In case of IOCB Queue full or system where memory is low and driver
receives large number of RSCN storm, the stale sp pointer can stay on
gpnid_list resulting in page_fault.
This patch fixes this issue by initializing the sp->elem list head and
removing sp->elem before memory is freed.
Following stack trace is seen
9 [
ffff987b37d1bc60] page_fault at
ffffffffad516768 [exception RIP: qla24xx_async_gpnid+496]
10 [
ffff987b37d1bd10] qla24xx_async_gpnid at
ffffffffc039866d [qla2xxx]
11 [
ffff987b37d1bd80] qla2x00_do_work at
ffffffffc036169c [qla2xxx]
12 [
ffff987b37d1be38] qla2x00_do_dpc_all_vps at
ffffffffc03adfed [qla2xxx]
13 [
ffff987b37d1be78] qla2x00_do_dpc at
ffffffffc036458a [qla2xxx]
14 [
ffff987b37d1bec8] kthread at
ffffffffacebae31
Fixes: 2d73ac6102d9 ("scsi: qla2xxx: Serialize GPNID for multiple RSCN")
Cc: <stable@vger.kernel.org> # v4.17+
Signed-off-by: Quinn Tran <quinn.tran@cavium.com>
Signed-off-by: Himanshu Madhani <himanshu.madhani@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
return rval;
done_free_sp:
+ spin_lock_irqsave(&vha->hw->vport_slock, flags);
+ list_del(&sp->elem);
+ spin_unlock_irqrestore(&vha->hw->vport_slock, flags);
+
if (sp->u.iocb_cmd.u.ctarg.req) {
dma_free_coherent(&vha->hw->pdev->dev,
sizeof(struct ct_sns_pkt),
sp->fcport = fcport;
sp->iocbs = 1;
sp->vha = qpair->vha;
+ INIT_LIST_HEAD(&sp->elem);
+
done:
if (!sp)
QLA_QPAIR_MARK_NOT_BUSY(qpair);
projects / openwrt / staging / blogic.git / commitdiff