On 05/05/2014 08:41 PM, Jay Kallickal wrote:
> From: Jayamohan Kallickal <jayamohan.kallickal@xxxxxxxxxx>
>
> During heavy IO in multipath environment with many active sessions
> and port-bouncing happening, there is a race condition because of
> which beiscsi_prcess_cqe() gets called for a connection whose
> endpoint is freed.
>
> Checking endpoint reference for a connection before processing in
> beiscsi_process_cq().
>
> Signed-off-by: Minh Tran <minhduc.tran@xxxxxxxxxx>
> Signed-off-by: John Soni Jose <sony.john-n@xxxxxxxxxx>
> Signed-off-by: Jayamohan Kallickal <jayamohan.kallickal@xxxxxxxxxx>
> ---
> drivers/scsi/be2iscsi/be_main.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/drivers/scsi/be2iscsi/be_main.c b/drivers/scsi/be2iscsi/be_main.c
> index dccda6c..5a7022f 100644
> --- a/drivers/scsi/be2iscsi/be_main.c
> +++ b/drivers/scsi/be2iscsi/be_main.c
> @@ -2110,6 +2110,16 @@ static unsigned int beiscsi_process_cq(struct be_eq_obj *pbe_eq)
>
> cri_index = BE_GET_CRI_FROM_CID(cid);
> ep = phba->ep_array[cri_index];
> + if (unlikely(ep == NULL)) {
> + /* connection has already been freed
> + * just move on to next one
> + */
> + beiscsi_log(phba, KERN_WARNING,
> + BEISCSI_LOG_INIT,
> + "BM_%d : proc cqe of disconn ep: cid %d\n",
> + cid);
> + goto proc_next_cqe;
> + }
> beiscsi_ep = ep->dd_data;
> beiscsi_conn = beiscsi_ep->conn;
>
It looks like if that race is possible then we could also free the ep
while you are accessing right? I think you would need to get a ref to
the ep.
What command/function tells the card to stop sending the driver
events/notifications/ios for that connection? Is it beiscsi_close_conn
or mgmt_invalidate_connection?
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
