd-8a1f-0410-8b47-8ef2f437770f --- scst/src/scst_lib.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scst/src/scst_lib.c b/scst/src/scst_lib.c index 206dab174..1f9e1fd2e 100644 --- a/scst/src/scst_lib.c +++ b/scst/src/scst_lib.c @@ -4360,7 +4360,8 @@ out_deinit: /* * scst_mutex supposed to be held, there must not be parallel activity in this - * session. + * session. May be invoked from inside scst_check_reassign_sessions() which + * means that sess->acg can be NULL. */ static int scst_alloc_add_tgt_dev(struct scst_session *sess, struct scst_acg_dev *acg_dev, struct scst_tgt_dev **out_tgt_dev) @@ -4388,7 +4389,7 @@ static int scst_alloc_add_tgt_dev(struct scst_session *sess, tgt_dev->tgt_dev_rd_only = acg_dev->acg_dev_rd_only || dev->dev_rd_only; tgt_dev->sess = sess; atomic_set(&tgt_dev->tgt_dev_cmd_count, 0); - if (sess->acg->acg_black_hole_type != SCST_ACG_BLACK_HOLE_NONE) + if (acg_dev->acg->acg_black_hole_type != SCST_ACG_BLACK_HOLE_NONE) set_bit(SCST_TGT_DEV_BLACK_HOLE, &tgt_dev->tgt_dev_flags); else clear_bit(SCST_TGT_DEV_BLACK_HOLE, &tgt_dev->tgt_dev_flags);