'cfee29ffb45b ("scsi: core: Do not increase scsi_device's iorequest_cnt
if dispatch failed")' introduce bug which would cause kernel panic.
So revert the changes and fix the origin issue by decreasing the
iorequest_cnt if scsi_dispatch_cmd return failed.
Wenchao Hao (2):
Revert "scsi: core: Do not increase scsi_device's iorequest_cnt if
dispatch failed"
scsi: core: decrease scsi_device's iorequest_cnt if dispatch failed
drivers/scsi/scsi_lib.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--
2.32.0
the "atomic_inc(&cmd->device->iorequest_cnt)" in scsi_queue_rq() would
causes kernel panic, because cmd->device may be freed after returning
from scsi_dispatch_cmd().
This reverts commit cfee29ffb45b1c9798011b19d454637d1b0fe87d.
Signed-off-by: Wenchao Hao <[email protected]>
Reported-by: Ming Lei <[email protected]>
Closes:https://lore.kernel.org/linux-scsi/[email protected]/T/#t
---
drivers/scsi/scsi_lib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index b7c569a42aa4..03964b26f3f2 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1463,6 +1463,8 @@ static int scsi_dispatch_cmd(struct scsi_cmnd *cmd)
struct Scsi_Host *host = cmd->device->host;
int rtn = 0;
+ atomic_inc(&cmd->device->iorequest_cnt);
+
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
/* in SDEV_DEL we error all commands. DID_NO_CONNECT
@@ -1761,7 +1763,6 @@ static blk_status_t scsi_queue_rq(struct blk_mq_hw_ctx *hctx,
goto out_dec_host_busy;
}
- atomic_inc(&cmd->device->iorequest_cnt);
return BLK_STS_OK;
out_dec_host_busy:
--
2.32.0
On Mon, May 15, 2023 at 03:01:55PM +0800, Wenchao Hao wrote:
> the "atomic_inc(&cmd->device->iorequest_cnt)" in scsi_queue_rq() would
> causes kernel panic, because cmd->device may be freed after returning
> from scsi_dispatch_cmd().
>
> This reverts commit cfee29ffb45b1c9798011b19d454637d1b0fe87d.
>
> Signed-off-by: Wenchao Hao <[email protected]>
> Reported-by: Ming Lei <[email protected]>
> Closes:https://lore.kernel.org/linux-scsi/[email protected]/T/#t
Reviewed-by: Ming Lei <[email protected]>
Thanks,
Ming
On Mon, 15 May 2023 15:01:54 +0800, Wenchao Hao wrote:
> 'cfee29ffb45b ("scsi: core: Do not increase scsi_device's iorequest_cnt
> if dispatch failed")' introduce bug which would cause kernel panic.
>
> So revert the changes and fix the origin issue by decreasing the
> iorequest_cnt if scsi_dispatch_cmd return failed.
>
> Wenchao Hao (2):
> Revert "scsi: core: Do not increase scsi_device's iorequest_cnt if
> dispatch failed"
> scsi: core: decrease scsi_device's iorequest_cnt if dispatch failed
>
> [...]
Applied to 6.4/scsi-fixes, thanks!
[1/2] Revert "scsi: core: Do not increase scsi_device's iorequest_cnt if dispatch failed"
https://git.kernel.org/mkp/scsi/c/6ca9818d1624
[2/2] scsi: core: decrease scsi_device's iorequest_cnt if dispatch failed
https://git.kernel.org/mkp/scsi/c/09e797c8641f
--
Martin K. Petersen Oracle Linux Engineering