Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 065990bd authored by Keith Busch's avatar Keith Busch Committed by Jens Axboe
Browse files

scsi: set timed out out mq requests to complete 



The scsi block layer requires requests claimed by the error handling be
completed by the error handler. A previous commit allowed completions
to proceed for blk-mq, breaking that assumption.

This patch prevents completions that may race with the timeout handler
by marking the state to complete, restoring the previous behavior.

Fixes: 12f5b931 ("blk-mq: Remove generation seqeunce")
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
Signed-off-by: default avatarKeith Busch <keith.busch@intel.com>
Signed-off-by: default avatarJens Axboe <axboe@kernel.dk>
parent 0fc09f92

drivers/scsi/scsi_error.c

+14 −0
Original line number Diff line number Diff line
@@ -296,6 +296,20 @@ enum blk_eh_timer_return scsi_times_out(struct request *req) 
		rtn = host->hostt->eh_timed_out(scmd);



	if (rtn == BLK_EH_DONE) {

		/*

		 * For blk-mq, we must set the request state to complete now

		 * before sending the request to the scsi error handler. This

		 * will prevent a use-after-free in the event the LLD manages

		 * to complete the request before the error handler finishes

		 * processing this timed out request.

		 *

		 * If the request was already completed, then the LLD beat the

		 * time out handler from transferring the request to the scsi

		 * error handler. In that case we can return immediately as no

		 * further action is required.

		 */

		if (req->q->mq_ops && !blk_mq_mark_complete(req))

			return rtn;

		if (scsi_abort_command(scmd) != SUCCESS) {

			set_host_byte(scmd, DID_TIME_OUT);

			scsi_eh_scmd_add(scmd);