Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d0260f61 authored by Nilesh Javali's avatar Nilesh Javali Committed by Greg Kroah-Hartman
Browse files

scsi: qedi: Protect active command list to avoid list corruption 

[ Upstream commit c0650e28448d606c84f76c34333dba30f61de993 ]

Protect active command list for non-I/O commands like login response,
logout response, text response, and recovery cleanup of active list to
avoid list corruption.

Link: https://lore.kernel.org/r/20200908095657.26821-5-mrangankar@marvell.com


Signed-off-by: default avatarNilesh Javali <njavali@marvell.com>
Signed-off-by: default avatarManish Rangankar <mrangankar@marvell.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 18136b33

drivers/scsi/qedi/qedi_fw.c

+8 −0
Original line number Diff line number Diff line
@@ -62,6 +62,7 @@ static void qedi_process_logout_resp(struct qedi_ctx *qedi, 
		  "Freeing tid=0x%x for cid=0x%x\n",

		  cmd->task_id, qedi_conn->iscsi_conn_id);



	spin_lock(&qedi_conn->list_lock);

	if (likely(cmd->io_cmd_in_list)) {

		cmd->io_cmd_in_list = false;

		list_del_init(&cmd->io_cmd);
@@ -72,6 +73,7 @@ static void qedi_process_logout_resp(struct qedi_ctx *qedi, 
			  cmd->task_id, qedi_conn->iscsi_conn_id,

			  &cmd->io_cmd);

	}

	spin_unlock(&qedi_conn->list_lock);



	cmd->state = RESPONSE_RECEIVED;

	qedi_clear_task_idx(qedi, cmd->task_id);
@@ -125,6 +127,7 @@ static void qedi_process_text_resp(struct qedi_ctx *qedi, 
		  "Freeing tid=0x%x for cid=0x%x\n",

		  cmd->task_id, qedi_conn->iscsi_conn_id);



	spin_lock(&qedi_conn->list_lock);

	if (likely(cmd->io_cmd_in_list)) {

		cmd->io_cmd_in_list = false;

		list_del_init(&cmd->io_cmd);
@@ -135,6 +138,7 @@ static void qedi_process_text_resp(struct qedi_ctx *qedi, 
			  cmd->task_id, qedi_conn->iscsi_conn_id,

			  &cmd->io_cmd);

	}

	spin_unlock(&qedi_conn->list_lock);



	cmd->state = RESPONSE_RECEIVED;

	qedi_clear_task_idx(qedi, cmd->task_id);
@@ -227,11 +231,13 @@ static void qedi_process_tmf_resp(struct qedi_ctx *qedi, 


	tmf_hdr = (struct iscsi_tm *)qedi_cmd->task->hdr;



	spin_lock(&qedi_conn->list_lock);

	if (likely(qedi_cmd->io_cmd_in_list)) {

		qedi_cmd->io_cmd_in_list = false;

		list_del_init(&qedi_cmd->io_cmd);

		qedi_conn->active_cmd_count--;

	}

	spin_unlock(&qedi_conn->list_lock);



	if (((tmf_hdr->flags & ISCSI_FLAG_TM_FUNC_MASK) ==

	      ISCSI_TM_FUNC_LOGICAL_UNIT_RESET) ||
@@ -293,11 +299,13 @@ static void qedi_process_login_resp(struct qedi_ctx *qedi, 
		  ISCSI_LOGIN_RESPONSE_HDR_DATA_SEG_LEN_MASK;

	qedi_conn->gen_pdu.resp_wr_ptr = qedi_conn->gen_pdu.resp_buf + pld_len;



	spin_lock(&qedi_conn->list_lock);

	if (likely(cmd->io_cmd_in_list)) {

		cmd->io_cmd_in_list = false;

		list_del_init(&cmd->io_cmd);

		qedi_conn->active_cmd_count--;

	}

	spin_unlock(&qedi_conn->list_lock);



	memset(task_ctx, '\0', sizeof(*task_ctx));

drivers/scsi/qedi/qedi_iscsi.c

+2 −0
Original line number Diff line number Diff line
@@ -976,11 +976,13 @@ static void qedi_cleanup_active_cmd_list(struct qedi_conn *qedi_conn) 
{

	struct qedi_cmd *cmd, *cmd_tmp;



	spin_lock(&qedi_conn->list_lock);

	list_for_each_entry_safe(cmd, cmd_tmp, &qedi_conn->active_cmd_list,

				 io_cmd) {

		list_del_init(&cmd->io_cmd);

		qedi_conn->active_cmd_count--;

	}

	spin_unlock(&qedi_conn->list_lock);

}



static void qedi_ep_disconnect(struct iscsi_endpoint *ep)