[PATCH 3.4 009/125] scsi: restart list search after unlock in scsi_remove_target

From: lizf
Date: Wed Oct 12 2016 - 08:40:18 EST

From: Christoph Hellwig <hch@xxxxxx>

3.4.113-rc1 review patch. If anyone has any objections, please let me know.


commit 40998193560dab6c3ce8d25f4fa58a23e252ef38 upstream.

When dropping a lock while iterating a list we must restart the search
as other threads could have manipulated the list under us. Without this
we can get stuck in an endless loop. This bug was introduced by

commit bc3f02a795d3b4faa99d37390174be2a75d091bd
Author: Dan Williams <djbw@xxxxxx>
Date: Tue Aug 28 22:12:10 2012 -0700

[SCSI] scsi_remove_target: fix softlockup regression on hot remove

Which was itself trying to fix a reported soft lockup issue


However, we believe even with this revert of the original patch, the soft
lockup problem has been fixed by

commit f2495e228fce9f9cec84367547813cbb0d6db15a
Author: James Bottomley <JBottomley@xxxxxxxxxxxxx>
Date: Tue Jan 21 07:01:41 2014 -0800

[SCSI] dual scan thread bug fix

Thanks go to Dan Williams <dan.j.williams@xxxxxxxxx> for tracking all this
prior history down.

Reported-by: Johannes Thumshirn <jthumshirn@xxxxxxx>
Signed-off-by: Christoph Hellwig <hch@xxxxxx>
Tested-by: Johannes Thumshirn <jthumshirn@xxxxxxx>
Reviewed-by: Johannes Thumshirn <jthumshirn@xxxxxxx>
Fixes: bc3f02a795d3b4faa99d37390174be2a75d091bd
Signed-off-by: James Bottomley <JBottomley@xxxxxxxx>
[lizf: Backported to 3.4: adjust context]
Signed-off-by: Zefan Li <lizefan@xxxxxxxxxx>
drivers/scsi/scsi_sysfs.c | 16 ++++------------
1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c
index 72ca515..05c99af 100644
--- a/drivers/scsi/scsi_sysfs.c
+++ b/drivers/scsi/scsi_sysfs.c
@@ -1020,31 +1020,23 @@ static void __scsi_remove_target(struct scsi_target *starget)
void scsi_remove_target(struct device *dev)
struct Scsi_Host *shost = dev_to_shost(dev->parent);
- struct scsi_target *starget, *last = NULL;
+ struct scsi_target *starget;
unsigned long flags;

- /* remove targets being careful to lookup next entry before
- * deleting the last
- */
spin_lock_irqsave(shost->host_lock, flags);
list_for_each_entry(starget, &shost->__targets, siblings) {
if (starget->state == STARGET_DEL)
if (starget->dev.parent == dev || &starget->dev == dev) {
- /* assuming new targets arrive at the end */
spin_unlock_irqrestore(shost->host_lock, flags);
- if (last)
- scsi_target_reap(last);
- last = starget;
- spin_lock_irqsave(shost->host_lock, flags);
+ scsi_target_reap(starget);
+ goto restart;
spin_unlock_irqrestore(shost->host_lock, flags);
- if (last)
- scsi_target_reap(last);