Commit af57c3ac authored May 19, 2011 by Nicholas Bellinger Committed by James Bottomley May 24, 2011

[SCSI] target: Fix task->task_execute_queue=1 clear bug + LUN_RESET OOPs



This patch fixes a bug where task->task_execute_queue=1 was not being
cleared once se_task had been removed from se_device->execute_task_list,
resulting in an OOPs in core_tmr_lun_reset() for the task->task_active=0
case where transport_remove_task_from_execute_queue() was incorrectly
being called.

This patch fixes two cases in transport_get_task_from_execute_queue()
and transport_remove_task_from_execute_queue() to properly clear
task->task_execute_queue=0 once list_del(&task->t_execute_list) has
been called.

It also adds an explict check in transport_remove_task_from_execute_queue()
to dump_stack + return if called with task->task_execute_queue=0.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Cc: stable@kernel.org
Signed-off-by: James Bottomley <jbottomley@parallels.com>

parent f4366772

drivers/target/target_core_transport.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -1194,6 +1194,7 @@ transport_get_task_from_execute_queue(struct se_device *dev)
		break;

		list_del(&task->t_execute_list);
		atomic_set(&task->task_execute_queue, 0);
		atomic_dec(&dev->execute_tasks);

		return task;
		@@ -1209,8 +1210,14 @@ void transport_remove_task_from_execute_queue(
		{
		unsigned long flags;

		if (atomic_read(&task->task_execute_queue) == 0) {
		dump_stack();
		return;
		}

		spin_lock_irqsave(&dev->execute_task_lock, flags);
		list_del(&task->t_execute_list);
		atomic_set(&task->task_execute_queue, 0);
		atomic_dec(&dev->execute_tasks);
		spin_unlock_irqrestore(&dev->execute_task_lock, flags);
		}