-
Nicholas Bellinger authored
This patch drops two incorrect usages of tcm_qla2xxx_free_cmd() during TMR ABORT within tcm_qla2xxx_handle_data_work() and tcm_qla2xxx_aborted_task(), which where attempting to dispatch into workqueue context to do tcm_qla2xxx_complete_free() and subsequently invoke transport_generic_free_cmd(). This is incorrect because during TMR ABORT target-core will drop the outstanding se_cmd->cmd_kref references once it has quiesced the se_cmd via transport_wait_for_tasks(), and in the case of qla2xxx it should not attempt to do it's own transport_generic_free_cmd() once the abort has occured. As reported by Pascal, this was originally manifesting as a BUG_ON(cmd->cmd_in_wq) in qlt_free_cmd() during TMR ABORT, with a LIO backend that had sufficently high enough WRITE latency to trigger a host side TMR ABORT_TASK. In addition, for the case in tcm_qla2xxx_write_pending_status() and tcm_qla2xxx_handle_data_work() that waits for outstanding FCP WRITE data transfer to complete before preceeding with a TMR ABORT, avoid se_cmd->t_transport_stop_comp that is already used by transport_wait_for_tasks() and use a qla2xxx internal struct completion instead. Reported-by:
Pascal de Bruijn <p.debruijn@unilogic.nl> Tested-by:
Himanshu Madhani <himanshu.madhani@cavium.com> Cc: Quinn Tran <quinn.tran@cavium.com> Cc: <stable@vger.kernel.org> # 3.10+ Signed-off-by:
Nicholas Bellinger <nab@linux-iscsi.org>
5f572526
