From d81721df65735fee39a1090caaaf550679433507 Mon Sep 17 00:00:00 2001
From: JinYu <jin.yu@intel.com>
Date: Sat, 10 Aug 2019 00:09:38 +0800
Subject: [PATCH] vhost: fix the reuse of free memory issue in scsi

In the spdk_vhost_scsi_dev_remove() it takes a period of time
to remove all the tgts but before it is completed the scsi dev
has been freed. So don't free the scsi dev until all the tgts
have been removed.

Fix Github issue #932

Change-Id: Idf9293c70b8d5f82091db6dd5e018a5cb40eea36
Signed-off-by: JinYu <jin.yu@intel.com>
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/464654
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Reviewed-by: Changpeng Liu <changpeng.liu@intel.com>
Reviewed-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Reviewed-by: Karol Latecki <karol.latecki@intel.com>
---
 lib/vhost/vhost_scsi.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/lib/vhost/vhost_scsi.c b/lib/vhost/vhost_scsi.c
index 3a0c043ba..ab211fa7b 100644
--- a/lib/vhost/vhost_scsi.c
+++ b/lib/vhost/vhost_scsi.c
@@ -93,6 +93,8 @@ struct spdk_scsi_dev_vhost_state {
 };
 
 struct spdk_vhost_scsi_dev {
+	int ref;
+	bool registered;
 	struct spdk_vhost_dev vdev;
 	struct spdk_scsi_dev_vhost_state scsi_dev_state[SPDK_VHOST_SCSI_CTRLR_MAX_DEVS];
 
@@ -195,6 +197,10 @@ remove_scsi_tgt(struct spdk_vhost_scsi_dev *svdev,
 	}
 	SPDK_INFOLOG(SPDK_LOG_VHOST, "%s: removed target 'Target %u'\n",
 		     svdev->vdev.name, scsi_tgt_num);
+
+	if (--svdev->ref == 0 && svdev->registered == false) {
+		free(svdev);
+	}
 }
 
 static void
@@ -835,8 +841,12 @@ spdk_vhost_scsi_dev_construct(const char *name, const char *cpumask)
 
 	if (rc) {
 		free(svdev);
+		spdk_vhost_unlock();
+		return rc;
 	}
 
+	svdev->registered = true;
+
 	spdk_vhost_unlock();
 	return rc;
 }
@@ -867,8 +877,12 @@ vhost_scsi_dev_remove(struct spdk_vhost_dev *vdev)
 	if (rc != 0) {
 		return rc;
 	}
+	svdev->registered = false;
+
+	if (svdev->ref == 0) {
+		free(svdev);
+	}
 
-	free(svdev);
 	return 0;
 }
 
@@ -926,6 +940,7 @@ vhost_scsi_dev_add_tgt_cpl_cb(struct spdk_vhost_dev *vdev, void *ctx)
 	/* All sessions have added the target */
 	assert(vhost_sdev->status == VHOST_SCSI_DEV_ADDING);
 	vhost_sdev->status = VHOST_SCSI_DEV_PRESENT;
+	svdev->ref++;
 }
 
 static int