• Joe Eykholt's avatar
    [SCSI] libfc: fix free of fc_rport_priv with timer pending · b4a9c7ed
    Joe Eykholt authored
    Timer crashes were caused by freeing a struct fc_rport_priv
    with a timer pending, causing the timer facility list to be
    corrupted.  This was during FC uplink flap tests with a lot
    of targets.
    After discovery, we were doing an PLOGI on an rdata that was
    in DELETE state but not yet removed from the lookup list.
    This moved the rdata from DELETE state to PLOGI state.
    If the PLOGI exchange allocation failed and needed to be
    retried, the timer scheduling could race with the free
    being done by fc_rport_work().
    When fc_rport_login() is called on a rport in DELETE state,
    move it to a new state RESTART.  In fc_rport_work, when
    handling a LOGO, STOPPED or FAILED event, look for restart
    state.  In the RESTART case, don't take the rdata off the
    list and after the transport remote port is deleted and
    exchanges are reset, re-login to the remote port.
    Note that the new RESTART state also corrects a problem we
    had when re-discovering a port that had moved to DELETE state.
    In that case, a new rdata was created, but the old rdata
    would do an exchange manager reset affecting the FC_ID
    for both the new rdata and old rdata.  With the new state,
    the new port isn't logged into until after any old exchanges
    are reset.
    Signed-off-by: default avatarJoe Eykholt <jeykholt@cisco.com>
    Signed-off-by: default avatarRobert Love <robert.w.love@intel.com>
    Signed-off-by: default avatarJames Bottomley <James.Bottomley@suse.de>
libfc.h 28.2 KB