The rport_lookup function must be called while holding the disc_mutex.
Otherwise, the rdata could be deleted just after that by another thread.
All callers now check the state after grabbing the rdata rp_mutex.
Even though rport_lookup skips ports in DELETE state, it does that
without holding the rdata rp_mutex, so that the state may change.
Signed-off-by: Joe Eykholt <jeykholt@cisco.com>
Signed-off-by: Robert Love <robert.w.love@intel.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
fh = fc_frame_header_get(fp);
s_id = ntoh24(fh->fh_s_id);
+ mutex_lock(&lport->disc.disc_mutex);
rdata = lport->tt.rport_lookup(lport, s_id);
if (!rdata) {
+ mutex_unlock(&lport->disc.disc_mutex);
els_data.reason = ELS_RJT_UNAB;
lport->tt.seq_els_rsp_send(sp, ELS_LS_RJT, &els_data);
fc_frame_free(fp);
return;
}
mutex_lock(&rdata->rp_mutex);
+ mutex_unlock(&lport->disc.disc_mutex);
op = fc_frame_payload_op(fp);
switch (op) {