iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/scsi
History
David Jeffery 733ab7e1b5 scsi: fnic: Finish scsi_cmnd before dropping the spinlock 
When aborting a SCSI command through fnic, there is a race with the fnic
interrupt handler which can result in the SCSI command and its request
being completed twice. If the interrupt handler claims the command by
setting CMD_SP to NULL first, the abort handler assumes the interrupt
handler has completed the command and returns SUCCESS, causing the request
for the scsi_cmnd to be re-queued.

But the interrupt handler may not have finished the command yet. After it
drops the spinlock protecting CMD_SP, it does memory cleanup before finally
calling scsi_done() to complete the scsi_cmnd. If the call to scsi_done
occurs after the abort handler finishes and re-queues the request, the
completion of the scsi_cmnd will advance and try to double complete a
request already queued for retry.

This patch fixes the issue by moving scsi_done() and any other use of
scsi_cmnd to before the spinlock is released by the interrupt handler.

Link: https://lore.kernel.org/r/20220311184359.2345319-1-djeffery@redhat.com
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: David Jeffery <djeffery@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2022-03-15 14:01:28 -04:00
..
aacraid
scsi: aacraid: Fix spelling of "its"
2022-01-05 00:23:47 -05:00
aic7xxx
scsi: aic79xx: Remove redundant error variable
2022-01-05 00:55:38 -05:00
aic94xx
treewide: Replace open-coded flex arrays in unions
2021-10-18 12:28:53 -07:00
arcmsr
scsi: arcmsr: Switch to attribute groups
2021-10-16 21:45:54 -04:00
arm
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
be2iscsi
scsi: be2iscsi: Switch to attribute groups
2021-10-16 21:45:54 -04:00
bfa
scsi: bfa: Remove useless DMA-32 fallback configuration
2022-01-24 23:30:29 -05:00
bnx2fc
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
2022-01-31 12:17:53 -05:00
bnx2i
scsi: bnx2i: Switch to attribute groups
2021-10-16 21:45:55 -04:00
csiostor
scsi: csiostor: Switch to attribute groups
2021-10-16 21:45:55 -04:00
cxgbi
ethernet: fix PTP_1588_CLOCK dependencies
2021-08-13 17:49:05 -07:00
cxlflash
scsi: cxlflash: Switch to attribute groups
2021-10-16 21:45:55 -04:00
device_handler
scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
2021-07-29 21:58:35 -04:00
dpt
scsi: docs: convert dpti.txt to ReST
2020-03-11 23:07:59 -04:00
elx
scsi: elx: efct: Don't use GFP_KERNEL under spin lock
2022-01-24 23:30:23 -05:00
esas2r
scsi: esas2r: Call scsi_done() directly
2021-10-16 21:28:46 -04:00
fcoe
scsi: fcoe: Use netif_is_bond_master() instead of open code
2021-10-18 22:38:34 -04:00
fnic
scsi: fnic: Finish scsi_cmnd before dropping the spinlock
2022-03-15 14:01:28 -04:00
hisi_sas
scsi: hisi_sas: Fix setting of hisi_sas_slot.is_internal
2022-01-31 16:50:59 -05:00
ibmvscsi
SCSI misc on 20211105
2021-11-05 08:42:02 -07:00
ibmvscsi_tgt
scsi: target: ibm_vscsi: Replace enable attr with ops.enable
2021-10-04 23:27:38 -04:00
isci
scsi: isci: Switch to attribute groups
2021-10-16 21:45:56 -04:00
libfc
scsi: libfc: Call scsi_done() directly
2021-10-16 21:28:48 -04:00
libsas
scsi: libsas: Keep host active while processing events
2021-12-22 23:38:31 -05:00
lpfc
scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop
2022-02-14 22:07:51 -05:00
megaraid
SCSI misc on 20220113
2022-01-14 14:37:34 +01:00
mpi3mr
scsi: mpi3mr: Fix formatting problems in some kernel-doc comments
2022-01-05 00:34:41 -05:00
mpt3sas
scsi: mpt3sas: Page fault in reply q processing
2022-03-14 23:45:19 -04:00
mvsas
scsi: mvsas: Add spin_lock/unlock() to protect asd_sas_port->phy_list
2021-12-22 23:38:29 -05:00
pcmcia
scsi: nsp_cs: Check of ioremap return value
2022-01-10 11:03:42 -05:00
pm8001
scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task
2022-01-31 16:40:07 -05:00
qedf
scsi: qedf: Change context reset messages to ratelimited
2022-01-24 23:30:26 -05:00
qedi
scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp()
2022-02-11 16:40:04 -05:00
qla2xxx
scsi: qla2xxx: Synchronize rport dev_loss_tmo setting
2021-12-16 22:48:33 -05:00
qla4xxx
scsi: qla4xxx: Format SYSFS_FLAG_FW_SEL_BOOT as byte
2021-12-06 22:17:19 -05:00
smartpqi
scsi: smartpqi: Switch to attribute groups
2021-10-16 21:45:59 -04:00
snic
scsi: snic: Don't use GFP_DMA in snic_queue_report_tgt_req()
2021-12-22 23:43:23 -05:00
sym53c8xx_2
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
ufs
scsi: ufs: core: Fix divide by zero in ufshcd_map_queues()
2022-02-14 22:10:29 -05:00
.gitignore
.gitignore: add SPDX License Identifier
2020-03-25 11:50:48 +01:00
3w-9xxx.c
scsi: 3w-9xxx: Switch to attribute groups
2021-10-16 21:45:53 -04:00
3w-9xxx.h
scsi: 3w-9xxx: Fix endianness issues in command packets
2021-05-15 18:01:34 -04:00
3w-sas.c
scsi: 3w-sas: Remove useless DMA-32 fallback configuration
2022-01-24 23:30:28 -05:00
3w-sas.h
scsi: 3w-sas: Whitespace cleanup
2021-01-22 21:14:08 -05:00
3w-xxxx.c
scsi: 3w-xxx: Remove redundant initialization of variable retval
2021-10-18 22:38:34 -04:00
3w-xxxx.h
scsi: 3w-xxxx: Whitespace cleanup
2021-01-22 21:14:07 -05:00
53c700_d.h_shipped
53c700.c
scsi: 53c700: Remove redundant assignment to pointer SCp
2022-01-25 00:08:18 -05:00
53c700.h
treewide: remove editor modelines and cruft
2021-05-07 00:26:34 -07:00
53c700.scr
a100u2w.c
scsi: a100u2w: Fix a kernel-doc warning
2021-11-29 23:02:13 -05:00
a100u2w.h
a2091.c
mm: don't include asm/pgtable.h if linux/mm.h is already included
2020-06-09 09:39:13 -07:00
a2091.h
a3000.c
mm: don't include asm/pgtable.h if linux/mm.h is already included
2020-06-09 09:39:13 -07:00
a3000.h
a4000t.c
advansys.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
aha152x.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
aha152x.h
aha1542.c
scsi: aha1542: Use memcpy_{from,to}_bvec()
2021-10-19 14:07:19 -04:00
aha1542.h
scsi: aha1542: Clarify 'struct ccb' comments
2021-01-13 00:14:07 -05:00
aha1740.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
aha1740.h
am53c974.c
atari_scsi.c
scsi: atari_scsi: Fix race condition between .queuecommand and EH
2020-11-23 22:12:09 -05:00
atp870u.c
scsi: atp870u: Fix a kernel-doc warning
2021-11-29 23:02:13 -05:00
atp870u.h
scsi: atp870u: Whitespace cleanup
2021-01-22 21:14:08 -05:00
BusLogic.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
BusLogic.h
scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
2021-05-14 22:19:04 -04:00
bvme6000_scsi.c
ch.c
SCSI misc on 20220113
2022-01-14 14:37:34 +01:00
constants.c
