[PATCH 5.3 010/197] scsi: qla2xxx: Fix stale mem access on driver unload

From: Greg Kroah-Hartman
Date: Sun Oct 27 2019 - 17:17:23 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.3 011/197] scsi: qla2xxx: Fix N2N link reset"
Previous message: Greg Kroah-Hartman: "[PATCH 5.3 001/197] drm: Free the writeback_job when it with an empty fb"
In reply to: Greg Kroah-Hartman: "[PATCH 5.3 001/197] drm: Free the writeback_job when it with an empty fb"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.3 011/197] scsi: qla2xxx: Fix N2N link reset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Quinn Tran <qutran@xxxxxxxxxxx>

[ Upstream commit fd5564ba54e0d8a9e3e823d311b764232e09eb5f ]

On driver unload, 'remove_one' thread was allowed to advance, while session
cleanup still lag behind. This patch ensures session deletion will finish
before remove_one can advance.

Link: https://lore.kernel.org/r/20190912180918.6436-4-hmadhani@xxxxxxxxxxx
Signed-off-by: Quinn Tran <qutran@xxxxxxxxxxx>
Signed-off-by: Himanshu Madhani <hmadhani@xxxxxxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/scsi/qla2xxx/qla_os.c | 1 +
drivers/scsi/qla2xxx/qla_target.c | 21 ++++++++-------------
2 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
index 4fda308c3ef5c..084e39e415ff5 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -1153,6 +1153,7 @@ qla2x00_wait_for_sess_deletion(scsi_qla_host_t *vha)
qla2x00_mark_all_devices_lost(vha, 0);

wait_event_timeout(vha->fcport_waitQ, test_fcport_count(vha), 10*HZ);
+ flush_workqueue(vha->hw->wq);
}

/*
diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
index f77baf107024f..1bb0fc9324ead 100644
--- a/drivers/scsi/qla2xxx/qla_target.c
+++ b/drivers/scsi/qla2xxx/qla_target.c
@@ -954,7 +954,7 @@ void qlt_free_session_done(struct work_struct *work)
struct qla_hw_data *ha = vha->hw;
unsigned long flags;
bool logout_started = false;
- scsi_qla_host_t *base_vha;
+ scsi_qla_host_t *base_vha = pci_get_drvdata(ha->pdev);
struct qlt_plogi_ack_t *own =
sess->plogi_link[QLT_PLOGI_LINK_SAME_WWN];

@@ -1106,6 +1106,7 @@ void qlt_free_session_done(struct work_struct *work)
}

spin_unlock_irqrestore(&ha->tgt.sess_lock, flags);
+ sess->free_pending = 0;

ql_dbg(ql_dbg_tgt_mgt, vha, 0xf001,
"Unregistration of sess %p %8phC finished fcp_cnt %d\n",
@@ -1114,17 +1115,8 @@ void qlt_free_session_done(struct work_struct *work)
if (tgt && (tgt->sess_count == 0))
wake_up_all(&tgt->waitQ);

- if (vha->fcport_count == 0)
- wake_up_all(&vha->fcport_waitQ);
-
- base_vha = pci_get_drvdata(ha->pdev);
-
- sess->free_pending = 0;
-
- if (test_bit(PFLG_DRIVER_REMOVING, &base_vha->pci_flags))
- return;
-
- if ((!tgt || !tgt->tgt_stop) && !LOOP_TRANSITION(vha)) {
+ if (!test_bit(PFLG_DRIVER_REMOVING, &base_vha->pci_flags) &&
+ (!tgt || !tgt->tgt_stop) && !LOOP_TRANSITION(vha)) {
switch (vha->host->active_mode) {
case MODE_INITIATOR:
case MODE_DUAL:
@@ -1137,6 +1129,9 @@ void qlt_free_session_done(struct work_struct *work)
break;
}
}
+
+ if (vha->fcport_count == 0)
+ wake_up_all(&vha->fcport_waitQ);
}

/* ha->tgt.sess_lock supposed to be held on entry */
@@ -1166,7 +1161,7 @@ void qlt_unreg_sess(struct fc_port *sess)
sess->last_login_gen = sess->login_gen;

INIT_WORK(&sess->free_work, qlt_free_session_done);
- schedule_work(&sess->free_work);
+ queue_work(sess->vha->hw->wq, &sess->free_work);
}
EXPORT_SYMBOL(qlt_unreg_sess);

--
2.20.1

Next message: Greg Kroah-Hartman: "[PATCH 5.3 011/197] scsi: qla2xxx: Fix N2N link reset"
Previous message: Greg Kroah-Hartman: "[PATCH 5.3 001/197] drm: Free the writeback_job when it with an empty fb"
In reply to: Greg Kroah-Hartman: "[PATCH 5.3 001/197] drm: Free the writeback_job when it with an empty fb"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.3 011/197] scsi: qla2xxx: Fix N2N link reset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]