From 0fb58d4808ab0d2702d9702c9bc6a22acb5fe27f Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 22 May 2023 19:53:17 +0100
Subject: [PATCH] 6.3-stable patches

added patches:
	scsi-revert-scsi-core-do-not-increase-scsi_device-s-iorequest_cnt-if-dispatch-failed.patch
---
 ...e-s-iorequest_cnt-if-dispatch-failed.patch | 45 +++++++++++++++++++
 queue-6.3/series                              |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 queue-6.3/scsi-revert-scsi-core-do-not-increase-scsi_device-s-iorequest_cnt-if-dispatch-failed.patch

diff --git a/queue-6.3/scsi-revert-scsi-core-do-not-increase-scsi_device-s-iorequest_cnt-if-dispatch-failed.patch b/queue-6.3/scsi-revert-scsi-core-do-not-increase-scsi_device-s-iorequest_cnt-if-dispatch-failed.patch
new file mode 100644
index 00000000000..1133b3aed65
--- /dev/null
+++ b/queue-6.3/scsi-revert-scsi-core-do-not-increase-scsi_device-s-iorequest_cnt-if-dispatch-failed.patch
@@ -0,0 +1,45 @@
+From 6ca9818d1624e136a76ae8faedb6b6c95ca66903 Mon Sep 17 00:00:00 2001
+From: Wenchao Hao <haowenchao2@huawei.com>
+Date: Mon, 15 May 2023 15:01:55 +0800
+Subject: scsi: Revert "scsi: core: Do not increase scsi_device's iorequest_cnt if dispatch failed"
+
+From: Wenchao Hao <haowenchao2@huawei.com>
+
+commit 6ca9818d1624e136a76ae8faedb6b6c95ca66903 upstream.
+
+The "atomic_inc(&cmd->device->iorequest_cnt)" in scsi_queue_rq() would
+cause kernel panic because cmd->device may be freed after returning from
+scsi_dispatch_cmd().
+
+This reverts commit cfee29ffb45b1c9798011b19d454637d1b0fe87d.
+
+Signed-off-by: Wenchao Hao <haowenchao2@huawei.com>
+Reported-by: Ming Lei <ming.lei@redhat.com>
+Closes: https://lore.kernel.org/r/ZF+zB+bB7iqe0wGd@ovpn-8-17.pek2.redhat.com
+Link: https://lore.kernel.org/r/20230515070156.1790181-2-haowenchao2@huawei.com
+Reviewed-by: Ming Lei <ming.lei@redhat.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/scsi/scsi_lib.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/scsi/scsi_lib.c
++++ b/drivers/scsi/scsi_lib.c
+@@ -1463,6 +1463,8 @@ static int scsi_dispatch_cmd(struct scsi
+ 	struct Scsi_Host *host = cmd->device->host;
+ 	int rtn = 0;
+ 
++	atomic_inc(&cmd->device->iorequest_cnt);
++
+ 	/* check if the device is still usable */
+ 	if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
+ 		/* in SDEV_DEL we error all commands. DID_NO_CONNECT
+@@ -1761,7 +1763,6 @@ static blk_status_t scsi_queue_rq(struct
+ 		goto out_dec_host_busy;
+ 	}
+ 
+-	atomic_inc(&cmd->device->iorequest_cnt);
+ 	return BLK_STS_OK;
+ 
+ out_dec_host_busy:
diff --git a/queue-6.3/series b/queue-6.3/series
index 78e1dc2e20d..a39e43e6a6a 100644
--- a/queue-6.3/series
+++ b/queue-6.3/series
@@ -361,3 +361,4 @@ arm-9294-2-vfp-fix-broken-softirq-handling-with-inst.patch
 arm-9297-1-vfp-avoid-unbalanced-stack-on-success-ret.patch
 drm-amd-amdgpu-introduce-gc_-_mes_2.bin-v2.patch
 drm-amdgpu-reserve-the-old-gc_11_0_-_mes.bin.patch
+scsi-revert-scsi-core-do-not-increase-scsi_device-s-iorequest_cnt-if-dispatch-failed.patch
-- 
2.47.3