From: Mike Christie Date: Fri, 27 Jan 2012 03:13:11 +0000 (-0600) Subject: [SCSI] libiscsi: fix cmd timeout/completion race X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=e3d338a536330b5ffc9f28d7c6a4cdf6ba51867a;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git [SCSI] libiscsi: fix cmd timeout/completion race If the driver/lib has called scsi_done and cleaned up internally but scsi layer has not yet called blk_mark_rq_complete when the command times out we hit a problem if the timeout code calls blk_mark_rq_complete first. When the time out code calls into the driver we were returning BLK_EH_RESET_TIMER and that causes the timeout code to just call us again later. We need to be calling BLK_EH_HANDLED so the timeout code can complete the completion process because it had called blk_mark_rq_complete on the command and now owns its processing. Signed-off-by: Mike Christie Signed-off-by: James Bottomley --- diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c index 8582d7c25732..82c3fd4bc938 100644 --- a/drivers/scsi/libiscsi.c +++ b/drivers/scsi/libiscsi.c @@ -1909,6 +1909,16 @@ static enum blk_eh_timer_return iscsi_eh_cmd_timed_out(struct scsi_cmnd *sc) ISCSI_DBG_EH(session, "scsi cmd %p timedout\n", sc); spin_lock(&session->lock); + task = (struct iscsi_task *)sc->SCp.ptr; + if (!task) { + /* + * Raced with completion. Blk layer has taken ownership + * so let timeout code complete it now. + */ + rc = BLK_EH_HANDLED; + goto done; + } + if (session->state != ISCSI_STATE_LOGGED_IN) { /* * We are probably in the middle of iscsi recovery so let @@ -1925,16 +1935,6 @@ static enum blk_eh_timer_return iscsi_eh_cmd_timed_out(struct scsi_cmnd *sc) goto done; } - task = (struct iscsi_task *)sc->SCp.ptr; - if (!task) { - /* - * Raced with completion. Just reset timer, and let it - * complete normally - */ - rc = BLK_EH_RESET_TIMER; - goto done; - } - /* * If we have sent (at least queued to the network layer) a pdu or * recvd one for the task since the last timeout ask for