From: Giridhar Malavali <gmalavali@marvell.com>
Date: Tue, 2 Apr 2019 14:24:20 -0700
Subject: scsi: qla2xxx: Set the SCSI command result before calling the command
done
Patch-mainline: v5.2-rc1
Git-commit: 740e29358e350077d18ee08700199e37b206edad
References: bsc#1082635 bsc#1123034 bsc#1131304 bsc#1127988 bsc#1141340 bsc#1143706
This patch tries to address race condition between abort handler and
completion handler. When scsi command result is set by both abort and
completion handler, scsi_done() is only called after refcount on SRB
structure goes to zero. The abort handler sets this result prematurely even
when the refcount is non-zero value. Fix this by setting SCSI cmd->result
before scsi_done() is called.
Signed-off-by: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Acked-by: Daniel Wagner <dwagner@suse.de>
---
drivers/scsi/qla2xxx/qla_os.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -768,8 +768,6 @@ qla2x00_sp_compl(void *ptr, int res)
srb_t *sp = ptr;
struct scsi_cmnd *cmd = GET_CMD_SP(sp);
- cmd->result = res;
-
if (atomic_read(&sp->ref_count) == 0) {
ql_dbg(ql_dbg_io, sp->vha, 0x3015,
"SP reference-count to ZERO -- sp=%p cmd=%p.\n",
@@ -782,6 +780,7 @@ qla2x00_sp_compl(void *ptr, int res)
return;
sp->free(sp);
+ cmd->result = res;
cmd->scsi_done(cmd);
}