scsi_transport_srp: Fix a race condition
The rport timers must be stopped before the SRP initiator destroys the
resources associated with the SCSI host. This is necessary because
otherwise the callback functions invoked from the SRP transport layer
could trigger a use-after-free. Stopping the rport timers before
invoking scsi_remove_host() can trigger long delays in the SCSI error
handler if a transport layer failure occurs while scsi_remove_host()
is in progress. Hence move the code for stopping the rport timers from
srp_rport_release() into a new function and invoke that function after
scsi_remove_host() has finished. This patch fixes the following
sporadic kernel crash:
kernel BUG at include/asm-generic/dma-mapping-common.h:64!
invalid opcode: 0000 [#1] SMP
RIP: 0010:[<
ffffffffa03b20b1>] [<
ffffffffa03b20b1>] srp_unmap_data+0x121/0x130 [ib_srp]
Call Trace:
[<
ffffffffa03b20fc>] srp_free_req+0x3c/0x80 [ib_srp]
[<
ffffffffa03b2188>] srp_finish_req+0x48/0x70 [ib_srp]
[<
ffffffffa03b21fb>] srp_terminate_io+0x4b/0x60 [ib_srp]
[<
ffffffffa03a6fb5>] __rport_fail_io_fast+0x75/0x80 [scsi_transport_srp]
[<
ffffffffa03a7438>] rport_fast_io_fail_timedout+0x88/0xc0 [scsi_transport_srp]
[<
ffffffff8108b370>] worker_thread+0x170/0x2a0
[<
ffffffff81090876>] kthread+0x96/0xa0
[<
ffffffff8100c0ca>] child_rip+0xa/0x20
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Roland Dreier <roland@purestorage.com>
projects / platform / adaptation / renesas_rcar / renesas_kernel.git / commit