scsi: qedi: Protect active command list to avoid list corruption

Protect active command list for non-I/O commands like login response,
logout response, text response, and recovery cleanup of active list to
avoid list corruption.

Link: https://lore.kernel.org/r/20200908095657.26821-5-mrangankar@marvell.com
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Manish Rangankar <mrangankar@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/qedi/qedi_fw.c b/drivers/scsi/qedi/qedi_fw.c
index 34c477bda8a4fd6f041003f8363668222bf69020..f158fde0a43c1a7fd5d51a646c69604f4a7ec97b 100644 (file)
--- a/drivers/scsi/qedi/qedi_fw.c
+++ b/drivers/scsi/qedi/qedi_fw.c
@@ -59,6 +59,7 @@ static void qedi_process_logout_resp(struct qedi_ctx *qedi,
                  "Freeing tid=0x%x for cid=0x%x\n",
                  cmd->task_id, qedi_conn->iscsi_conn_id);
 
+       spin_lock(&qedi_conn->list_lock);
        if (likely(cmd->io_cmd_in_list)) {
                cmd->io_cmd_in_list = false;
                list_del_init(&cmd->io_cmd);
@@ -69,6 +70,7 @@ static void qedi_process_logout_resp(struct qedi_ctx *qedi,
                          cmd->task_id, qedi_conn->iscsi_conn_id,
                          &cmd->io_cmd);
        }
+       spin_unlock(&qedi_conn->list_lock);
 
        cmd->state = RESPONSE_RECEIVED;
        qedi_clear_task_idx(qedi, cmd->task_id);
@@ -122,6 +124,7 @@ static void qedi_process_text_resp(struct qedi_ctx *qedi,
                  "Freeing tid=0x%x for cid=0x%x\n",
                  cmd->task_id, qedi_conn->iscsi_conn_id);
 
+       spin_lock(&qedi_conn->list_lock);
        if (likely(cmd->io_cmd_in_list)) {
                cmd->io_cmd_in_list = false;
                list_del_init(&cmd->io_cmd);
@@ -132,6 +135,7 @@ static void qedi_process_text_resp(struct qedi_ctx *qedi,
                          cmd->task_id, qedi_conn->iscsi_conn_id,
                          &cmd->io_cmd);
        }
+       spin_unlock(&qedi_conn->list_lock);
 
        cmd->state = RESPONSE_RECEIVED;
        qedi_clear_task_idx(qedi, cmd->task_id);
@@ -222,11 +226,13 @@ static void qedi_process_tmf_resp(struct qedi_ctx *qedi,
 
        tmf_hdr = (struct iscsi_tm *)qedi_cmd->task->hdr;
 
+       spin_lock(&qedi_conn->list_lock);
        if (likely(qedi_cmd->io_cmd_in_list)) {
                qedi_cmd->io_cmd_in_list = false;
                list_del_init(&qedi_cmd->io_cmd);
                qedi_conn->active_cmd_count--;
        }
+       spin_unlock(&qedi_conn->list_lock);
 
        if (((tmf_hdr->flags & ISCSI_FLAG_TM_FUNC_MASK) ==
              ISCSI_TM_FUNC_LOGICAL_UNIT_RESET) ||
@@ -288,11 +294,13 @@ static void qedi_process_login_resp(struct qedi_ctx *qedi,
                  ISCSI_LOGIN_RESPONSE_HDR_DATA_SEG_LEN_MASK;
        qedi_conn->gen_pdu.resp_wr_ptr = qedi_conn->gen_pdu.resp_buf + pld_len;
 
+       spin_lock(&qedi_conn->list_lock);
        if (likely(cmd->io_cmd_in_list)) {
                cmd->io_cmd_in_list = false;
                list_del_init(&cmd->io_cmd);
                qedi_conn->active_cmd_count--;
        }
+       spin_unlock(&qedi_conn->list_lock);
 
        memset(task_ctx, '\0', sizeof(*task_ctx));
 

diff --git a/drivers/scsi/qedi/qedi_iscsi.c b/drivers/scsi/qedi/qedi_iscsi.c
index f815845fc568270373965ae9e7d417093a60b760..ae86a40ca040cf25ab71e6889783e1d3bddd8a52 100644 (file)
--- a/drivers/scsi/qedi/qedi_iscsi.c
+++ b/drivers/scsi/qedi/qedi_iscsi.c
@@ -975,11 +975,13 @@ static void qedi_cleanup_active_cmd_list(struct qedi_conn *qedi_conn)
 {
        struct qedi_cmd *cmd, *cmd_tmp;
 
+       spin_lock(&qedi_conn->list_lock);
        list_for_each_entry_safe(cmd, cmd_tmp, &qedi_conn->active_cmd_list,
                                 io_cmd) {
                list_del_init(&cmd->io_cmd);
                qedi_conn->active_cmd_count--;
        }
+       spin_unlock(&qedi_conn->list_lock);
 }
 
 static void qedi_ep_disconnect(struct iscsi_endpoint *ep)