From: Jayamohan Kallickal Date: Tue, 6 May 2014 01:41:30 +0000 (-0400) Subject: be2iscsi: Fix processing cqe for cxn whose endpoint is freed X-Git-Tag: firefly_0821_release~176^2~3742^2~52 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=11206081ad895d83e717bfe23603168dc307d904;p=firefly-linux-kernel-4.4.55.git be2iscsi: Fix processing cqe for cxn whose endpoint is freed During heavy IO in multipath environment with many active sessions and port-bouncing happening, there is a race condition because of which beiscsi_prcess_cqe() gets called for a connection whose endpoint is freed. Checking endpoint reference for a connection before processing in beiscsi_process_cq(). Signed-off-by: Minh Tran Signed-off-by: John Soni Jose Signed-off-by: Jayamohan Kallickal Signed-off-by: Christoph Hellwig --- diff --git a/drivers/scsi/be2iscsi/be_main.c b/drivers/scsi/be2iscsi/be_main.c index 554349029628..ac54cf55998f 100644 --- a/drivers/scsi/be2iscsi/be_main.c +++ b/drivers/scsi/be2iscsi/be_main.c @@ -2110,6 +2110,16 @@ static unsigned int beiscsi_process_cq(struct be_eq_obj *pbe_eq) cri_index = BE_GET_CRI_FROM_CID(cid); ep = phba->ep_array[cri_index]; + if (unlikely(ep == NULL)) { + /* connection has already been freed + * just move on to next one + */ + beiscsi_log(phba, KERN_WARNING, + BEISCSI_LOG_INIT, + "BM_%d : proc cqe of disconn ep: cid %d\n", + cid); + goto proc_next_cqe; + } beiscsi_ep = ep->dd_data; beiscsi_conn = beiscsi_ep->conn; @@ -2219,6 +2229,7 @@ static unsigned int beiscsi_process_cq(struct be_eq_obj *pbe_eq) break; } +proc_next_cqe: AMAP_SET_BITS(struct amap_sol_cqe, valid, sol, 0); queue_tail_inc(cq); sol = queue_tail_node(cq);