scsi: core: Introduce enums for the SAM and host status codes
2021-06-02 23:09:39 -04:00
dc395x.c
scsi: dc395x: Fix a kernel-doc warning
2021-11-29 23:02:14 -05:00
dc395x.h
scsi: dc395x: Drop internal SCSI message definitions
2021-01-22 21:14:10 -05:00
dmx3191d.c
dpt_i2o.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
dpti.h
scsi: docs: convert dpti.txt to ReST
2020-03-11 23:07:59 -04:00
esp_scsi.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
esp_scsi.h
scsi: esp_scsi: Add support for FSC chip
2019-12-19 22:08:51 -05:00
fdomain_isa.c
isa: Make the remove callback for isa drivers return void
2021-01-26 07:42:27 +01:00
fdomain_pci.c
fdomain.c
scsi: fdomain: Call scsi_done() directly
2021-10-16 21:28:47 -04:00
fdomain.h
scsi: fdomain: Mark 'fdomain_pm_ops' as __maybe_unused
2020-07-08 01:12:44 -04:00
FlashPoint.c
Merge branch '5.14/scsi-result' into 5.14/scsi-staging
2021-06-02 01:37:04 -04:00
g_NCR5380.c
isa: Make the remove callback for isa drivers return void
2021-01-26 07:42:27 +01:00
gvp11.c
mm: don't include asm/pgtable.h if linux/mm.h is already included
2020-06-09 09:39:13 -07:00
gvp11.h
hosts.c
scsi: core: Remove Scsi_Host.shost_dev_attr_groups
2021-11-18 22:26:58 -05:00
hpsa_cmd.h
scsi: hpsa: Add an assert to prevent __packed reintroduction
2021-04-01 22:52:40 -04:00
hpsa.c
scsi: hpsa: Remove an unused variable in hpsa_update_scsi_devices()
2021-12-13 23:34:01 -05:00
hpsa.h
scsi: hpsa: Update copyright
2020-09-02 22:49:06 -04:00
hptiop.c
scsi: hptiop: Switch to attribute groups
2021-10-16 21:45:55 -04:00
hptiop.h
imm.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
imm.h
initio.c
scsi: initio: Don't use GFP_DMA in initio_probe_one()
2021-12-22 23:41:53 -05:00
initio.h
scsi: initio: Drop internal SCSI message definition
2021-01-22 21:14:10 -05:00
ipr.c
scsi: ipr: Switch to attribute groups
2021-10-16 21:45:56 -04:00
ipr.h
scsi: ipr: System crashes when seeing type 20 error
2021-06-29 16:46:08 -04:00
ips.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
ips.h
treewide: remove editor modelines and cruft
2021-05-07 00:26:34 -07:00
iscsi_boot_sysfs.c
scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
2020-06-02 21:23:47 -04:00
iscsi_tcp.c
scsi: iscsi: iscsi_tcp: Start socket shutdown during conn stop
2021-06-02 01:28:20 -04:00
iscsi_tcp.h
jazz_esp.c
scsi: jazz_esp: Add IRQ check
2021-04-13 00:20:48 -04:00
Kconfig
scsi: core: Rename CONFIG_BLK_SCSI_REQUEST to CONFIG_SCSI_COMMON
2021-07-28 22:24:27 -04:00
lasi700.c
parisc: Make struct parisc_driver::remove() return void
2021-08-30 10:18:25 +02:00
libiscsi_tcp.c
scsi: libiscsi: Drop taskqueuelock
2021-02-08 22:39:03 -05:00
libiscsi.c
scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
2021-12-22 23:03:59 -05:00
mac53c94.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
mac53c94.h
mac_esp.c
scsi: mac_esp: Use module_platform_driver to simplify the code
2020-10-02 21:52:53 -04:00
mac_scsi.c
scsi: NCR5380: Remove context check
2020-12-07 20:24:09 -05:00
Makefile
scsi: core: Fix missing FORCE for scsi_devinfo_tbl.c build rule
2021-08-23 23:07:05 -04:00
megaraid.c
scsi: megaraid: Avoid mismatched storage type sizes
2022-01-07 09:19:51 -05:00
megaraid.h
mesh.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
mesh.h
mvme16x_scsi.c
mvme147.c
