This is a note to let you know that I've just added the patch titled scsi: qla2xxx: Fix TMF leak through to the 6.5-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: scsi-qla2xxx-fix-tmf-leak-through.patch and it can be found in the queue-6.5 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 5d3148d8e8b05f084e607ac3bd55a4c317a9f934 Mon Sep 17 00:00:00 2001 From: Quinn Tran <qutran@xxxxxxxxxxx> Date: Fri, 14 Jul 2023 12:31:02 +0530 Subject: scsi: qla2xxx: Fix TMF leak through From: Quinn Tran <qutran@xxxxxxxxxxx> commit 5d3148d8e8b05f084e607ac3bd55a4c317a9f934 upstream. Task management can retry up to 5 times when FW resource becomes bottle neck. Between the retries, there is a short sleep. Current code assumes the chip has not reset or session has not changed. Check for chip reset or session change before sending Task management. Cc: stable@xxxxxxxxxxxxxxx Fixes: 9803fb5d2759 ("scsi: qla2xxx: Fix task management cmd failure") Signed-off-by: Quinn Tran <qutran@xxxxxxxxxxx> Signed-off-by: Nilesh Javali <njavali@xxxxxxxxxxx> Link: https://lore.kernel.org/r/20230714070104.40052-9-njavali@xxxxxxxxxxx Reviewed-by: Himanshu Madhani <himanshu.madhani@xxxxxxxxxx> Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/scsi/qla2xxx/qla_init.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -2038,10 +2038,14 @@ static void qla_marker_sp_done(srb_t *sp complete(&tmf->u.tmf.comp); } -#define START_SP_W_RETRIES(_sp, _rval) \ +#define START_SP_W_RETRIES(_sp, _rval, _chip_gen, _login_gen) \ {\ int cnt = 5; \ do { \ + if (_chip_gen != sp->vha->hw->chip_reset || _login_gen != sp->fcport->login_gen) {\ + _rval = EINVAL; \ + break; \ + } \ _rval = qla2x00_start_sp(_sp); \ if (_rval == EAGAIN) \ msleep(1); \ @@ -2064,6 +2068,7 @@ qla26xx_marker(struct tmf_arg *arg) srb_t *sp; int rval = QLA_FUNCTION_FAILED; fc_port_t *fcport = arg->fcport; + u32 chip_gen, login_gen; if (TMF_NOT_READY(arg->fcport)) { ql_dbg(ql_dbg_taskm, vha, 0x8039, @@ -2073,6 +2078,9 @@ qla26xx_marker(struct tmf_arg *arg) return QLA_SUSPENDED; } + chip_gen = vha->hw->chip_reset; + login_gen = fcport->login_gen; + /* ref: INIT */ sp = qla2xxx_get_qpair_sp(vha, arg->qpair, fcport, GFP_KERNEL); if (!sp) @@ -2090,7 +2098,7 @@ qla26xx_marker(struct tmf_arg *arg) tm_iocb->u.tmf.loop_id = fcport->loop_id; tm_iocb->u.tmf.vp_index = vha->vp_idx; - START_SP_W_RETRIES(sp, rval); + START_SP_W_RETRIES(sp, rval, chip_gen, login_gen); ql_dbg(ql_dbg_taskm, vha, 0x8006, "Async-marker hdl=%x loop-id=%x portid=%06x modifier=%x lun=%lld qp=%d rval %d.\n", @@ -2159,6 +2167,9 @@ __qla2x00_async_tm_cmd(struct tmf_arg *a return QLA_SUSPENDED; } + chip_gen = vha->hw->chip_reset; + login_gen = fcport->login_gen; + /* ref: INIT */ sp = qla2xxx_get_qpair_sp(vha, arg->qpair, fcport, GFP_KERNEL); if (!sp) @@ -2176,7 +2187,7 @@ __qla2x00_async_tm_cmd(struct tmf_arg *a tm_iocb->u.tmf.flags = arg->flags; tm_iocb->u.tmf.lun = arg->lun; - START_SP_W_RETRIES(sp, rval); + START_SP_W_RETRIES(sp, rval, chip_gen, login_gen); ql_dbg(ql_dbg_taskm, vha, 0x802f, "Async-tmf hdl=%x loop-id=%x portid=%06x ctrl=%x lun=%lld qp=%d rval=%x.\n", @@ -2195,9 +2206,6 @@ __qla2x00_async_tm_cmd(struct tmf_arg *a } if (!test_bit(UNLOADING, &vha->dpc_flags) && !IS_QLAFX00(vha->hw)) { - chip_gen = vha->hw->chip_reset; - login_gen = fcport->login_gen; - jif = jiffies; if (qla_tmf_wait(arg)) { ql_log(ql_log_info, vha, 0x803e, Patches currently in stable-queue which might be from qutran@xxxxxxxxxxx are queue-6.5/scsi-qla2xxx-error-code-did-not-return-to-upper-layer.patch queue-6.5/scsi-qla2xxx-adjust-iocb-resource-on-qpair-create.patch queue-6.5/scsi-qla2xxx-fix-tmf-leak-through.patch queue-6.5/scsi-qla2xxx-fix-deletion-race-condition.patch queue-6.5/scsi-qla2xxx-fix-erroneous-link-up-failure.patch queue-6.5/scsi-qla2xxx-flush-mailbox-commands-on-chip-reset.patch queue-6.5/scsi-qla2xxx-fix-command-flush-during-tmf.patch queue-6.5/scsi-qla2xxx-fix-inconsistent-tmf-timeout.patch queue-6.5/scsi-qla2xxx-turn-off-noisy-message-log.patch queue-6.5/scsi-qla2xxx-limit-tmf-to-8-per-function.patch queue-6.5/scsi-qla2xxx-fix-session-hang-in-gnl.patch