From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
This patch fixes a piece of left-over breakage after the re-org of
core_tmr_lun_reset() in core_tmr_drain_task_list() in patch:
target: Re-org of core_tmr_lun_reset + FREE_CMD_INTR bugfix
that was preventing non-active tasks from being properly removed from
task->t_execute_list (following the original logic) before moving the
selected descriptor onto the drain_task_list for final processing.
This was causing the following OOPs where left-over descriptors with
TRANSPORT_PROCESSING status (as cmd: ffff880012882b40 below) where
causing se_tasks to be incorrectly executed after an LUN_RESET task
drain in core_tmr_drain_task_list() had completed.
This patch will be folded into the original re-org before heading
into v3.2 mainline + Cc: stable@xxxxxxxxxx.
[ 2351.515219] qla2xxx 0000:03:00.1: LIP occurred (0).
[ 2351.520694] qla_target(0): session for port 21:00:00:24:ff:31:4c:4c (loop ID 0) scheduled for deletion in 35 secs
[ 2351.536315] qla_target(0): local session for port 21:00:00:24:ff:31:4c:4c (loop ID 0) reappeared
[ 2351.546113] qla_target(0): local session for port 21:00:00:24:ff:31:4c:4c (loop ID 0) became global
[ 2365.482752] LUN_RESET: TMR caller fabric: qla2xxx initiator port 21:00:00:24:ff:31:4c:4d
[ 2365.491785] LUN_RESET: TMR starting for [iblock], tas: 1
<SNIP>
[ 2376.689805] LUN_RESET: ITT[0x00128f40] - pr_res_key: 0x0000000000000000 t_task_cdbs: 8 t_task_cdbs_left: 8 t_task_cdbs_sent: 0 -- t_transport_active: 1 t_transport_stop: 0 t_transport_sent: 0
[ 2376.708835] LUN_RESET: Skipping task: ffff88016e3af230, dev: ffff88016ea8d9e8 for t_task_cdbs_ex_left: 4
[ 2376.719473] LUN_RESET: cmd: ffff880012882b40 task: ffff88016e3aeda0 ITT/CmdSN: 0x00128f40/0x00000000, i_state: 0, t_state/def_t_state: 5/0 cdb: 0x2a
[ 2376.734396] LUN_RESET: ITT[0x00128f40] - pr_res_key: 0x0000000000000000 t_task_cdbs: 8 t_task_cdbs_left: 8 t_task_cdbs_sent: 0 -- t_transport_active: 1 t_transport_stop: 0 t_transport_sent: 0
[ 2376.753647] LUN_RESET: Skipping task: ffff88016e3aeda0, dev: ffff88016ea8d9e8 for t_task_cdbs_ex_left: 3
[ 2376.764333] LUN_RESET: cmd: ffff880012882b40 task: ffff88016e3ae480 ITT/CmdSN: 0x00128f40/0x00000000, i_state: 0, t_state/def_t_state: 5/0 cdb: 0x2a
[ 2376.779256] LUN_RESET: ITT[0x00128f40] - pr_res_key: 0x0000000000000000 t_task_cdbs: 8 t_task_cdbs_left: 8 t_task_cdbs_sent: 0 -- t_transport_active: 1 t_transport_stop: 0 t_transport_sent: 0
[ 2376.798314] LUN_RESET: Skipping task: ffff88016e3ae480, dev: ffff88016ea8d9e8 for t_task_cdbs_ex_left: 2
[ 2376.809158] LUN_RESET: cmd: ffff880012882b40 task: ffff88016e3af478 ITT/CmdSN: 0x00128f40/0x00000000, i_state: 0, t_state/def_t_state: 5/0 cdb: 0x2a
[ 2376.824073] LUN_RESET: ITT[0x00128f40] - pr_res_key: 0x0000000000000000 t_task_cdbs: 8 t_task_cdbs_left: 8 t_task_cdbs_sent: 0 -- t_transport_active: 1 t_transport_stop: 0 t_transport_sent: 0
[ 2376.843191] LUN_RESET: Skipping task: ffff88016e3af478, dev: ffff88016ea8d9e8 for t_task_cdbs_ex_left: 1
[ 2376.853824] LUN_RESET: cmd: ffff880012882b40 task: ffff88016dafbd98 ITT/CmdSN: 0x00128f40/0x00000000, i_state: 0, t_state/def_t_state: 5/0 cdb: 0x2a
[ 2376.868748] LUN_RESET: ITT[0x00128f40] - pr_res_key: 0x0000000000000000 t_task_cdbs: 8 t_task_cdbs_left: 8 t_task_cdbs_sent: 0 -- t_transport_active: 1 t_transport_stop: 0 t_transport_sent: 0
[ 2376.887735] LUN_RESET: got t_transport_active = 1 for task: ffff88016dafbd98, t_fe_count: 1 dev: ffff88016ea8d9e8
<SNIP>
[ 2378.539533] LUN_RESET: TMR for [iblock] Complete
[ 2378.544686] queue_tm_rsp: mcmd: ffff880012148000 func: 0x05 response: 0x00
[ 2378.558854] general protection fault: 0000 [#1] SMP
[ 2378.564409] last sysfs file: /sys/module/target_core_mod/initstate
[ 2378.571295] CPU 0
[ 2378.573543] Modules linked in: ib_srpt tcm_qla2xxx tcm_loop iscsi_target_mod target_core_pscsi target_core_file target_core_iblock target_core_mod qla2xxx ib_cm ib_sa ib_mad ib_core configfs loop i2c_i801 ioatdma i2c_core joydev snd]
