Commit 5c63daf6 authored by Chad Dupuis's avatar Chad Dupuis Committed by Martin K. Petersen

scsi: bnx2fc: If IO is still in cleanup then do not return to SCSI layer.

In eh_abort, driver is calling scsi->done() for a IO for which cleanup is
pending. As the IO is outstanding with the firmware, it may do DMA
associated with the IO. This may lead to heap corruption.

Do not complete the IO for which cleanup is still pending. Return failure
from eh_abort and let the SCSI-ml retry the IO.
Signed-off-by: default avatarChad Dupuis <chad.dupuis@cavium.com>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
parent 59fb870f
...@@ -1167,16 +1167,11 @@ int bnx2fc_eh_abort(struct scsi_cmnd *sc_cmd) ...@@ -1167,16 +1167,11 @@ int bnx2fc_eh_abort(struct scsi_cmnd *sc_cmd)
printk(KERN_ERR PFX "eh_abort: io_req (xid = 0x%x) " printk(KERN_ERR PFX "eh_abort: io_req (xid = 0x%x) "
"not on active_q\n", io_req->xid); "not on active_q\n", io_req->xid);
/* /*
* This condition can happen only due to the FW bug, * The IO is still with the FW.
* where we do not receive cleanup response from * Return failure and let SCSI-ml retry eh_abort.
* the FW. Handle this case gracefully by erroring
* back the IO request to SCSI-ml
*/ */
bnx2fc_scsi_done(io_req, DID_ABORT);
kref_put(&io_req->refcount, bnx2fc_cmd_release);
spin_unlock_bh(&tgt->tgt_lock); spin_unlock_bh(&tgt->tgt_lock);
return SUCCESS; return FAILED;
} }
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment