linux/drivers/scsi
Tyrel Datwyler 7f5203c13b scsi: ibmvscsi: Fix empty event pool access during host removal
The event pool used for queueing commands is destroyed fairly early in the
ibmvscsi_remove() code path. Since, this happens prior to the call so
scsi_remove_host() it is possible for further calls to queuecommand to be
processed which manifest as a panic due to a NULL pointer dereference as
seen here:

PANIC: "Unable to handle kernel paging request for data at address
0x00000000"

Context process backtrace:

DSISR: 0000000042000000 ????Syscall Result: 0000000000000000
4 [c000000002cb3820] memcpy_power7 at c000000000064204
[Link Register] [c000000002cb3820] ibmvscsi_send_srp_event at d000000003ed14a4
5 [c000000002cb3920] ibmvscsi_send_srp_event at d000000003ed14a4 [ibmvscsi] ?(unreliable)
6 [c000000002cb39c0] ibmvscsi_queuecommand at d000000003ed2388 [ibmvscsi]
7 [c000000002cb3a70] scsi_dispatch_cmd at d00000000395c2d8 [scsi_mod]
8 [c000000002cb3af0] scsi_request_fn at d00000000395ef88 [scsi_mod]
9 [c000000002cb3be0] __blk_run_queue at c000000000429860
10 [c000000002cb3c10] blk_delay_work at c00000000042a0ec
11 [c000000002cb3c40] process_one_work at c0000000000dac30
12 [c000000002cb3cd0] worker_thread at c0000000000db110
13 [c000000002cb3d80] kthread at c0000000000e3378
14 [c000000002cb3e30] ret_from_kernel_thread at c00000000000982c

The kernel buffer log is overfilled with this log:

[11261.952732] ibmvscsi: found no event struct in pool!

This patch reorders the operations during host teardown. Start by calling
the SRP transport and Scsi_Host remove functions to flush any outstanding
work and set the host offline. LLDD teardown follows including destruction
of the event pool, freeing the Command Response Queue (CRQ), and unmapping
any persistent buffers. The event pool destruction is protected by the
scsi_host lock, and the pool is purged prior of any requests for which we
never received a response. Finally, move the removal of the scsi host from
our global list to the end so that the host is easily locatable for
debugging purposes during teardown.

