[PATCH AUTOSEL 6.3 52/67] scsi: Revert "scsi: core: Do not increase scsi_device's iorequest_cnt if dispatch failed"
From: Sasha Levin
Date: Thu May 25 2023 - 14:56:05 EST
From: Wenchao Hao <haowenchao2@xxxxxxxxxx>
[ Upstream commit 6ca9818d1624e136a76ae8faedb6b6c95ca66903 ]
The "atomic_inc(&cmd->device->iorequest_cnt)" in scsi_queue_rq() would
cause kernel panic because cmd->device may be freed after returning from
scsi_dispatch_cmd().
This reverts commit cfee29ffb45b1c9798011b19d454637d1b0fe87d.
Signed-off-by: Wenchao Hao <haowenchao2@xxxxxxxxxx>
Reported-by: Ming Lei <ming.lei@xxxxxxxxxx>
Closes: https://lore.kernel.org/r/ZF+zB+bB7iqe0wGd@xxxxxxxxxxxxxxxxxxxxxxxxx
Link: https://lore.kernel.org/r/20230515070156.1790181-2-haowenchao2@xxxxxxxxxx
Reviewed-by: Ming Lei <ming.lei@xxxxxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/scsi/scsi_lib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
index b7c569a42aa47..03964b26f3f27 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
@@ -1463,6 +1463,8 @@ static int scsi_dispatch_cmd(struct scsi_cmnd *cmd)
struct Scsi_Host *host = cmd->device->host;
int rtn = 0;
+ atomic_inc(&cmd->device->iorequest_cnt);
+
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
/* in SDEV_DEL we error all commands. DID_NO_CONNECT
@@ -1761,7 +1763,6 @@ static blk_status_t scsi_queue_rq(struct blk_mq_hw_ctx *hctx,
goto out_dec_host_busy;
}
- atomic_inc(&cmd->device->iorequest_cnt);
return BLK_STS_OK;
out_dec_host_busy:
--
2.39.2