From 709c75b5a2411c31e5a649a2cd6d4866dd11f456 Mon Sep 17 00:00:00 2001 From: "jiang.biao2@zte.com.cn" Date: Fri, 31 Jul 2015 17:52:10 +0800 Subject: [PATCH] scsi_error: should not get sense for timeout IO in scsi error handler scsi_error: should not get sense for timeout IO in scsi error handler When an IO timeout occurs, the IO will be aborted in scsi_abort_command() and SCSI_EH_ABORT_SCHEDULED will be set. Because of that, the SCSI_EH_CANCEL_CMD will be clear in scsi_eh_scmd_add(). So when scsi error handler starts, it will get sense for this timeout IO and the scmd of the IO request will be reused. In that case, the scmd may be double released when racing with io_done(), which will result in crash. SO SCSI_EH_ABORT_SCHEDULED should also be checked when getting sense. The bug maybe reproduced when the link between host and disk is unstable. Signed-off-by: Jiang Biao Signed-off-by: Long Chun Reviewed-by: Tan Hu Reviewed-by: Chen Donghai Reviewed-by: Cai Qu Signed-off-by: James Bottomley --- drivers/scsi/scsi_error.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c index d7d28061b31d..3aacd96d63f3 100644 --- a/drivers/scsi/scsi_error.c +++ b/drivers/scsi/scsi_error.c @@ -1160,8 +1160,13 @@ int scsi_eh_get_sense(struct list_head *work_q, struct Scsi_Host *shost; int rtn; + /* + * If SCSI_EH_ABORT_SCHEDULED has been set, it is timeout IO, + * should not get sense. + */ list_for_each_entry_safe(scmd, next, work_q, eh_entry) { if ((scmd->eh_eflags & SCSI_EH_CANCEL_CMD) || + (scmd->eh_eflags & SCSI_EH_ABORT_SCHEDULED) || SCSI_SENSE_VALID(scmd)) continue; -- 2.34.1