diff options
author | Neerav Parikh <Neerav.Parikh@intel.com> | 2011-07-27 15:10:54 -0700 |
---|---|---|
committer | James Bottomley <JBottomley@Parallels.com> | 2011-07-28 12:13:15 +0400 |
commit | c9d24a76184b3ecbedc66d45f840c3dfd921f12b (patch) | |
tree | c723b70d30ba0f4a2508c40b5489f07e96d4dc68 /drivers/ieee802154 | |
parent | 85982127273be0474e9505c0aac35973a0a013f8 (diff) |
[SCSI] libfc: Remove the reference to FCP packet from scsi_cmnd in case of error
fc_queuecommand() allocates an FCP packet for each SCSI command and sends
it out on the wire. In the process it stores the reference to the FCP packet
in the scsi_cmnd structure.
Now, in case under stress testing the libfc exchange layer runs out of
exchanges the fc_queuecommand() may not be able to send out commands out on
the wire. In such a scenario if there is an error in sending the FCP packet
out the wire; fc_queuecommand() deletes the FCP packet from internal queue,
releases the FCP packet and returns a SCSI_MLQUEUE_HOST_BUSY status to the
scsi-ml. But, the reference to the FCP packet set in the scsi_cmnd is not
removed from the scsi_cmnd in this code path.
This might lead to a crash under stress testing where the scsi_cmnd failed by
fc_queuecommand() comes up to fc_eh_abort() via scsi eh thread. fc_eh_abort()
will get reference to the FCP packet to be aborted from the scsi_cmnd for
further FCP abort related processing and then try to release the FCP packet
that has already been released.
This patch removes the FCP packet reference from the scsi_cmnd before returning
back from fc_queuecommand() in case of an error in sending out the FCP packet.
Signed-off-by: Neerav Parikh <Neerav.Parikh@intel.com>
Tested-by: Ross Brattain <ross.b.brattain@intel.com>
Signed-off-by: Robert Love <robert.w.love@intel.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Diffstat (limited to 'drivers/ieee802154')
0 files changed, 0 insertions, 0 deletions