[PATCH] scsi: storvsc: Fix a race in sub-channel creation that can cause panic
Martin K. Petersen
martin.petersen at oracle.com
Thu Nov 29 02:34:03 UTC 2018
> From: Dexuan Cui <decui at microsoft.com>
> We can concurrently try to open the same sub-channel from 2 paths:
> path #1: vmbus_onoffer() -> vmbus_process_offer() -> handle_sc_creation().
> path #2: storvsc_probe() -> storvsc_connect_to_vsp() ->
> -> storvsc_channel_init() -> handle_multichannel_storage() ->
> -> vmbus_are_subchannels_present() -> handle_sc_creation().
> They conflict with each other, but it was not an issue before the recent
> commit ae6935ed7d42 ("vmbus: split ring buffer allocation from open"),
> because at the beginning of vmbus_open() we checked newchannel->state so
> only one path could succeed, and the other would return with -EINVAL.
Applied to 4.20/scsi-fixes. Thank you!
Martin K. Petersen Oracle Linux Engineering
More information about the devel