From fe442604199ed3e60d5411137159f9623534e956 Mon Sep 17 00:00:00 2001
From: Bart Van Assche <bvanassche@acm.org>
Date: Thu, 28 Jul 2022 15:18:48 -0700
Subject: scsi: core: Make sure that targets outlive devices

This commit prevents that the following sequence triggers a kernel crash:

 - Deletion of a SCSI device is requested via sysfs. Device removal takes
   some time because blk_cleanup_queue() is waiting for the SCSI error
   handler.

 - The SCSI target associated with that SCSI device is removed.

 - scsi_remove_target() returns and its caller frees the resources
   associated with the SCSI target.

 - The error handler makes progress and invokes an LLD callback that
   dereferences the SCSI target pointer.

Link: https://lore.kernel.org/r/20220728221851.1822295-2-bvanassche@acm.org
Cc: Christoph Hellwig <hch@lst.de>
Cc: Mike Christie <michael.christie@oracle.com>
Cc: Hannes Reinecke <hare@suse.de>
Cc: John Garry <john.garry@huawei.com>
Cc: Li Zhijian <lizhijian@fujitsu.com>
Reported-by: Mike Christie <michael.christie@oracle.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Reviewed-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
---
 include/scsi/scsi_device.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include/scsi/scsi_device.h')

diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
index 7cf5f3b7589f..190d2081f4c6 100644
--- a/include/scsi/scsi_device.h
+++ b/include/scsi/scsi_device.h
@@ -309,6 +309,8 @@ struct scsi_target {
 	struct list_head	devices;
 	struct device		dev;
 	struct kref		reap_ref; /* last put renders target invisible */
+	atomic_t		sdev_count;
+	wait_queue_head_t	sdev_wq;
 	unsigned int		channel;
 	unsigned int		id; /* target id ... replace
 				     * scsi_device.id eventually */
-- 
cgit v1.2.3-59-g8ed1b