IB/srp: Fix a sporadic crash triggered by cable pulling
Avoid that the loops that iterate over the request ring can encounter a pointer to a SCSI command in req->scmnd that is no longer associated with that request. If the function srp_unmap_data() is invoked twice for a SCSI command that is not in flight then that would cause ib_fmr_pool_unmap() to be invoked with an invalid pointer as argument, resulting in a kernel oops. Reported-by: Sagi Grimberg <sagig@mellanox.com> Reference: http://thread.gmane.org/gmane.linux.drivers.rdma/19068/focus=19069 Signed-off-by: Bart Van Assche <bvanassche@acm.org> Reviewed-by: Sagi Grimberg <sagig@mellanox.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Roland Dreier <roland@purestorage.com>
This commit is contained in:
parent
d6d211db37
commit
024ca90151
|
@ -1594,6 +1594,12 @@ err_unmap:
|
|||
err_iu:
|
||||
srp_put_tx_iu(target, iu, SRP_IU_CMD);
|
||||
|
||||
/*
|
||||
* Avoid that the loops that iterate over the request ring can
|
||||
* encounter a dangling SCSI command pointer.
|
||||
*/
|
||||
req->scmnd = NULL;
|
||||
|
||||
spin_lock_irqsave(&target->lock, flags);
|
||||
list_add(&req->list, &target->free_reqs);
|
||||
|
||||
|
|
Loading…
Reference in New Issue