• Quinn Tran's avatar
    scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition · 4c2a2d01
    Quinn Tran authored
    This patch uses kref to protect access between fcp_abort path and nvme
    command and LS command completion path.  Stack trace below shows the abort
    path is accessing stale memory (nvme_private->sp).
    
    When command kref reaches 0, nvme_private & srb resource will be
    disconnected from each other.  Any subsequence nvme abort request will not
    be able to reference the original srb.
    
    [ 5631.003998] BUG: unable to handle kernel paging request at 00000010000005d8
    [ 5631.004016] IP: [<ffffffffc087df92>] qla_nvme_abort_work+0x22/0x100 [qla2xxx]
    [ 5631.004086] Workqueue: events qla_nvme_abort_work [qla2xxx]
    [ 5631.004097] RIP: 0010:[<ffffffffc087df92>]  [<ffffffffc087df92>] qla_nvme_abort_work+0x22/0x100 [qla2xxx]
    [ 5631.004109] Call Trace:
    [ 5631.004115]  [<ffffffffaa4b8174>] ? pwq_dec_nr_in_flight+0x64/0xb0
    [ 5631.004117]  [<ffffffffaa4b9d4f>] process_one_work+0x17f/0x440
    [ 5631.004120]  [<ffffffffaa4bade6>] worker_thread+0x126/0x3c0
    Signed-off-by: default avatarQuinn Tran <qutran@marvell.com>
    Signed-off-by: default avatarHimanshu Madhani <hmadhani@marvell.com>
    Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
    4c2a2d01
qla_nvme.c 19 KB