mm: don't include asm/pgtable.h if linux/mm.h is already included
2020-06-09 09:39:13 -07:00
mvme147.h
mvumi.c
scsi: mvumi: Call scsi_done() directly
2021-10-16 21:29:15 -04:00
mvumi.h
scsi: Replace zero-length array with flexible-array member
2020-03-11 23:07:56 -04:00
myrb.c
scsi: myrb: Don't use GFP_DMA in myrb_pdev_slave_alloc()
2021-12-22 23:42:23 -05:00
myrb.h
scsi: mylex: Use the correct style for SPDX License Identifier
2020-01-02 21:57:44 -05:00
myrs.c
scsi: myrs: Fix crash in error case
2022-01-25 00:09:41 -05:00
myrs.h
scsi: mylex: Use the correct style for SPDX License Identifier
2020-01-02 21:57:44 -05:00
ncr53c8xx.c
scsi: ncr53c8xx: Switch to attribute groups
2021-10-16 21:45:57 -04:00
ncr53c8xx.h
scsi: ncr53c8xx: Use SAM status values
2021-01-22 21:14:12 -05:00
NCR5380.c
scsi: NCR5380: Call scsi_done() directly
2021-10-16 21:28:44 -04:00
NCR5380.h
scsi: NCR5380: Remove context check
2020-12-07 20:24:09 -05:00
nsp32_debug.c
nsp32_io.h
nsp32.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
nsp32.h
pmcraid.c
scsi: pmcraid: Don't use GFP_DMA in pmcraid_alloc_sglist()
2021-12-22 23:44:12 -05:00
pmcraid.h
scsi: pmcraid: Fix typos
2021-05-21 16:59:33 -04:00
ppa.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
ppa.h
ps3rom.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
qla1280.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
qla1280.h
scsi: qla1280: Fix dma firmware download, if dma address is 64bit
2020-01-15 23:09:11 -05:00
qlogicfas408.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
qlogicfas408.h
qlogicfas.c
qlogicpti.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
qlogicpti.h
raid_class.c
script_asm.pl
scsi_bsg.c
block: remove the gendisk argument to blk_execute_rq
2021-11-29 06:41:29 -07:00
scsi_common.c
scsi: core: Rename CONFIG_BLK_SCSI_REQUEST to CONFIG_SCSI_COMMON
2021-07-28 22:24:27 -04:00
scsi_debug.c
scsi: scsi_debug: Fix buffer size of REPORT ZONES command
2021-12-06 22:04:35 -05:00
scsi_debugfs.c
scsi: core: Show SCMD_LAST in text form
2021-11-29 23:02:13 -05:00
scsi_debugfs.h
scsi_devinfo.c
scsi: core: Add BLIST_IGN_MEDIA_CHANGE for Ultra HS-SD/MMC USB card readers
2021-07-21 23:49:02 -04:00
scsi_dh.c
scsi: scsi_dh: Fix a typo
2021-03-24 23:03:43 -04:00
scsi_error.c
SCSI misc on 20220113
2022-01-14 14:37:34 +01:00
scsi_ioctl.c
scsi: remove the gendisk argument to scsi_ioctl
2021-11-29 06:41:29 -07:00
scsi_lib_dma.c
scsi_lib.c
SCSI misc on 20220121
2022-01-22 10:24:02 +02:00
scsi_logging.c
block: remove the ->rq_disk field in struct request
2021-11-29 06:41:29 -07:00
scsi_logging.h
scsi: core: Fix a compiler warning triggered by the SCSI logging code
2019-12-19 22:08:54 -05:00
scsi_netlink.c
scsi_pm.c
scsi: block: pm: Always set request queue runtime active in blk_post_runtime_resume()
2021-12-22 23:38:29 -05:00
scsi_priv.h
scsi: Remove superfluous #include <linux/async.h> directives
2021-11-29 23:02:15 -05:00
scsi_proc.c
proc: remove PDE_DATA() completely
2022-01-22 08:33:37 +02:00
scsi_sas_internal.h
scsi_scan.c
scsi: core: Reallocate device's budget map on queue depth change
2022-01-31 12:56:01 -05:00
scsi_sysctl.c
scsi_sysfs.c
Merge branch '5.16/scsi-fixes' into 5.17/scsi-staging
2021-12-16 22:38:19 -05:00
scsi_trace.c
scsi: scsi_trace: Use get_unaligned_be24()
