[PATCH 0/4] target: Close se_node_acl lookup race

[Nicholas A. Bellinger]

From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>

Hi folks,

This series addresses a long standing race between when
fabric driver se_node_acl lookup and associated pointer
dereference happens, and when kref_get() of ->acl_kref
actually occurs within __transport_register_session()
code.

To address this bug, patch #1 makes get_initiator_node_acl
lookup obtain ->acl_kref while ->acl_node_mutex is held,
and uses existing core_tpg_del_initiator_node_acl() logic
for shutdown based on struct kref + struct completion.

Also while auditing existing se_node_acl lookup users,
there is one particular case in target-core during session
queue depth change where lookup is completely unnecessary.
Go ahead and drop this pointless lookup in patch #2.

Finally, convert the last two remaining fabric drivers
that once upon a time where using some manner of internal
or quasi internal driver methods for node acl lookup.
Do this for tcm_fc + ib_srpt drivers in patch #3 + #4.

Please review,

--nab

Nicholas Bellinger (4):
  target: Obtain se_node_acl->acl_kref during get_initiator_node_acl
  target: Remove useless set_initiator_node_queue_depth acl lookup
  tcm_fc: Convert acl lookup to modern get_initiator_node_acl usage
  ib_srpt: Convert acl lookup to modern get_initiator_node_acl usage

 drivers/infiniband/ulp/srpt/ib_srpt.c        | 78 ++++++----------------------
 drivers/infiniband/ulp/srpt/ib_srpt.h        |  2 -
 drivers/target/iscsi/iscsi_target_configfs.c |  6 +--
 drivers/target/iscsi/iscsi_target_tpg.c      | 10 ----
 drivers/target/iscsi/iscsi_target_tpg.h      |  2 -
 drivers/target/target_core_tpg.c             | 29 ++++-------
 drivers/target/target_core_transport.c       | 18 ++++---
 drivers/target/tcm_fc/tfc_conf.c             | 26 +++-------
 drivers/target/tcm_fc/tfc_sess.c             | 18 ++++---
 include/target/target_core_fabric.h          |  2 +-
 10 files changed, 61 insertions(+), 130 deletions(-)

-- 
1.9.1