[PATCH v2 01/15] qla2xxx: Set the SCSI command result before calling the command done

Himanshu Madhani <hmadhani@xxxxxxxxxxx> · Tue, 2 Apr 2019 14:24:20 -0700

From: Giridhar Malavali <gmalavali@xxxxxxxxxxx>

This patch tries to address race condition between abort handler and
completion handler. When scsi command result is set by both abort and
completion handler, scsi_done() is only called after refcount on SRB
structure goes to zero. The abort handler sets this result prematurely
even when the refcount is non-zero value. Fix this by setting SCSI
cmd->result before scsi_done() is called.

Signed-off-by: Giridhar Malavali <gmalavali@xxxxxxxxxxx>
Signed-off-by: Himanshu Madhani <hmadhani@xxxxxxxxxxx>
---
 drivers/scsi/qla2xxx/qla_os.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
index cad93c34409b..dde13036b06a 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -765,8 +765,6 @@ qla2x00_sp_compl(void *ptr, int res)
 	srb_t *sp = ptr;
 	struct scsi_cmnd *cmd = GET_CMD_SP(sp);
 
-	cmd->result = res;
-
 	if (atomic_read(&sp->ref_count) == 0) {
 		ql_dbg(ql_dbg_io, sp->vha, 0x3015,
 		    "SP reference-count to ZERO -- sp=%p cmd=%p.\n",
@@ -779,6 +777,7 @@ qla2x00_sp_compl(void *ptr, int res)
 		return;
 
 	sp->free(sp);
+	cmd->result = res;
 	cmd->scsi_done(cmd);
 }
 
-- 
2.12.0







