mirror of
https://github.com/SCST-project/scst.git
synced 2026-05-23 05:31:28 +00:00
00303e30c8
The timeout handler and the done function are racing. When qla2x00_async_iocb_timeout() starts to run it can be preempted by the normal response path (via the firmware?). qla24xx_async_gpsc_sp_done() releases the SRB unconditionally. When scheduling back to qla2x00_async_iocb_timeout() qla24xx_async_abort_cmd() will access an freed sp->qpair pointer: qla2xxx [0000:83:00.0]-2871:0: Async-gpsc timeout - hdl=63d portid=234500 50:06:0e:80:08:77:b6:21. qla2xxx [0000:83:00.0]-2853:0: Async done-gpsc res 0, WWPN 50:06:0e:80:08:77:b6:21 qla2xxx [0000:83:00.0]-2854:0: Async-gpsc OUT WWPN 20:45:00:27:f8:75:33:00 speeds=2c00 speed=0400. qla2xxx [0000:83:00.0]-28d8:0: qla24xx_handle_gpsc_event 50:06:0e:80:08:77:b6:21 DS 7 LS 6 rc 0 login 1|1 rscn 1|0 lid 5 BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 IP: qla24xx_async_abort_cmd+0x1b/0x1c0 [qla2xxx] Obvious solution to this is to introduce a reference counter. One reference is taken for the normal code path (the 'good' case) and one for the timeout path. As we always race between the normal good case and the timeout/abort handler we need to serialize it. Also we cannot assume any order between the handlers. Since this is slow path we can use proper synchronization via locks. When we are able to cancel a timer (del_timer returns 1) we know there can't be any error handling in progress because the timeout handler hasn't expired yet, thus we can safely decrement the refcounter by one. If we are not able to cancel the timer, we know an abort handler is running. We have to make sure we call sp->done() in the abort handlers before calling kref_put(). Link: https://lore.kernel.org/r/20220110050218.3958-3-njavali@marvell.com Cc: stable@vger.kernel.org Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Co-developed-by: Daniel Wagner <dwagner@suse.de> Signed-off-by: Daniel Wagner <dwagner@suse.de> Signed-off-by: Saurav Kashyap <skashyap@marvell.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> [ commit 31e6cdbe0eae upstream ]
Overview
This is the source code repository of the SCST project. SCST is a collection of Linux kernel drivers that implement SCSI target functionality. The SCST project includes:
- The SCST core in the scst/ subdirectory.
- A tool for loading, saving and modifying the SCST configuration in directory scstadmin/.
- Several SCSI target drivers in the directories iscsi-scst/, qla2x00t/, srpt/, scst_local/ and fcst/.
- User space programs in the usr/ subdirectory, e.g. fileio_tgt.
- Various documentation in the doc/ subdirectory.
Instructions for building and installing SCST are available in the INSTALL.md file.
QLogic target driver
Two QLogic target drivers are included in the SCST project.
The default driver is located in qla2x00t-32gbit directory and it supports up to 32 Gb/s FC. It is the newer one.
May anyone wish to switch back to the older driver that only supported up to
16 Gb/s adapters, it is located in qla2x00t directory. To make use of the
older driver build scst with environment variable QLA_32GBIT=no set.
Vladislav Bolkhovitin vst@vlnb.net, http://scst.sourceforge.net
Sourceforge achievements
