tcm_vhost: Use ACCESS_ONCE for vs->vs_tpg[target] access In vhost_scsi_handle_vq: tv_tpg = vs->vs_tpg[target]; if (!tv_tpg) { .... return } tv_cmd = vhost_scsi_allocate_cmd(tv_tpg, &v_req, 1) vs->vs_tpg[target] might change after the NULL check and 2) the above line might access tv_tpg from vs->vs_tpg[target]. To prevent 2), use ACCESS_ONCE. Thanks mst for catching this up! Signed-off-by: Asias He <asias@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>

commit: af0d9187f66db2711f94dc20d5a06ec9ba5845b3 [log] [tgz]
author: Asias He <asias@redhat.com> Tue Apr 02 23:31:37 2013 +0800
committer: Nicholas Bellinger <nab@linux-iscsi.org> Tue Apr 02 16:43:34 2013 -0700
tree: 6458ebd741af6112cdfda39030edba9a9637e587
parent: f85eda8d75d37a3796cee7f5a906e50e3f13d9e1 [diff]
diff --git a/drivers/vhost/tcm_vhost.c b/drivers/vhost/tcm_vhost.c
index 2968b49..dd9614eb 100644
--- a/drivers/vhost/tcm_vhost.c
+++ b/drivers/vhost/tcm_vhost.c

@@ -661,7 +661,7 @@
 
 		/* Extract the tpgt */
 		target = v_req.lun[1];
-		tv_tpg = vs->vs_tpg[target];
+		tv_tpg = ACCESS_ONCE(vs->vs_tpg[target]);
 
 		/* Target does not exist, fail the request */
 		if (unlikely(!tv_tpg)) {
commit	af0d9187f66db2711f94dc20d5a06ec9ba5845b3	[log] [tgz]
author	Asias He <asias@redhat.com>	Tue Apr 02 23:31:37 2013 +0800
committer	Nicholas Bellinger <nab@linux-iscsi.org>	Tue Apr 02 16:43:34 2013 -0700
tree	6458ebd741af6112cdfda39030edba9a9637e587
parent	f85eda8d75d37a3796cee7f5a906e50e3f13d9e1 [diff]