From 3dc14fede0858b4a3ad5cf01e2c0411e9b4fa9b4 Mon Sep 17 00:00:00 2001 From: Himanshu Madhani Date: Thu, 1 Aug 2019 15:55:04 -0400 Subject: [PATCH 044/124] [scsi] scsi: qla2xxx: Set the SCSI command result before calling the command done Message-id: <20190801155618.12650-45-hmadhani@redhat.com> Patchwork-id: 267820 O-Subject: [RHEL 7.8 e-stor PATCH 044/118] scsi: qla2xxx: Set the SCSI command result before calling the command done Bugzilla: 1729270 RH-Acked-by: Jarod Wilson RH-Acked-by: Tony Camuso From: Giridhar Malavali Bugzilla 1729270 This patch tries to address race condition between abort handler and completion handler. When scsi command result is set by both abort and completion handler, scsi_done() is only called after refcount on SRB structure goes to zero. The abort handler sets this result prematurely even when the refcount is non-zero value. Fix this by setting SCSI cmd->result before scsi_done() is called. Signed-off-by: Giridhar Malavali Signed-off-by: Himanshu Madhani Signed-off-by: Martin K. Petersen (cherry picked from commit 740e29358e350077d18ee08700199e37b206edad) Signed-off-by: Himanshu Madhani Signed-off-by: Jan Stancek --- drivers/scsi/qla2xxx/qla_os.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index f5933550586d..03a760345a82 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -765,8 +765,6 @@ qla2x00_sp_compl(void *ptr, int res) srb_t *sp = ptr; struct scsi_cmnd *cmd = GET_CMD_SP(sp); - cmd->result = res; - if (atomic_read(&sp->ref_count) == 0) { ql_dbg(ql_dbg_io, sp->vha, 0x3015, "SP reference-count to ZERO -- sp=%p cmd=%p.\n", @@ -779,6 +777,7 @@ qla2x00_sp_compl(void *ptr, int res) return; sp->free(sp); + cmd->result = res; cmd->scsi_done(cmd); } -- 2.13.6