| From 9bfacd01dc9b7519e1e6da12b01963550b9d09a2 Mon Sep 17 00:00:00 2001 |
| From: Roland Dreier <roland@purestorage.com> |
| Date: Thu, 22 Sep 2011 00:06:05 -0700 |
| Subject: [SCSI] qla2xxx: Fix crash in qla2x00_abort_all_cmds() on unload |
| |
| From: Roland Dreier <roland@purestorage.com> |
| |
| commit 9bfacd01dc9b7519e1e6da12b01963550b9d09a2 upstream. |
| |
| I hit a crash in qla2x00_abort_all_cmds() if the qla2xxx module is |
| unloaded right after it is loaded. I debugged this down to the abort |
| handling improperly treating a command of type SRB_ADISC_CMD as if it |
| had a bsg_job to complete when that command actually uses the iocb_cmd |
| part of the union. (I guess to hit this one has to unload the module |
| while the async FC initialization is still in progress) |
| |
| It seems we should only look for a bsg_job if type is SRB_ELS_CMD_RPT, |
| SRB_ELS_CMD_HST or SRB_CT_CMD, so switch the test to make that explicit. |
| |
| Signed-off-by: Roland Dreier <roland@purestorage.com> |
| Acked-by: Chad Dupuis <chad.dupuis@qlogic.com> |
| Signed-off-by: James Bottomley <JBottomley@Parallels.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/scsi/qla2xxx/qla_os.c | 9 +++++---- |
| 1 file changed, 5 insertions(+), 4 deletions(-) |
| |
| --- a/drivers/scsi/qla2xxx/qla_os.c |
| +++ b/drivers/scsi/qla2xxx/qla_os.c |
| @@ -1240,10 +1240,9 @@ qla2x00_abort_all_cmds(scsi_qla_host_t * |
| qla2x00_sp_compl(ha, sp); |
| } else { |
| ctx = sp->ctx; |
| - if (ctx->type == SRB_LOGIN_CMD || |
| - ctx->type == SRB_LOGOUT_CMD) { |
| - ctx->u.iocb_cmd->free(sp); |
| - } else { |
| + if (ctx->type == SRB_ELS_CMD_RPT || |
| + ctx->type == SRB_ELS_CMD_HST || |
| + ctx->type == SRB_CT_CMD) { |
| struct fc_bsg_job *bsg_job = |
| ctx->u.bsg_job; |
| if (bsg_job->request->msgcode |
| @@ -1255,6 +1254,8 @@ qla2x00_abort_all_cmds(scsi_qla_host_t * |
| kfree(sp->ctx); |
| mempool_free(sp, |
| ha->srb_mempool); |
| + } else { |
| + ctx->u.iocb_cmd->free(sp); |
| } |
| } |
| } |