From 11206081ad895d83e717bfe23603168dc307d904 Mon Sep 17 00:00:00 2001 From: Jayamohan Kallickal Date: Mon, 5 May 2014 21:41:30 -0400 Subject: [PATCH] be2iscsi: Fix processing cqe for cxn whose endpoint is freed During heavy IO in multipath environment with many active sessions and port-bouncing happening, there is a race condition because of which beiscsi_prcess_cqe() gets called for a connection whose endpoint is freed. Checking endpoint reference for a connection before processing in beiscsi_process_cq(). Signed-off-by: Minh Tran Signed-off-by: John Soni Jose Signed-off-by: Jayamohan Kallickal Signed-off-by: Christoph Hellwig --- drivers/scsi/be2iscsi/be_main.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/scsi/be2iscsi/be_main.c b/drivers/scsi/be2iscsi/be_main.c index 554349029628..ac54cf55998f 100644 --- a/drivers/scsi/be2iscsi/be_main.c +++ b/drivers/scsi/be2iscsi/be_main.c @@ -2110,6 +2110,16 @@ static unsigned int beiscsi_process_cq(struct be_eq_obj *pbe_eq) cri_index = BE_GET_CRI_FROM_CID(cid); ep = phba->ep_array[cri_index]; + if (unlikely(ep == NULL)) { + /* connection has already been freed + * just move on to next one + */ + beiscsi_log(phba, KERN_WARNING, + BEISCSI_LOG_INIT, + "BM_%d : proc cqe of disconn ep: cid %d\n", + cid); + goto proc_next_cqe; + } beiscsi_ep = ep->dd_data; beiscsi_conn = beiscsi_ep->conn; @@ -2219,6 +2229,7 @@ static unsigned int beiscsi_process_cq(struct be_eq_obj *pbe_eq) break; } +proc_next_cqe: AMAP_SET_BITS(struct amap_sol_cqe, valid, sol, 0); queue_tail_inc(cq); sol = queue_tail_node(cq);