From: Giridhar Malavali <gmalavali@marvell.com>
Date: Tue, 2 Apr 2019 21:24:20 +0000 (-0700)
Subject: scsi: qla2xxx: Set the SCSI command result before calling the command done
X-Git-Tag: v5.2-rc1~130^2~148
X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;h=740e29358e350077d18ee08700199e37b206edad;p=linux.git

scsi: qla2xxx: Set the SCSI command result before calling the command done

This patch tries to address race condition between abort handler and
completion handler. When scsi command result is set by both abort and
completion handler, scsi_done() is only called after refcount on SRB
structure goes to zero. The abort handler sets this result prematurely even
when the refcount is non-zero value. Fix this by setting SCSI cmd->result
before scsi_done() is called.

Signed-off-by: Giridhar Malavali <gmalavali@marvell.com>
Signed-off-by: Himanshu Madhani <hmadhani@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
---

diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
index b6f37b651bca..79d5ea835924 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -765,8 +765,6 @@ qla2x00_sp_compl(void *ptr, int res)
 	srb_t *sp = ptr;
 	struct scsi_cmnd *cmd = GET_CMD_SP(sp);
 
-	cmd->result = res;
-
 	if (atomic_read(&sp->ref_count) == 0) {
 		ql_dbg(ql_dbg_io, sp->vha, 0x3015,
 		    "SP reference-count to ZERO -- sp=%p cmd=%p.\n",
@@ -779,6 +777,7 @@ qla2x00_sp_compl(void *ptr, int res)
 		return;
 
 	sp->free(sp);
+	cmd->result = res;
 	cmd->scsi_done(cmd);
 }