summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNeerav Parikh <Neerav.Parikh@intel.com>2011-07-27 15:10:54 -0700
committerJames Bottomley <JBottomley@Parallels.com>2011-07-28 12:13:15 +0400
commitc9d24a76184b3ecbedc66d45f840c3dfd921f12b (patch)
treec723b70d30ba0f4a2508c40b5489f07e96d4dc68
parent85982127273be0474e9505c0aac35973a0a013f8 (diff)
downloadlinux-c9d24a76184b3ecbedc66d45f840c3dfd921f12b.tar.bz2
[SCSI] libfc: Remove the reference to FCP packet from scsi_cmnd in case of error
fc_queuecommand() allocates an FCP packet for each SCSI command and sends it out on the wire. In the process it stores the reference to the FCP packet in the scsi_cmnd structure. Now, in case under stress testing the libfc exchange layer runs out of exchanges the fc_queuecommand() may not be able to send out commands out on the wire. In such a scenario if there is an error in sending the FCP packet out the wire; fc_queuecommand() deletes the FCP packet from internal queue, releases the FCP packet and returns a SCSI_MLQUEUE_HOST_BUSY status to the scsi-ml. But, the reference to the FCP packet set in the scsi_cmnd is not removed from the scsi_cmnd in this code path. This might lead to a crash under stress testing where the scsi_cmnd failed by fc_queuecommand() comes up to fc_eh_abort() via scsi eh thread. fc_eh_abort() will get reference to the FCP packet to be aborted from the scsi_cmnd for further FCP abort related processing and then try to release the FCP packet that has already been released. This patch removes the FCP packet reference from the scsi_cmnd before returning back from fc_queuecommand() in case of an error in sending out the FCP packet. Signed-off-by: Neerav Parikh <Neerav.Parikh@intel.com> Tested-by: Ross Brattain <ross.b.brattain@intel.com> Signed-off-by: Robert Love <robert.w.love@intel.com> Signed-off-by: James Bottomley <JBottomley@Parallels.com>
-rw-r--r--drivers/scsi/libfc/fc_fcp.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/drivers/scsi/libfc/fc_fcp.c b/drivers/scsi/libfc/fc_fcp.c
index 14dd1215de7f..afb63c843144 100644
--- a/drivers/scsi/libfc/fc_fcp.c
+++ b/drivers/scsi/libfc/fc_fcp.c
@@ -1084,6 +1084,7 @@ static int fc_fcp_pkt_send(struct fc_lport *lport, struct fc_fcp_pkt *fsp)
rc = lport->tt.fcp_cmd_send(lport, fsp, fc_fcp_recv);
if (unlikely(rc)) {
spin_lock_irqsave(&si->scsi_queue_lock, flags);
+ fsp->cmd->SCp.ptr = NULL;
list_del(&fsp->list);
spin_unlock_irqrestore(&si->scsi_queue_lock, flags);
}