From 5d69aadca6a34dbd28749ba285ed57b42e63253c Mon Sep 17 00:00:00 2001 From: Himanshu Madhani Date: Thu, 21 Nov 2019 16:36:41 -0500 Subject: [PATCH 131/155] [scsi] scsi: qla2xxx: Really fix qla2xxx_eh_abort() Message-id: <20191121163701.43688-7-hmadhani@redhat.com> Patchwork-id: 287855 O-Subject: [RHLE 7.8 e-stor PATCH v3 06/26] scsi: qla2xxx: Really fix qla2xxx_eh_abort() Bugzilla: 1731581 RH-Acked-by: Jarod Wilson RH-Acked-by: Ewan Milne RH-Acked-by: Tony Camuso From: Bart Van Assche Bugzilla 1731581 I'm not sure how this happened but the patch that was intended to fix abort handling was incomplete. This patch fixes that patch as follows: - If aborting the SCSI command failed, wait until the SCSI command completes. - Return SUCCESS instead of FAILED if an abort attempt races with SCSI command completion. - Since qla2xxx_eh_abort() increments the sp reference count by calling sp_get(), decrement the sp reference count before returning. Cc: Himanshu Madhani Fixes: 219d27d7147e ("scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands") Signed-off-by: Bart Van Assche Tested-by: Himanshu Madhani Reviewed-by: Himanshu Madhani Signed-off-by: Martin K. Petersen (cherry picked from commit 8dd9593cc07ad7d999bef81b06789ef873a94881) Signed-off-by: Himanshu Madhani Signed-off-by: Jan Stancek --- drivers/scsi/qla2xxx/qla_os.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index 85243e30eb9e..9e0a724f08f6 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -1271,6 +1271,7 @@ static int qla2xxx_eh_abort(struct scsi_cmnd *cmd) { scsi_qla_host_t *vha = shost_priv(cmd->device->host); + DECLARE_COMPLETION_ONSTACK(comp); srb_t *sp; int ret; unsigned int id, lun; @@ -1308,6 +1309,7 @@ qla2xxx_eh_abort(struct scsi_cmnd *cmd) return SUCCESS; } + /* Get a reference to the sp and drop the lock. */ if (sp_get(sp)){ /* ref_count is already 0 */ spin_unlock_irqrestore(qpair->qp_lock_ptr, flags); @@ -1335,6 +1337,23 @@ qla2xxx_eh_abort(struct scsi_cmnd *cmd) sp->done(sp, DID_ABORT << 16); ret = SUCCESS; break; + case QLA_FUNCTION_PARAMETER_ERROR: { + /* Wait for the command completion. */ + uint32_t ratov = ha->r_a_tov/10; + uint32_t ratov_j = msecs_to_jiffies(4 * ratov * 1000); + + WARN_ON_ONCE(sp->comp); + sp->comp = ∁ + if (!wait_for_completion_timeout(&comp, ratov_j)) { + ql_dbg(ql_dbg_taskm, vha, 0xffff, + "%s: Abort wait timer (4 * R_A_TOV[%d]) expired\n", + __func__, ha->r_a_tov); + ret = FAILED; + } else { + ret = SUCCESS; + } + break; + } default: /* * Either abort failed or abort and completion raced. Let @@ -1344,6 +1363,8 @@ qla2xxx_eh_abort(struct scsi_cmnd *cmd) break; } + sp->comp = NULL; + atomic_dec(&sp->ref_count); ql_log(ql_log_info, vha, 0x801c, "Abort command issued nexus=%ld:%d:%d -- %x.\n", vha->host_no, id, lun, ret); -- 2.13.6