scsi: cxlflash: Remove commmands from pending list on timeout
authorUma Krishnan <ukrishn@linux.vnet.ibm.com>
Mon, 26 Mar 2018 16:35:34 +0000 (11:35 -0500)
committerMartin K. Petersen <martin.petersen@oracle.com>
Wed, 18 Apr 2018 23:32:50 +0000 (19:32 -0400)
commit9a597cd4c0cebd61657f7449cb8bcb681f464500
tree1a930cfb94f1efb0d6930bc1226415a2f3152016
parenta3feb6ef50def7c91244d7bd15a3625b7b49b81f
scsi: cxlflash: Remove commmands from pending list on timeout

The following Oops can occur if an internal command sent to the AFU does not
complete within the timeout:

[c000000ff101b810c008000016020d94 term_mc+0xfc/0x1b0 [cxlflash]
[c000000ff101b8a0c008000016020fb0 term_afu+0x168/0x280 [cxlflash]
[c000000ff101b930c0080000160232ec cxlflash_pci_error_detected+0x184/0x230
                                       [cxlflash]
[c000000ff101b9e0c00800000d95d468 cxl_vphb_error_detected+0x90/0x150[cxl]
[c000000ff101ba20c00800000d95f27c cxl_pci_error_detected+0xa4/0x240 [cxl]
[c000000ff101bac0c00000000003eaf8 eeh_report_error+0xd8/0x1b0
[c000000ff101bb20c00000000003d0b8 eeh_pe_dev_traverse+0x98/0x170
[c000000ff101bbb0c00000000003f438 eeh_handle_normal_event+0x198/0x580
[c000000ff101bc60c00000000003fba4 eeh_handle_event+0x2a4/0x338
[c000000ff101bd10c0000000000400b8 eeh_event_handler+0x1f8/0x200
[c000000ff101bdc0c00000000013da48 kthread+0x1a8/0x1b0
[c000000ff101be30c00000000000b528 ret_from_kernel_thread+0x5c/0xb4

When an internal command times out, the command buffer is freed while it is
still in the pending commands list of the context. This corrupts the list and
when the context is cleaned up, a crash is encountered.

To resolve this issue, when an AFU command or TMF command times out, the
command should be deleted from the hardware queue pending command list before
freeing the buffer.

Signed-off-by: Uma Krishnan <ukrishn@linux.vnet.ibm.com>
Acked-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/scsi/cxlflash/main.c