[ 2378.624002] Pid: 0, comm: swapper Not tainted 2.6.32-5-amd64 #1 S5520HC
[ 2378.631374] RIP: 0010:[<ffffffff812fc0f1>] [<ffffffff812fc0f1>] _spin_lock_irqsave+0x1a/0x34
[ 2378.640890] RSP: 0018:ffff880005403d70 EFLAGS: 00010082
[ 2378.646807] RAX: 0000000000000282 RBX: ffff88016ea8d9e8 RCX: 0000000000008ae7
[ 2378.654758] RDX: 0000000000010000 RSI: 0000000000000282 RDI: 6b6b6b6b6b6b6c07
[ 2378.662709] RBP: ffff880012882b40 R08: ffff88016cd21120 R09: 000000000000005a
[ 2378.670659] R10: 0000000000000001 R11: ffffffff810b5a77 R12: ffff88016e3ae6c8
[ 2378.678610] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000080000
[ 2378.686561] FS: 0000000000000000(0000) GS:ffff880005400000(0000) knlGS:0000000000000000
[ 2378.695576] CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
[ 2378.701978] CR2: 00007f0f88938db0 CR3: 0000000114ca0000 CR4: 00000000000006f0
[ 2378.709929] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2378.717880] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 2378.725831] Process swapper (pid: 0, threadinfo ffffffff8142c000, task ffffffff814611f0)
[ 2378.734847] Stack:
[ 2378.737085] 0000000000000282 ffffffffa00c4d8c ffff880011e78b80 ffff88016c0ce970
[ 2378.745167] <0> 0000000000010000 0000000000000000 0000000000000000 ffffffff8117deb3
[ 2378.753753] <0> 0000000000000000 ffff88016c0ce970 0000000000000000 0000000000000000
[ 2378.762549] Call Trace:
[ 2378.765272] <IRQ>
[ 2378.767629] [<ffffffffa00c4d8c>] ? transport_complete_task+0x68/0x201 [target_core_mod]
[ 2378.776648] [<ffffffff8117deb3>] ? blk_update_request+0x179/0x332
[ 2378.783527] [<ffffffff8117e07d>] ? blk_update_bidi_request+0x11/0x46
[ 2378.790706] [<ffffffff8117ec67>] ? blk_end_bidi_request+0x19/0x56
[ 2378.797596] [<ffffffffa0016e95>] ? scsi_io_completion+0x1a6/0x3fa [scsi_mod]
[ 2378.805549] [<ffffffff811831ba>] ? blk_done_softirq+0x6e/0x7b
[ 2378.812051] [<ffffffff81053c8f>] ? __do_softirq+0xdd/0x1a6
[ 2378.818261] [<ffffffff81011cac>] ? call_softirq+0x1c/0x30
[ 2378.824373] [<ffffffff8101322b>] ? do_softirq+0x3f/0x7c
[ 2378.830291] [<ffffffff81053aff>] ? irq_exit+0x36/0x76
[ 2378.836016] [<ffffffff81012922>] ? do_IRQ+0xa0/0xb6
[ 2378.841547] [<ffffffff810114d3>] ? ret_from_intr+0x0/0x11
[ 2378.847657] <EOI>
[ 2378.850007] [<ffffffff81017318>] ? mwait_idle+0x72/0x7d
[ 2378.855925] [<ffffffff810172c8>] ? mwait_idle+0x22/0x7d
[ 2378.861843] [<ffffffff8100feb1>] ? cpu_idle+0xa2/0xda
[ 2378.867569] [<ffffffff814f3140>] ? early_idt_handler+0x0/0x71
[ 2378.874070] [<ffffffff814f3cdd>] ? start_kernel+0x3dc/0x3e8
[ 2378.880375] [<ffffffff814f33b7>] ? x86_64_start_kernel+0xf9/0x106
[ 2378.887261] Code: 31 d2 89 d0 c3 f0 83 2f 01 79 05 e8 ea 99 e9 ff c3 48 83 ec 08 9c 58 0f 1f 44 00 00 48 89 c6 fa 66 0f 1f 44 00 00 ba 00 00 01 00 <f0> 0f c1 17 0f b7 ca c1 ea 10 39 d1 74 07 f3 90 0f b7 0f eb f5
[ 2378.908995] RIP [<ffffffff812fc0f1>] _spin_lock_irqsave+0x1a/0x34
[ 2378.915893] RSP <ffff880005403d70>
[ 2378.920226] ---[ end trace 0464a8da8e1e74ec ]---
Cc: Roland Dreier <roland@xxxxxxxxxxxxxxx>
Cc: Christoph Hellwig <hch@xxxxxx>
Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxxxxxxxx>
---
drivers/target/target_core_tmr.c | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c
index 8945908..a074f59 100644
--- a/drivers/target/target_core_tmr.c
+++ b/drivers/target/target_core_tmr.c
@@ -224,7 +224,14 @@ static void core_tmr_drain_task_list(
list_move_tail(&task->t_state_list, &drain_task_list);
atomic_set(&task->task_state_active, 0);
- atomic_set(&task->task_execute_queue, 0);
+ /*
+ * Remove from task execute list before processing drain_task_list
+ */
+ if (atomic_read(&task->task_execute_queue) != 0) {
+ list_del(&task->t_execute_list);
+ atomic_set(&task->task_execute_queue, 0);
+ atomic_dec(&dev->execute_tasks);
+ }
}
spin_unlock_irqrestore(&dev->execute_task_lock, flags);
--
1.7.2.5
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