Cc: <stable@vger.kernel.org> # v2.6.12+
Signed-off-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2019-03-20 20:13:17 -04:00
..
aacraid SCSI misc on 20190315 2019-03-16 12:51:50 -07:00
aic7xxx scsi: remove unneeded header search paths 2019-01-29 01:22:21 -05:00
aic94xx scsi: aic94xx: fix calls to dma_set_mask_and_coherent() 2019-02-25 21:37:26 -05:00
arcmsr scsi: arcmsr: Update driver version to v1.40.00.10-20190116 2019-01-22 21:38:21 -05:00
arm scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
be2iscsi genirq/affinity: Add new callback for (re)calculating interrupt sets 2019-02-18 11:21:28 +01:00
bfa SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
bnx2fc SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
bnx2i SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
csiostor SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
cxgbi SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
cxlflash SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
device_handler scsi: return blk_status_t from device handler ->prep_fn 2018-11-09 19:17:14 -07:00
dpt
esas2r scsi: ata: Use unsigned int for cmd's type in ioctls in scsi_host_template 2019-02-08 17:33:00 -05:00
fcoe scsi: fcoe: make use of fip_mode enum complete 2019-02-19 18:58:38 -05:00
fnic scsi: fnic: Remove set but not used variable 'vdev' 2019-01-29 01:16:09 -05:00
hisi_sas scsi: hisi_sas: Add softreset in hisi_sas_I_T_nexus_reset() 2019-03-20 14:24:04 -04:00
ibmvscsi scsi: ibmvscsi: Fix empty event pool access during host removal 2019-03-20 20:13:17 -04:00
ibmvscsi_tgt scsi: target/core: Remove the write_pending_status() callback function 2019-02-04 21:23:59 -05:00
isci scsi: isci: initialize shost fully before calling scsi_add_host() 2019-01-08 22:27:24 -05:00
libfc Revert "scsi: libfc: Add WARN_ON() when deleting rports" 2019-02-04 22:17:33 -05:00
libsas SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
lpfc SCSI misc on 20190315 2019-03-16 12:51:50 -07:00
megaraid SCSI misc on 20190315 2019-03-16 12:51:50 -07:00
mpt3sas scsi: mpt3sas: Add missing breaks in switch statements 2019-02-27 09:36:54 -05:00
mvsas scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
pcmcia scsi: pcmcia: nsp_cs: Remove unnecessary parentheses 2019-01-29 01:28:49 -05:00
pm8001 SCSI fixes on 20190118 2019-01-20 09:15:04 +12:00
qedf SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
qedi SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
qla2xxx scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID 2019-03-19 14:32:53 -04:00
qla4xxx SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
smartpqi SCSI misc on 20190315 2019-03-16 12:51:50 -07:00
snic scsi: snic: no need to check return value of debugfs_create functions 2019-01-29 00:40:54 -05:00
sym53c8xx_2 scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
ufs SCSI misc on 20190315 2019-03-16 12:51:50 -07:00
.gitignore
3w-9xxx.c scsi: 3w-9xxx: fix calls to dma_set_mask_and_coherent() 2019-02-25 21:37:25 -05:00
3w-9xxx.h
3w-sas.c SCSI fixes on 20190302 2019-03-02 11:39:54 -08:00
3w-sas.h
3w-xxxx.c scsi: 3w-xxxx: fix indentation issue, add missing tab 2018-12-19 21:54:07 -05:00
3w-xxxx.h scsi: 3w-xxx: fully convert to the generic DMA API 2018-10-17 21:58:51 -04:00
53c700.c scsi: 53c700: pass correct "dev" to dma_alloc_attrs() 2019-01-29 01:33:00 -05:00
53c700.h scsi: 53c700: Fix spelling of 'NEGOTIATION' 2018-08-30 07:27:22 -04:00
53c700.scr
53c700_d.h_shipped
BusLogic.c scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
BusLogic.h
FlashPoint.c scsi: FlashPoint: Remove unnecessary parentheses 2018-09-25 20:45:53 -04:00
Kconfig SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
Makefile scsi: remove the SCSI OSD library 2019-02-05 21:28:52 -05:00
NCR5380.c scsi: NCR5380: Return false instead of NULL 2018-11-05 22:47:38 -05:00
NCR5380.h scsi: NCR5380: Have NCR5380_select() return a bool 2018-09-28 02:17:51 -04:00
a100u2w.c cross-tree: phase out dma_zalloc_coherent() 2019-01-08 07:58:37 -05:00
a100u2w.h
a2091.c scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
a2091.h
a3000.c scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
a3000.h
a4000t.c
advansys.c scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
aha152x.c scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
aha152x.h
aha1542.c scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
aha1542.h
aha1740.c scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
aha1740.h scsi: core: remove Scsi_Cmnd typedef 2018-06-19 22:02:25 -04:00
am53c974.c scsi: esp_scsi: move dma mapping into the core code 2018-10-15 23:00:38 -04:00
atari_scsi.c nvram: Replace nvram_* function exports with static functions 2019-01-22 10:21:43 +01:00
atp870u.c scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
atp870u.h
bvme6000_scsi.c
ch.c scsi: core: check for equality of result byte values 2018-06-26 12:27:06 -04:00
constants.c
dc395x.c scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
dc395x.h
dmx3191d.c scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
dpt_i2o.c scsi: dpt_i2o: remove serial number usage 2019-02-27 09:19:23 -05:00
dpti.h scsi: dpt_i2o: stop using scsi_unregister 2018-03-15 00:25:37 -04:00
esp_scsi.c scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
esp_scsi.h scsi: esp_scsi: De-duplicate PIO routines 2018-10-17 21:38:20 -04:00
g_NCR5380.c scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
gdth.c scsi: gdth: use generic DMA API 2019-01-08 21:58:35 -05:00
gdth.h scsi: gdth: remove ISA and EISA support 2019-01-08 21:58:35 -05:00
gdth_ioctl.h scsi: gdth: remove dead code under #ifdef GDTH_IOCTL_PROC 2019-01-08 21:58:35 -05:00
gdth_proc.c scsi: gdth: use generic DMA API 2019-01-08 21:58:35 -05:00
gdth_proc.h scsi: gdth: remove gdth_{alloc,free}_ioctl 2019-01-08 21:57:42 -05:00
gvp11.c scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
gvp11.h
hosts.c SCSI misc on 20181224 2018-12-28 14:48:06 -08:00
hpsa.c scsi: ata: Use unsigned int for cmd's type in ioctls in scsi_host_template 2019-02-08 17:33:00 -05:00
hpsa.h scsi: hpsa: correct enclosure sas address 2018-07-10 22:25:03 -04:00
hpsa_cmd.h
hptiop.c scsi: hptiop: fix calls to dma_set_mask() 2019-02-25 21:44:40 -05:00
hptiop.h
imm.c scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
imm.h
initio.c scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
initio.h
ipr.c scsi: ata: Use unsigned int for cmd's type in ioctls in scsi_host_template 2019-02-08 17:33:00 -05:00
ipr.h scsi: ipr: System hung while dlpar adding primary ipr adapter back 2018-09-21 12:35:39 -04:00
ips.c scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
ips.h scsi: ips: properly handle 64-bit DMA 2018-11-06 21:31:28 -05:00
iscsi_boot_sysfs.c
iscsi_tcp.c scsi: remove bidirectional command support 2019-02-05 21:29:21 -05:00
iscsi_tcp.h
jazz_esp.c scsi: esp_scsi: move dma mapping into the core code 2018-10-15 23:00:38 -04:00
lasi700.c
libiscsi.c SCSI misc on 20190315 2019-03-16 12:51:50 -07:00
libiscsi_tcp.c scsi: libiscsi: fall back to sendmsg for slab pages 2019-03-06 19:26:45 -05:00
mac53c94.c scsi: mac53c94: remove DISABLE_CLUSTERING 2018-12-18 23:13:12 -05:00
mac53c94.h
mac_esp.c scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
mac_scsi.c scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
megaraid.c scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
megaraid.h scsi: core: remove Scsi_Cmnd typedef 2018-06-19 22:02:25 -04:00
mesh.c cross-tree: phase out dma_zalloc_coherent() 2019-01-08 07:58:37 -05:00
mesh.h
mvme16x_scsi.c
mvme147.c scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
mvme147.h
mvumi.c SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
mvumi.h
myrb.c SCSI misc on 20181224 2018-12-28 14:48:06 -08:00
myrb.h scsi: myrb: Add Mylex RAID controller (block interface) 2018-10-17 21:06:49 -04:00
myrs.c scsi: myrs: remove the dma_boundary_limit 2018-12-19 21:43:30 -05:00
myrs.h scsi: myrs: Add Mylex RAID controller (SCSI interface) 2018-10-17 21:07:54 -04:00
ncr53c8xx.c scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
ncr53c8xx.h
nsp32.c scsi: nsp32: Remove unnecessary self assignment in nsp32_set_sync_entry 2019-01-29 01:26:57 -05:00
nsp32.h
nsp32_debug.c scsi: core: remove Scsi_Cmnd typedef 2018-06-19 22:02:25 -04:00
nsp32_io.h
osst.c scsi: st: osst: Remove negative constant left-shifts 2019-02-27 09:10:16 -05:00
osst.h
osst_detect.h
osst_options.h
pmcraid.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
pmcraid.h scsi: pmcraid: Use sgl_alloc_order() and sgl_free_order() 2018-02-13 21:49:15 -05:00
ppa.c scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
ppa.h
ps3rom.c scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
qla1280.c scsi: qla1280: set 64bit coherent mask 2019-01-11 22:30:51 -05:00
qla1280.h
qlogicfas.c scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
qlogicfas408.c
qlogicfas408.h
qlogicpti.c scsi: qlogicpti: Use of_node_name_eq for node name comparisons 2019-02-13 22:07:03 -05:00
qlogicpti.h scsi: qlogicpti: Use of_node_name_eq for node name comparisons 2019-02-13 22:07:03 -05:00
raid_class.c scsi: raid_attrs: fix unused variable warning 2018-08-30 07:21:04 -04:00
script_asm.pl
scsi.c scsi: kill command serial number 2019-02-27 09:19:24 -05:00
scsi.h scsi: core: remove Scsi_Cmnd typedef 2018-06-19 22:02:25 -04:00
scsi_common.c
scsi_debug.c SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
scsi_debugfs.c scsi: devinfo: use const_ilog2 for array indices 2018-04-20 19:14:28 -04:00
scsi_debugfs.h
scsi_devinfo.c scsi: devinfo: BLIST_RETRY_ASC_C1 for Fujitsu ETERNUS 2018-04-20 19:14:36 -04:00
scsi_dh.c scsi: scsi_dh: replace too broad "TP9" string with the exact models 2018-04-18 19:34:08 -04:00
scsi_error.c scsi: remove bidirectional command support 2019-02-05 21:29:21 -05:00
scsi_ioctl.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
scsi_lib.c scsi: core: Avoid that a kernel warning appears during system resume 2019-03-19 14:26:36 -04:00
scsi_lib_dma.c
scsi_logging.c
scsi_logging.h
scsi_netlink.c
scsi_pm.c scsi: core: Synchronize request queue PM status only on successful resume 2019-01-08 21:57:26 -05:00
scsi_priv.h scsi: kill off the legacy IO path 2018-11-07 13:42:32 -07:00
scsi_proc.c
scsi_sas_internal.h
scsi_scan.c scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c 2019-02-27 09:39:28 -05:00
scsi_sysctl.c
scsi_sysfs.c scsi: kill off the legacy IO path 2018-11-07 13:42:32 -07:00
scsi_trace.c
scsi_transport_api.h
scsi_transport_fc.c bsg: convert to use blk-mq 2018-11-07 13:42:32 -07:00
scsi_transport_iscsi.c scsi: iscsi: flush running unbind operations when removing a session 2019-03-18 16:55:48 -04:00
scsi_transport_sas.c scsi: bsg-lib: handle bidi requests without block layer help 2019-02-05 21:27:40 -05:00
scsi_transport_spi.c scsi: core: check for equality of result byte values 2018-06-26 12:27:06 -04:00
scsi_transport_srp.c for-4.18/block-20180603 2018-06-04 07:58:06 -07:00
scsicam.c
sd.c SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
sd.h scsi: sd: Fix typo in sd_first_printk() 2019-02-12 22:33:00 -05:00
sd_dif.c block: move dif_prepare/dif_complete functions to block layer 2018-07-30 08:27:02 -06:00
sd_zbc.c scsi: sd_zbc: Fix sd_zbc_report_zones() buffer allocation 2019-02-15 22:09:54 -05:00
sense_codes.h
ses.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
sg.c Remove 'type' argument from access_ok() function 2019-01-03 18:57:57 -08:00
sgiwd93.c scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
sim710.c
sni_53c710.c
sr.c scsi: stop setting up request->special 2019-02-05 21:29:49 -05:00
sr.h
sr_ioctl.c block: Switch struct packet_command to use struct scsi_sense_hdr 2018-08-02 15:22:13 -06:00
sr_vendor.c
st.c scsi: st: osst: Remove negative constant left-shifts 2019-02-27 09:10:16 -05:00
st.h
st_options.h
stex.c scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
storvsc_drv.c SCSI misc on 20181224 2018-12-28 14:48:06 -08:00
sun3_scsi.c scsi: remove the use_clustering flag 2018-12-18 23:19:21 -05:00
sun3_scsi_vme.c
sun3x_esp.c scsi: esp_scsi: move dma mapping into the core code 2018-10-15 23:00:38 -04:00
sun_esp.c scsi: sun_esp: Use of_node_name_eq for node name comparisons 2018-12-07 21:56:06 -05:00
virtio_scsi.c scsi: virtio_scsi: don't send sc payload with tmfs 2019-03-06 12:35:02 -05:00
vmw_pvscsi.c SCSI misc on 20181224 2018-12-28 14:48:06 -08:00
vmw_pvscsi.h
wd33c93.c
wd33c93.h
wd719x.c scsi: flip the default on use_clustering 2018-12-18 23:13:12 -05:00
wd719x.h scsi: wd719x: use per-command private data 2018-11-15 14:27:08 -05:00
xen-scsifront.c scsi: xen-scsifront: remove DISABLE_CLUSTERING 2018-12-18 23:13:12 -05:00
zalon.c
zorro7xx.c
zorro_esp.c scsi: esp_scsi: De-duplicate PIO routines 2018-10-17 21:38:20 -04:00