Commit 99b06033 authored by Mike Christie's avatar Mike Christie Committed by Martin K. Petersen

scsi: iscsi: Hold task ref during TMF timeout handling

For aborts, qedi needs to cleanup the FW then send the TMF from a worker
thread. While it's doing these the cmd could complete normally and the TMF
could time out. libiscsi would then complete the iscsi_task which will call
into the driver to cleanup the driver level resources while it still might
be accessing them for the cleanup/abort.

This has iscsi_eh_abort keep the iscsi_task ref if the TMF times out, so
qedi does not have to worry about if the task is being freed while in use
and does not need to get its own ref.

Link: https://lore.kernel.org/r/20210525181821.7617-18-michael.christie@oracle.comReviewed-by: default avatarLee Duncan <lduncan@suse.com>
Signed-off-by: default avatarMike Christie <michael.christie@oracle.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
parent 7ce9fc5e
...@@ -573,6 +573,11 @@ static bool cleanup_queued_task(struct iscsi_task *task) ...@@ -573,6 +573,11 @@ static bool cleanup_queued_task(struct iscsi_task *task)
__iscsi_put_task(task); __iscsi_put_task(task);
} }
if (conn->session->running_aborted_task == task) {
conn->session->running_aborted_task = NULL;
__iscsi_put_task(task);
}
if (conn->task == task) { if (conn->task == task) {
conn->task = NULL; conn->task = NULL;
__iscsi_put_task(task); __iscsi_put_task(task);
...@@ -2334,6 +2339,7 @@ int iscsi_eh_abort(struct scsi_cmnd *sc) ...@@ -2334,6 +2339,7 @@ int iscsi_eh_abort(struct scsi_cmnd *sc)
iscsi_start_tx(conn); iscsi_start_tx(conn);
goto success_unlocked; goto success_unlocked;
case TMF_TIMEDOUT: case TMF_TIMEDOUT:
session->running_aborted_task = task;
spin_unlock_bh(&session->frwd_lock); spin_unlock_bh(&session->frwd_lock);
iscsi_conn_failure(conn, ISCSI_ERR_SCSI_EH_SESSION_RST); iscsi_conn_failure(conn, ISCSI_ERR_SCSI_EH_SESSION_RST);
goto failed_unlocked; goto failed_unlocked;
...@@ -2367,7 +2373,14 @@ int iscsi_eh_abort(struct scsi_cmnd *sc) ...@@ -2367,7 +2373,14 @@ int iscsi_eh_abort(struct scsi_cmnd *sc)
failed_unlocked: failed_unlocked:
ISCSI_DBG_EH(session, "abort failed [sc %p itt 0x%x]\n", sc, ISCSI_DBG_EH(session, "abort failed [sc %p itt 0x%x]\n", sc,
task ? task->itt : 0); task ? task->itt : 0);
/*
* The driver might be accessing the task so hold the ref. The conn
* stop cleanup will drop the ref after ep_disconnect so we know the
* driver's no longer touching the task.
*/
if (!session->running_aborted_task)
iscsi_put_task(task); iscsi_put_task(task);
iscsi_put_conn(conn->cls_conn); iscsi_put_conn(conn->cls_conn);
mutex_unlock(&session->eh_mutex); mutex_unlock(&session->eh_mutex);
return FAILED; return FAILED;
......
...@@ -276,6 +276,7 @@ struct iscsi_session { ...@@ -276,6 +276,7 @@ struct iscsi_session {
struct iscsi_tm tmhdr; struct iscsi_tm tmhdr;
struct timer_list tmf_timer; struct timer_list tmf_timer;
int tmf_state; /* see TMF_INITIAL, etc.*/ int tmf_state; /* see TMF_INITIAL, etc.*/
struct iscsi_task *running_aborted_task;
/* iSCSI session-wide sequencing */ /* iSCSI session-wide sequencing */
uint32_t cmdsn; uint32_t cmdsn;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment