Sending any data over a queue pair associated with a closed
connection is wrong. The HCA will send the data anyway and such
data may be sent to another system to a queue pair that is in use.
The data will get processed and a response will be sent back. That
can result in ib_srp complaining about "Null scmnd for RSP ..."
followed by a kernel oops.
Signed-off-by: Bart Van Assche <bvanass...@acm.org>
Cc: David Dillow <dillo...@ornl.gov>
Cc: Roland Dreier <rol...@purestorage.com>
---
drivers/infiniband/ulp/srp/ib_srp.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/ulp/srp/ib_srp.c
b/drivers/infiniband/ulp/srp/ib_srp.c
index c88dde3..2c265ae 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -1296,7 +1296,8 @@ static int srp_queuecommand(struct Scsi_Host *shost,
struct scsi_cmnd *scmnd)
int len;
if (target->state == SRP_TARGET_DEAD ||
- target->state == SRP_TARGET_REMOVED) {
+ target->state == SRP_TARGET_REMOVED ||
+ !target->connected) {
scmnd->result = DID_BAD_TARGET << 16;
scmnd->scsi_done(scmnd);
return 0;
@@ -1647,7 +1648,8 @@ static int srp_send_tsk_mgmt(struct srp_target_port
*target,
struct srp_tsk_mgmt *tsk_mgmt;
if (target->state == SRP_TARGET_DEAD ||
- target->state == SRP_TARGET_REMOVED)
+ target->state == SRP_TARGET_REMOVED ||
+ !target->connected)
return -1;
init_completion(&target->tsk_mgmt_done);
--
1.7.7
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