2020-03-16 22:08:36 -04:00
scsi_transport_api.h
scsi_transport_fc.c
scsi: scsi_transport_fc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
2021-08-11 22:25:37 -04:00
scsi_transport_iscsi.c
scsi: iscsi: Unblock session then wake up error handler
2021-11-16 19:42:30 -05:00
scsi_transport_sas.c
scsi: scsi_transport_sas: Add 22.5 Gbps link rate definitions
2021-10-19 14:07:19 -04:00
scsi_transport_spi.c
scsi: scsi_transport_spi: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
2021-08-11 22:25:37 -04:00
scsi_transport_srp.c
scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state
2021-04-05 23:14:53 -04:00
scsi.c
scsi: core: Fix scsi_device_max_queue_depth()
2021-12-06 22:30:32 -05:00
scsi.h
scsicam.c
include: remove pagemap.h from blkdev.h
2021-05-06 19:24:11 -07:00
sd_dif.c
block: move integrity handling out of <linux/blkdev.h>
2021-10-18 06:17:02 -06:00
sd_zbc.c
SCSI misc on 20220113
2022-01-14 14:37:34 +01:00
sd.c
SCSI misc on 20220121
2022-01-22 10:24:02 +02:00
sd.h
scsi: sd: add concurrent positioning ranges support
2021-10-26 21:01:48 -06:00
sense_codes.h
scsi: core: Update additional sense codes list
2020-09-15 20:28:06 -04:00
ses.c
scsi: ses: Fix unsigned comparison with less than zero
2021-09-28 22:42:06 -04:00
sg.c
scsi/sg: move sg-big-buff sysctl to scsi/sg.c
2022-01-22 08:33:35 +02:00
sgiwd93.c
sgiwd93: convert to dma_alloc_noncoherent
2020-09-25 06:20:44 +02:00
sim710.c
scsi: sim710: Remove unused variable 'err' from sim710_init()
2021-03-18 22:52:29 -04:00
sni_53c710.c
treewide: remove editor modelines and cruft
2021-05-07 00:26:34 -07:00
sr_ioctl.c
scsi: sr: Fix spelling mistake "does'nt" -> "doesn't"
2021-09-13 22:15:49 -04:00
sr_vendor.c
scsi: sr: Don't use GFP_DMA
2021-12-22 23:41:13 -05:00
sr.c
SCSI misc on 20220113
2022-01-14 14:37:34 +01:00
sr.h
scsi: sr: get rid of sr global mutex
2020-02-24 15:01:57 -05:00
st_options.h
st.c
scsi: remove the gendisk argument to scsi_ioctl
2021-11-29 06:41:29 -07:00
st.h
st: do not allocate a gendisk
2021-08-23 12:54:30 -06:00
stex.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
storvsc_drv.c
scsi: storvsc: Fix storvsc_queuecommand() memory leak
2022-01-10 12:33:47 +00:00
sun3_scsi_vme.c
sun3_scsi.c
scsi: sun3_scsi: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
2021-08-11 22:25:41 -04:00
sun3x_esp.c
scsi: sun3x_esp: Add IRQ check
2021-04-13 00:20:48 -04:00
sun_esp.c
scsi: sun_esp: Use module_platform_driver to simplify the code
2020-10-02 21:52:55 -04:00
virtio_scsi.c
virtio,vdpa,qemu_fw_cfg: features, cleanups, fixes
2022-01-18 10:05:48 +02:00
vmw_pvscsi.c
scsi: vmw_pvscsi: Set residual data length conditionally
2021-12-22 23:17:27 -05:00
vmw_pvscsi.h
scsi: vmw_pvscsi: MAINTAINERS: Update maintainer
2021-03-04 17:21:25 -05:00
wd33c93.c
scsi: core: Remove the 'done' argument from SCSI queuecommand_lck functions
2021-10-16 21:32:16 -04:00
wd33c93.h
wd719x.c
scsi: wd719x: Call scsi_done() directly
2021-10-16 21:31:43 -04:00
wd719x.h
xen-scsifront.c
scsi: xen-scsifront: Call scsi_done() directly
2021-10-16 21:31:43 -04:00
zalon.c
parisc: Make struct parisc_driver::remove() return void
2021-08-30 10:18:25 +02:00
zorro7xx.c
zorro_esp.c
mm: reorder includes after introduction of linux/pgtable.h
2020-06-09 09:39:13 -07:00