target: Fix virtual LUN=0 target_configure_device failure OOPs

This patch fixes a NULL pointer dereference triggered by a late target_configure_device() -> alloc_workqueue() failure that results in target_free_device() being called with DF_CONFIGURED already set, which subsequently OOPses in destroy_workqueue() code. Currently this only happens at modprobe target_core_mod time when core_dev_setup_virtual_lun0() -> target_configure_device() fails, and the explicit target_free_device() gets called. To address this bug originally introduced by commit 0fd97cc, go ahead and move DF_CONFIGURED to end of target_configure_device() code to handle this special failure case. Reported-by: Claudio Fleiner <[email protected]> Cc: Claudio Fleiner <[email protected]> Cc: Christoph Hellwig <[email protected]> Cc: <[email protected]> # v3.7+ Signed-off-by: Nicholas Bellinger <[email protected]>
makiko-fly · Mar 20, 2015 · 5f7da04 · 5f7da04
1 parent 215a8fe
commit 5f7da04
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
@@ -1548,8 +1548,6 @@ int target_configure_device(struct se_device *dev)
 	ret = dev->transport->configure_device(dev);
 	if (ret)
 		goto out;
-	dev->dev_flags |= DF_CONFIGURED;
-
 	/*
 	 * XXX: there is not much point to have two different values here..
 	 */
@@ -1611,6 +1609,8 @@ int target_configure_device(struct se_device *dev)
 	list_add_tail(&dev->g_dev_node, &g_device_list);
 	mutex_unlock(&g_device_mutex);
 
+	dev->dev_flags |= DF_CONFIGURED;
+
 	return 0;
 
 out_free_alua: