From: Xiang Chen <chenxiang66@xxxxxxxxxxxxx>
When an SMP task timeouts, it will call lldd_abort_task
to release the associated slot, and then will release
the sas_task.
Currently in lldd_abort_task, if we fail to internally
abort IO, then the slot of SMP IO is not released,
but sas_task will still be later released, so the slot's
sas_task is NULL, which will cause NULL pointer when
hisi_sas_slot_task_free happens later.
To resolve, check the return value of internal abort,
and release the slot if it failed.
Signed-off-by: Xiang Chen <chenxiang66@xxxxxxxxxxxxx>
Signed-off-by: John Garry <john.garry@xxxxxxxxxx>
---
drivers/scsi/hisi_sas/hisi_sas_main.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/hisi_sas/hisi_sas_main.c b/drivers/scsi/hisi_sas/hisi_sas_main.c
index f86263b..1391f2d 100644
--- a/drivers/scsi/hisi_sas/hisi_sas_main.c
+++ b/drivers/scsi/hisi_sas/hisi_sas_main.c
@@ -962,8 +962,13 @@ static int hisi_sas_abort_task(struct sas_task *task)
struct hisi_sas_slot *slot = task->lldd_task;
u32 tag = slot->idx;
- hisi_sas_internal_task_abort(hisi_hba, device,
- HISI_SAS_INT_ABT_CMD, tag);
+ rc = hisi_sas_internal_task_abort(hisi_hba, device,
+ HISI_SAS_INT_ABT_CMD, tag);
+ if (rc == TMF_RESP_FUNC_FAILED) {
+ spin_lock_irqsave(&hisi_hba->lock, flags);
+ hisi_sas_do_release_task(hisi_hba, task, slot);
+ spin_unlock_irqrestore(&hisi_hba->lock, flags);
+ }
}
out:
--
1.9.1
