[PATCH 4.7 169/186] target: Fix ordered task CHECK_CONDITION early exception handling

From: Greg Kroah-Hartman
Date: Thu Aug 18 2016 - 10:28:07 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.7 160/186] of: fix memory leak related to safe_name()"
Previous message: Peter Zijlstra: "Re: [PATCH v2] locking/mutex: Prevent lock starvation when spinning is enabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.7-stable review patch. If anyone has any objections, please let me know.

------------------

From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>

commit 410c29dfbfdf73d0d0b5d14a21868ab038eca703 upstream.

If a Simple command is sent with a failure, target_setup_cmd_from_cdb
returns with TCM_UNSUPPORTED_SCSI_OPCODE or TCM_INVALID_CDB_FIELD.

So in the cases where target_setup_cmd_from_cdb returns an error, we
never get far enough to call target_execute_cmd to increment simple_cmds.
Since simple_cmds isn't incremented, the result of the failure from
target_setup_cmd_from_cdb causes transport_generic_request_failure to
decrement simple_cmds, due to call to transport_complete_task_attr.

With this dev->simple_cmds or dev->dev_ordered_sync is now -1, not 0.
So when a subsequent command with an Ordered Task is sent, it causes
a hang, since dev->simple_cmds is at -1.

Tested-by: Bryant G. Ly <bryantly@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Bryant G. Ly <bryantly@xxxxxxxxxxxxxxxxxx>
Tested-by: Michael Cyr <mikecyr@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Michael Cyr <mikecyr@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/target/target_core_transport.c | 7 ++++++-
include/target/target_core_base.h | 1 +
2 files changed, 7 insertions(+), 1 deletion(-)

--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
@@ -1827,6 +1827,8 @@ static bool target_handle_task_attr(stru
if (dev->transport->transport_flags & TRANSPORT_FLAG_PASSTHROUGH)
return false;

+ cmd->se_cmd_flags |= SCF_TASK_ATTR_SET;
+
/*
* Check for the existence of HEAD_OF_QUEUE, and if true return 1
* to allow the passed struct se_cmd list of tasks to the front of the list.
@@ -1949,6 +1951,9 @@ static void transport_complete_task_attr
if (dev->transport->transport_flags & TRANSPORT_FLAG_PASSTHROUGH)
return;

+ if (!(cmd->se_cmd_flags & SCF_TASK_ATTR_SET))
+ goto restart;
+
if (cmd->sam_task_attr == TCM_SIMPLE_TAG) {
atomic_dec_mb(&dev->simple_cmds);
dev->dev_cur_ordered_id++;
@@ -1965,7 +1970,7 @@ static void transport_complete_task_attr
pr_debug("Incremented dev_cur_ordered_id: %u for ORDERED\n",
dev->dev_cur_ordered_id);
}
-
+restart:
target_restart_delayed_cmds(dev);
}

--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
@@ -142,6 +142,7 @@ enum se_cmd_flags_table {
SCF_PASSTHROUGH_PROT_SG_TO_MEM_NOALLOC = 0x00200000,
SCF_ACK_KREF = 0x00400000,
SCF_USE_CPUID = 0x00800000,
+ SCF_TASK_ATTR_SET = 0x01000000,
};

/*

Next message: Greg Kroah-Hartman: "[PATCH 4.7 160/186] of: fix memory leak related to safe_name()"
Previous message: Peter Zijlstra: "Re: [PATCH v2] locking/mutex: Prevent lock starvation when spinning is enabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]