linux/drivers/scsi/fnic
David Jeffery 733ab7e1b5 scsi: fnic: Finish scsi_cmnd before dropping the spinlock
When aborting a SCSI command through fnic, there is a race with the fnic
interrupt handler which can result in the SCSI command and its request
being completed twice. If the interrupt handler claims the command by
setting CMD_SP to NULL first, the abort handler assumes the interrupt
handler has completed the command and returns SUCCESS, causing the request
for the scsi_cmnd to be re-queued.

But the interrupt handler may not have finished the command yet. After it
drops the spinlock protecting CMD_SP, it does memory cleanup before finally
calling scsi_done() to complete the scsi_cmnd. If the call to scsi_done
occurs after the abort handler finishes and re-queues the request, the
completion of the scsi_cmnd will advance and try to double complete a
request already queued for retry.

This patch fixes the issue by moving scsi_done() and any other use of
scsi_cmnd to before the spinlock is released by the interrupt handler.

Link: https://lore.kernel.org/r/20220311184359.2345319-1-djeffery@redhat.com
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: David Jeffery <djeffery@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-03-15 14:01:28 -04:00
..
cq_desc.h
cq_enet_desc.h
cq_exch_desc.h
fcpio.h
fnic_attrs.c scsi: fnic: Switch to attribute groups 2021-10-16 21:45:55 -04:00
fnic_debugfs.c scsi: fnic: Remove unnecessary cast 2021-03-24 22:33:37 -04:00
fnic_fcs.c scsi: fnic: Remove bogus ratelimit messages 2021-03-29 22:46:11 -04:00
fnic_fip.h
fnic_io.h
fnic_isr.c scsi: fnic: fix msix interrupt allocation 2019-09-07 15:29:12 -04:00
fnic_main.c scsi: fnic: Switch to attribute groups 2021-10-16 21:45:55 -04:00
fnic_res.c
fnic_res.h
fnic_scsi.c scsi: fnic: Finish scsi_cmnd before dropping the spinlock 2022-03-15 14:01:28 -04:00
fnic_stats.h scsi: fnic: no need to check return value of debugfs_create functions 2019-01-29 00:40:53 -05:00
fnic_trace.c scsi: fnic: Rudimentary spelling fixes 2021-03-18 22:27:01 -04:00
fnic_trace.h scsi: fnic: no need to check return value of debugfs_create functions 2019-01-29 00:40:53 -05:00
fnic.h scsi: fnic: Switch to attribute groups 2021-10-16 21:45:55 -04:00
Makefile
rq_enet_desc.h
vnic_cq_copy.h
vnic_cq.c
vnic_cq.h
vnic_dev.c scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 2021-01-12 23:32:53 -05:00
vnic_dev.h scsi: fnic: Enable fnic devcmd2 interface 2019-01-22 21:18:35 -05:00
vnic_devcmd.h scsi: Replace zero-length array with flexible-array member 2020-03-11 23:07:56 -04:00
vnic_intr.c
vnic_intr.h
vnic_nic.h
vnic_resource.h scsi: fnic: fnic devcmd2 interface definitions 2019-01-22 21:18:34 -05:00
vnic_rq.c scsi: fnic: Remove set but not used variable 'vdev' 2019-01-29 01:16:09 -05:00
vnic_rq.h
vnic_scsi.h
vnic_stats.h
vnic_wq_copy.c scsi: fnic: Simplify the return expression of vnic_wq_copy_alloc() 2020-10-07 23:50:03 -04:00
vnic_wq_copy.h
vnic_wq.c scsi: fnic: make vnic_wq_get_ctrl and vnic_wq_alloc_ring static 2020-04-17 13:48:05 -04:00
vnic_wq.h scsi: fnic: Add devcmd2 initialization helpers 2019-01-22 21:18:34 -05:00
wq_enet_desc.h