@@ -1600,6 +1600,8 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
}
sof = fr_sof(fp);
sp = &ep->seq;
+
+ spin_lock_bh(&ep->ex_lock);
if (fc_sof_is_init(sof)) {
sp->ssb_stat |= SSB_ST_RESP;
sp->id = fh->fh_seq_id;
@@ -1608,7 +1610,6 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
f_ctl = ntoh24(fh->fh_f_ctl);
fr_seq(fp) = sp;
- spin_lock_bh(&ep->ex_lock);
if (f_ctl & FC_FC_SEQ_INIT)
ep->esb_stat |= ESB_ST_SEQ_INIT;
spin_unlock_bh(&ep->ex_lock);
All other places where seq.ssb_stat is accessed happens when under the lock ex_lock. Moreover, the struct definition has some documentation in the comments telling that ex_lock protects seq.ssb_stat. Extend the locking in fc_exch_recv_seq_resp to include that field access. Disclaimer: I am currently working on a static analyser to detect missing locks. This was a reported case. I manually verified the report by looking at the code, so that I do not send wrong information or patches. After concluding that this seems to be a true positive, I created this patch. However, as I do not in fact have this particular hardware, I was unable to test it. Signed-off-by: Niels Dossche <dossche.niels@gmail.com> --- drivers/scsi/libfc/fc_exch.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)