diff options
author | Keith Busch <keith.busch@intel.com> | 2018-07-23 08:37:51 -0600 |
---|---|---|
committer | Jens Axboe <axboe@kernel.dk> | 2018-07-24 14:41:52 -0600 |
commit | 065990bd198e0e67417c2c34e5e80140d4b8cef7 (patch) | |
tree | 599953a4f653a4091f05074bb7e7cfa94cac2a9b /drivers/scsi/scsi_error.c | |
parent | 0fc09f920983f61be625658c62cc40ac25a7b3a5 (diff) | |
download | lwn-065990bd198e0e67417c2c34e5e80140d4b8cef7.tar.gz lwn-065990bd198e0e67417c2c34e5e80140d4b8cef7.zip |
scsi: set timed out out mq requests to complete
The scsi block layer requires requests claimed by the error handling be
completed by the error handler. A previous commit allowed completions
to proceed for blk-mq, breaking that assumption.
This patch prevents completions that may race with the timeout handler
by marking the state to complete, restoring the previous behavior.
Fixes: 12f5b931 ("blk-mq: Remove generation seqeunce")
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'drivers/scsi/scsi_error.c')
-rw-r--r-- | drivers/scsi/scsi_error.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c index 8932ae81a15a..2715cdaa669c 100644 --- a/drivers/scsi/scsi_error.c +++ b/drivers/scsi/scsi_error.c @@ -296,6 +296,20 @@ enum blk_eh_timer_return scsi_times_out(struct request *req) rtn = host->hostt->eh_timed_out(scmd); if (rtn == BLK_EH_DONE) { + /* + * For blk-mq, we must set the request state to complete now + * before sending the request to the scsi error handler. This + * will prevent a use-after-free in the event the LLD manages + * to complete the request before the error handler finishes + * processing this timed out request. + * + * If the request was already completed, then the LLD beat the + * time out handler from transferring the request to the scsi + * error handler. In that case we can return immediately as no + * further action is required. + */ + if (req->q->mq_ops && !blk_mq_mark_complete(req)) + return rtn; if (scsi_abort_command(scmd) != SUCCESS) { set_host_byte(scmd, DID_TIME_OUT); scsi_eh_scmd_add(scmd); |