[PATCH 4.14 115/193] target: Fix QUEUE_FULL + SCSI task attribute handling

From: Greg Kroah-Hartman
Date: Tue Nov 28 2017 - 06:13:26 EST


4.14-stable review patch. If anyone has any objections, please let me know.

------------------

From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>

commit 1c79df1f349fb6050016cea4ef1dfbc3853a5685 upstream.

This patch fixes a bug during QUEUE_FULL where transport_complete_qf()
calls transport_complete_task_attr() after it's already been invoked
by target_complete_ok_work() or transport_generic_request_failure()
during initial completion, preceeding QUEUE_FULL.

This will result in se_device->simple_cmds, se_device->dev_cur_ordered_id
and/or se_device->dev_ordered_sync being updated multiple times for
a single se_cmd.

To address this bug, clear SCF_TASK_ATTR_SET after the first call
to transport_complete_task_attr(), and avoid updating SCSI task
attribute related counters for any subsequent calls.

Also, when a se_cmd is deferred due to ordered tags and executed
via target_restart_delayed_cmds(), set CMD_T_SENT before execution
matching what target_execute_cmd() does.

Cc: Michael Cyr <mikecyr@xxxxxxxxxxxxxxxxxx>
Cc: Bryant G. Ly <bryantly@xxxxxxxxxxxxxxxxxx>
Cc: Mike Christie <mchristi@xxxxxxxxxx>
Cc: Hannes Reinecke <hare@xxxxxxxx>
Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/target/target_core_transport.c | 4 ++++
1 file changed, 4 insertions(+)

--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -2010,6 +2010,8 @@ static void target_restart_delayed_cmds(
list_del(&cmd->se_delayed_node);
spin_unlock(&dev->delayed_cmd_lock);

+ cmd->transport_state |= CMD_T_SENT;
+
__target_execute_cmd(cmd, true);

if (cmd->sam_task_attr == TCM_ORDERED_TAG)
@@ -2045,6 +2047,8 @@ static void transport_complete_task_attr
pr_debug("Incremented dev_cur_ordered_id: %u for ORDERED\n",
dev->dev_cur_ordered_id);
}
+ cmd->se_cmd_flags &= ~SCF_TASK_ATTR_SET;
+
restart:
target_restart_delayed_cmds(dev);
}