Re: [PATCH] scsi: qla2xxx: Check if target mode enabled in case of task management commands

From: Dmitry Bogdanov

Date: Thu Mar 26 2026 - 08:29:19 EST

On Thu, Mar 26, 2026 at 12:42:49PM +0300, Daniil Dulov wrote:
>
> TYPE_TGT_TMCMD are not being skipped now, but tgt_ops are dereferenced
> in qlt_free_ul_cmd() without checking if target mode is enabled. However,
> it is possible that commands requiring target mode to be enabled are

Is is really possible? TYPE_TGT_TMCMD is allocated using tgt_ops
pointer. So at creation time tgt_ops was a valid.

> received while target mode is disabled as it is seen in TYPE_TGT_CMD case.

That condition in TYPE_TGT_CMD is also some legacy leftover.

Race condition when tgt_ops might be get nulled during HBA reset was fixed in
https://lore.kernel.org/all/20210415203554.27890-1-d.bogdanov@xxxxxxxxx/

> To fix the issue check if target mode is enabled in TYPE_TGT_TMCMD
> case as well.
>
> Fixes: d46c69a087aa ("scsi: qla2xxx: Clear cmds after chip reset")
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Daniil Dulov <d.dulov@xxxxxxxxxx>
> ---
> drivers/scsi/qla2xxx/qla_os.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
> index 72b1c28e4dae..e81ef3629aaa 100644
> --- a/drivers/scsi/qla2xxx/qla_os.c
> +++ b/drivers/scsi/qla2xxx/qla_os.c
> @@ -1890,6 +1890,13 @@ __qla2x00_abort_all_cmds(struct qla_qpair *qp, int res)
> }
> break;
> case TYPE_TGT_TMCMD:
> + if (!vha->hw->tgt.tgt_ops || !tgt ||
> + qla_ini_mode_enabled(vha)) {
> + ql_dbg(ql_dbg_tgt_mgt, vha, 0xf004,
> + "HOST-ABORT-HNDLR: dpc_flags=%lx. Target mode disabled\n",
> + vha->dpc_flags);
> + continue;
> + }
> /*
> * Currently, only ABTS response gets on the
> * outstanding_cmds[]
> --
> 2.34.1
>