scsi: qedi: Fix list_del corruption while removing active I/O (565ecf53) · Commits · e / devices / android_kernel_fairphone_FP4

drivers/scsi/qedi/qedi_fw.c

+11 −4

Original line number	Diff line number	Diff line
		@@ -837,8 +837,11 @@ static void qedi_process_cmd_cleanup_resp(struct qedi_ctx *qedi,
		qedi_clear_task_idx(qedi_conn->qedi, rtid);

		spin_lock(&qedi_conn->list_lock);
		if (likely(dbg_cmd->io_cmd_in_list)) {
		dbg_cmd->io_cmd_in_list = false;
		list_del_init(&dbg_cmd->io_cmd);
		qedi_conn->active_cmd_count--;
		}
		spin_unlock(&qedi_conn->list_lock);
		qedi_cmd->state = CLEANUP_RECV;
		wake_up_interruptible(&qedi_conn->wait_queue);
		@@ -1257,6 +1260,7 @@ int qedi_cleanup_all_io(struct qedi_ctx qedi, struct qedi_conn qedi_conn,
		qedi_conn->cmd_cleanup_req++;
		qedi_iscsi_cleanup_task(ctask, true);

		cmd->io_cmd_in_list = false;
		list_del_init(&cmd->io_cmd);
		qedi_conn->active_cmd_count--;
		QEDI_WARN(&qedi->dbg_ctx,
		@@ -1470,8 +1474,11 @@ static void qedi_tmf_work(struct work_struct *work)
		spin_unlock_bh(&qedi_conn->tmf_work_lock);

		spin_lock(&qedi_conn->list_lock);
		if (likely(cmd->io_cmd_in_list)) {
		cmd->io_cmd_in_list = false;
		list_del_init(&cmd->io_cmd);
		qedi_conn->active_cmd_count--;
		}
		spin_unlock(&qedi_conn->list_lock);

		clear_bit(QEDI_CONN_FW_CLEANUP, &qedi_conn->flags);