Commit 4aa04a25 authored by Nicholas Bellinger's avatar Nicholas Bellinger Committed by Sasha Levin

target: Fix race with SCF_SEND_DELAYED_TAS handling

commit 310d3d31 upstream.

This patch fixes a race between setting of SCF_SEND_DELAYED_TAS
in transport_send_task_abort(), and check of the same bit in
transport_check_aborted_status().

It adds a __transport_check_aborted_status() version that is
used by target_execute_cmd() when se_cmd->t_state_lock is
held, and a transport_check_aborted_status() wrapper for
all other existing callers.

Also, it handles the case where the check happens before
transport_send_task_abort() gets called.  For this, go
ahead and set SCF_SEND_DELAYED_TAS early when necessary,
and have transport_send_task_abort() send the abort.

Cc: Quinn Tran <quinn.tran@qlogic.com>
Cc: Himanshu Madhani <himanshu.madhani@qlogic.com>
Cc: Sagi Grimberg <sagig@mellanox.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Andy Grover <agrover@redhat.com>
Cc: Mike Christie <mchristi@redhat.com>
Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: default avatarSasha Levin <sasha.levin@oracle.com>
parent 08367c9e
...@@ -1835,19 +1835,21 @@ static bool target_handle_task_attr(struct se_cmd *cmd) ...@@ -1835,19 +1835,21 @@ static bool target_handle_task_attr(struct se_cmd *cmd)
return true; return true;
} }
static int __transport_check_aborted_status(struct se_cmd *, int);
void target_execute_cmd(struct se_cmd *cmd) void target_execute_cmd(struct se_cmd *cmd)
{ {
/*
* If the received CDB has aleady been aborted stop processing it here.
*/
if (transport_check_aborted_status(cmd, 1))
return;
/* /*
* Determine if frontend context caller is requesting the stopping of * Determine if frontend context caller is requesting the stopping of
* this command for frontend exceptions. * this command for frontend exceptions.
*
* If the received CDB has aleady been aborted stop processing it here.
*/ */
spin_lock_irq(&cmd->t_state_lock); spin_lock_irq(&cmd->t_state_lock);
if (__transport_check_aborted_status(cmd, 1)) {
spin_unlock_irq(&cmd->t_state_lock);
return;
}
if (cmd->transport_state & CMD_T_STOP) { if (cmd->transport_state & CMD_T_STOP) {
pr_debug("%s:%d CMD_T_STOP for ITT: 0x%08x\n", pr_debug("%s:%d CMD_T_STOP for ITT: 0x%08x\n",
__func__, __LINE__, __func__, __LINE__,
...@@ -3028,8 +3030,13 @@ transport_send_check_condition_and_sense(struct se_cmd *cmd, ...@@ -3028,8 +3030,13 @@ transport_send_check_condition_and_sense(struct se_cmd *cmd,
} }
EXPORT_SYMBOL(transport_send_check_condition_and_sense); EXPORT_SYMBOL(transport_send_check_condition_and_sense);
int transport_check_aborted_status(struct se_cmd *cmd, int send_status) static int __transport_check_aborted_status(struct se_cmd *cmd, int send_status)
__releases(&cmd->t_state_lock)
__acquires(&cmd->t_state_lock)
{ {
assert_spin_locked(&cmd->t_state_lock);
WARN_ON_ONCE(!irqs_disabled());
if (!(cmd->transport_state & CMD_T_ABORTED)) if (!(cmd->transport_state & CMD_T_ABORTED))
return 0; return 0;
...@@ -3037,19 +3044,37 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) ...@@ -3037,19 +3044,37 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status)
* If cmd has been aborted but either no status is to be sent or it has * If cmd has been aborted but either no status is to be sent or it has
* already been sent, just return * already been sent, just return
*/ */
if (!send_status || !(cmd->se_cmd_flags & SCF_SEND_DELAYED_TAS)) if (!send_status || !(cmd->se_cmd_flags & SCF_SEND_DELAYED_TAS)) {
if (send_status)
cmd->se_cmd_flags |= SCF_SEND_DELAYED_TAS;
return 1; return 1;
}
pr_debug("Sending delayed SAM_STAT_TASK_ABORTED status for CDB: 0x%02x ITT: 0x%08x\n", pr_debug("Sending delayed SAM_STAT_TASK_ABORTED status for CDB:"
cmd->t_task_cdb[0], cmd->se_tfo->get_task_tag(cmd)); " 0x%02x ITT: 0x%08x\n", cmd->t_task_cdb[0],
cmd->se_tfo->get_task_tag(cmd));
cmd->se_cmd_flags &= ~SCF_SEND_DELAYED_TAS; cmd->se_cmd_flags &= ~SCF_SEND_DELAYED_TAS;
cmd->scsi_status = SAM_STAT_TASK_ABORTED; cmd->scsi_status = SAM_STAT_TASK_ABORTED;
trace_target_cmd_complete(cmd); trace_target_cmd_complete(cmd);
spin_unlock_irq(&cmd->t_state_lock);
cmd->se_tfo->queue_status(cmd); cmd->se_tfo->queue_status(cmd);
spin_lock_irq(&cmd->t_state_lock);
return 1; return 1;
} }
int transport_check_aborted_status(struct se_cmd *cmd, int send_status)
{
int ret;
spin_lock_irq(&cmd->t_state_lock);
ret = __transport_check_aborted_status(cmd, send_status);
spin_unlock_irq(&cmd->t_state_lock);
return ret;
}
EXPORT_SYMBOL(transport_check_aborted_status); EXPORT_SYMBOL(transport_check_aborted_status);
void transport_send_task_abort(struct se_cmd *cmd) void transport_send_task_abort(struct se_cmd *cmd)
...@@ -3071,11 +3096,17 @@ void transport_send_task_abort(struct se_cmd *cmd) ...@@ -3071,11 +3096,17 @@ void transport_send_task_abort(struct se_cmd *cmd)
*/ */
if (cmd->data_direction == DMA_TO_DEVICE) { if (cmd->data_direction == DMA_TO_DEVICE) {
if (cmd->se_tfo->write_pending_status(cmd) != 0) { if (cmd->se_tfo->write_pending_status(cmd) != 0) {
cmd->transport_state |= CMD_T_ABORTED; spin_lock_irqsave(&cmd->t_state_lock, flags);
if (cmd->se_cmd_flags & SCF_SEND_DELAYED_TAS) {
spin_unlock_irqrestore(&cmd->t_state_lock, flags);
goto send_abort;
}
cmd->se_cmd_flags |= SCF_SEND_DELAYED_TAS; cmd->se_cmd_flags |= SCF_SEND_DELAYED_TAS;
spin_unlock_irqrestore(&cmd->t_state_lock, flags);
return; return;
} }
} }
send_abort:
cmd->scsi_status = SAM_STAT_TASK_ABORTED; cmd->scsi_status = SAM_STAT_TASK_ABORTED;
transport_lun_remove_cmd(cmd); transport_lun_remove_cmd(cmd);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment