diff options
| author | Nicholas Bellinger <nab@linux-iscsi.org> | 2011-05-19 23:19:12 -0400 |
|---|---|---|
| committer | James Bottomley <jbottomley@parallels.com> | 2011-05-24 13:01:05 -0400 |
| commit | af57c3ac9947990da2608561b71f4799eb7795c6 (patch) | |
| tree | 35c113646dbd8f18d14e8060220ef9428e1bee61 /drivers/target | |
| parent | f436677262a5b524ac87675014c6d4e8ee153029 (diff) | |
[SCSI] target: Fix task->task_execute_queue=1 clear bug + LUN_RESET OOPs
This patch fixes a bug where task->task_execute_queue=1 was not being
cleared once se_task had been removed from se_device->execute_task_list,
resulting in an OOPs in core_tmr_lun_reset() for the task->task_active=0
case where transport_remove_task_from_execute_queue() was incorrectly
being called.
This patch fixes two cases in transport_get_task_from_execute_queue()
and transport_remove_task_from_execute_queue() to properly clear
task->task_execute_queue=0 once list_del(&task->t_execute_list) has
been called.
It also adds an explict check in transport_remove_task_from_execute_queue()
to dump_stack + return if called with task->task_execute_queue=0.
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Cc: stable@kernel.org
Signed-off-by: James Bottomley <jbottomley@parallels.com>
Diffstat (limited to 'drivers/target')
| -rw-r--r-- | drivers/target/target_core_transport.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c index 7c87b042375a..623963b8c1b7 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c | |||
| @@ -1194,6 +1194,7 @@ transport_get_task_from_execute_queue(struct se_device *dev) | |||
| 1194 | break; | 1194 | break; |
| 1195 | 1195 | ||
| 1196 | list_del(&task->t_execute_list); | 1196 | list_del(&task->t_execute_list); |
| 1197 | atomic_set(&task->task_execute_queue, 0); | ||
| 1197 | atomic_dec(&dev->execute_tasks); | 1198 | atomic_dec(&dev->execute_tasks); |
| 1198 | 1199 | ||
| 1199 | return task; | 1200 | return task; |
| @@ -1209,8 +1210,14 @@ void transport_remove_task_from_execute_queue( | |||
| 1209 | { | 1210 | { |
| 1210 | unsigned long flags; | 1211 | unsigned long flags; |
| 1211 | 1212 | ||
| 1213 | if (atomic_read(&task->task_execute_queue) == 0) { | ||
| 1214 | dump_stack(); | ||
| 1215 | return; | ||
| 1216 | } | ||
| 1217 | |||
| 1212 | spin_lock_irqsave(&dev->execute_task_lock, flags); | 1218 | spin_lock_irqsave(&dev->execute_task_lock, flags); |
| 1213 | list_del(&task->t_execute_list); | 1219 | list_del(&task->t_execute_list); |
| 1220 | atomic_set(&task->task_execute_queue, 0); | ||
| 1214 | atomic_dec(&dev->execute_tasks); | 1221 | atomic_dec(&dev->execute_tasks); |
| 1215 | spin_unlock_irqrestore(&dev->execute_task_lock, flags); | 1222 | spin_unlock_irqrestore(&dev->execute_task_lock, flags); |
| 1216 | } | 1223 | } |