On Fri, 2015-07-31 at 17:52 +0800, jiang.biao2@xxxxxxxxxx wrote:
> scsi_error: should not get sense for timeout IO in scsi error handler
>
> When an IO timeout occurs, the IO will be aborted in
> scsi_abort_command() and SCSI_EH_ABORT_SCHEDULED will be set. Because
> of that, the SCSI_EH_CANCEL_CMD will be clear in scsi_eh_scmd_add().
> So when scsi error handler starts, it will get sense for this
> timeout IO and the scmd of the IO request will be reused. In that
> case, the scmd may be double released when racing with io_done(),
> which will result in crash.
> SO SCSI_EH_ABORT_SCHEDULED should also be checked when getting sense.
> The bug maybe reproduced when the link between host and disk is
> unstable.
>
> Signed-off-by: Jiang Biao <jiang.biao2@xxxxxxxxxx>
> Signed-off-by: Long Chun <long.chun@xxxxxxxxxx>
> Reviewed-by: Tan Hu <tan.hu@xxxxxxxxxx>
> Reviewed-by: Chen Donghai <chen.donghai@xxxxxxxxxx>
> Reviewed-by: Cai Qu <cai.qu@xxxxxxxxxx>
>
> diff -uprN drivers/scsi/scsi_error.c drivers_new/scsi/scsi_error.c
to apply easily, diffs need to start at the top of the tree, please.
> --- scsi/scsi_error.c 2015-07-31 16:03:18.000000000 +0800
> +++ scsi_new/scsi_error.c 2015-07-31 16:29:25.000000000 +0800
> @@ -1156,9 +1156,14 @@ int scsi_eh_get_sense(struct list_head *
> struct Scsi_Host *shost;
> int rtn;
>
> + /*
> + * If SCSI_EH_ABORT_SCHEDULED has been set, it is timeout IO,
> + * should not get sense.
> + */
> list_for_each_entry_safe(scmd, next, work_q, eh_entry) {
and here all the tabs have been converted to spaces; you need to read
Documentation/email-clients.txt for details on how to avoid this.
I managed to fix it up this time, but won't again.
James
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
