On 12/07/2011 12:41 AM, Eddie Wai wrote:
> During session recovery, the conn_stop call will trigger a flush
> to all outstanding SCSI cmds in the xmit queue.  This will set
> all outstanding task->sc to NULL prior to the session_teardown
> call which frees the task memory.
> 
> In the bnx2i SCSI response processing path, only the task was being checked
> for NULL under the session lock before the task->sc->request dereferencing.
> If there are outstanding SCSI cmd responses pending for process, the
> following kernel panic can be exposed where task->sc was found to be NULL.
> 
>  Call Trace:
> [   69.720205]  [<ffffffffa040d0d0>] bnx2i_process_new_cqes+0x290/0x3c0 
> [bnx2i]
> [   69.804289]  [<ffffffffa040d233>] bnx2i_fastpath_notification+0x33/0xa0 
> [bnx2
> i]
> [   69.891490]  [<ffffffffa040d37b>] bnx2i_indicate_kcqe+0xdb/0x330 [bnx2i]
> [   69.971427]  [<ffffffffa03eac5e>] service_kcqes+0x16e/0x1d0 [cnic]
> [   70.045132]  [<ffffffffa03eacea>] cnic_service_bnx2x_kcq+0x2a/0x50 [cnic]
> [   70.126105]  [<ffffffffa03ead53>] cnic_service_bnx2x_bh+0x43/0x140 [cnic]
> [   70.207081]  [<ffffffff81060676>] tasklet_action+0x66/0x110
> [   70.273521]  [<ffffffff8106025f>] __do_softirq+0xef/0x220
> [   70.337887]  [<ffffffff81447ebc>] call_softirq+0x1c/0x30
> 
> This patch adds the !task->sc check and also protects the sc dereferencing
> under the session lock.
> 
> Signed-off-by: Eddie Wai <eddie....@broadcom.com>
> ---


Reviewed-by: Mike Christie <micha...@cs.wisc.edu>

-- 
You received this message because you are subscribed to the Google Groups 
"open-iscsi" group.
To post to this group, send email to open-iscsi@googlegroups.com.
To unsubscribe from this group, send email to 
open-iscsi+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/open-iscsi?hl=en.

Reply via email to