mirror of
https://github.com/torvalds/linux.git
synced 2024-12-05 18:41:23 +00:00
733ab7e1b5
When aborting a SCSI command through fnic, there is a race with the fnic interrupt handler which can result in the SCSI command and its request being completed twice. If the interrupt handler claims the command by setting CMD_SP to NULL first, the abort handler assumes the interrupt handler has completed the command and returns SUCCESS, causing the request for the scsi_cmnd to be re-queued. But the interrupt handler may not have finished the command yet. After it drops the spinlock protecting CMD_SP, it does memory cleanup before finally calling scsi_done() to complete the scsi_cmnd. If the call to scsi_done occurs after the abort handler finishes and re-queues the request, the completion of the scsi_cmnd will advance and try to double complete a request already queued for retry. This patch fixes the issue by moving scsi_done() and any other use of scsi_cmnd to before the spinlock is released by the interrupt handler. Link: https://lore.kernel.org/r/20220311184359.2345319-1-djeffery@redhat.com Reviewed-by: Laurence Oberman <loberman@redhat.com> Reviewed-by: Ming Lei <ming.lei@redhat.com> Signed-off-by: David Jeffery <djeffery@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> |
||
---|---|---|
.. | ||
cq_desc.h | ||
cq_enet_desc.h | ||
cq_exch_desc.h | ||
fcpio.h | ||
fnic_attrs.c | ||
fnic_debugfs.c | ||
fnic_fcs.c | ||
fnic_fip.h | ||
fnic_io.h | ||
fnic_isr.c | ||
fnic_main.c | ||
fnic_res.c | ||
fnic_res.h | ||
fnic_scsi.c | ||
fnic_stats.h | ||
fnic_trace.c | ||
fnic_trace.h | ||
fnic.h | ||
Makefile | ||
rq_enet_desc.h | ||
vnic_cq_copy.h | ||
vnic_cq.c | ||
vnic_cq.h | ||
vnic_dev.c | ||
vnic_dev.h | ||
vnic_devcmd.h | ||
vnic_intr.c | ||
vnic_intr.h | ||
vnic_nic.h | ||
vnic_resource.h | ||
vnic_rq.c | ||
vnic_rq.h | ||
vnic_scsi.h | ||
vnic_stats.h | ||
vnic_wq_copy.c | ||
vnic_wq_copy.h | ||
vnic_wq.c | ||
vnic_wq.h | ||
wq_enet_desc.h |