diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-04-25 16:07:24 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-04-25 16:07:24 -0400 |
| commit | 6dda80ffa4403123f30fa4c77ad948e7907f9bfb (patch) | |
| tree | 70efeb8da18fb3cfc9047358951959868d1086ae | |
| parent | 3fe89d2e768792a924d3c1e9310ba0b4448cb78e (diff) | |
| parent | c69e6f812bab0d5442b40e2f1bfbca48d40bc50b (diff) | |
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"This is a set of seven fixes, three (hpsa) and free'd command
references correcting bugs in the last round of updates and the
remaining four correcting problems within the SCSI error handler that
was causing a deadlock within USB"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
[SCSI] More USB deadlock fixes
[SCSI] Fix USB deadlock caused by SCSI error handling
[SCSI] Fix command result state propagation
[SCSI] Fix spurious request sense in error handling
[SCSI] don't reference freed command in scsi_prep_return
[SCSI] don't reference freed command in scsi_init_sgtable
[SCSI] hpsa: fix NULL dereference in hpsa_put_ctlr_into_performant_mode()
| -rw-r--r-- | drivers/scsi/hpsa.c | 8 | ||||
| -rw-r--r-- | drivers/scsi/scsi_error.c | 12 | ||||
| -rw-r--r-- | drivers/scsi/scsi_lib.c | 6 |
3 files changed, 20 insertions, 6 deletions
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index 8cf4a0c69baf..9a6e4a2cd072 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c | |||
| @@ -7463,6 +7463,10 @@ static void hpsa_put_ctlr_into_performant_mode(struct ctlr_info *h) | |||
| 7463 | if (hpsa_simple_mode) | 7463 | if (hpsa_simple_mode) |
| 7464 | return; | 7464 | return; |
| 7465 | 7465 | ||
| 7466 | trans_support = readl(&(h->cfgtable->TransportSupport)); | ||
| 7467 | if (!(trans_support & PERFORMANT_MODE)) | ||
| 7468 | return; | ||
| 7469 | |||
| 7466 | /* Check for I/O accelerator mode support */ | 7470 | /* Check for I/O accelerator mode support */ |
| 7467 | if (trans_support & CFGTBL_Trans_io_accel1) { | 7471 | if (trans_support & CFGTBL_Trans_io_accel1) { |
| 7468 | transMethod |= CFGTBL_Trans_io_accel1 | | 7472 | transMethod |= CFGTBL_Trans_io_accel1 | |
| @@ -7479,10 +7483,6 @@ static void hpsa_put_ctlr_into_performant_mode(struct ctlr_info *h) | |||
| 7479 | } | 7483 | } |
| 7480 | 7484 | ||
| 7481 | /* TODO, check that this next line h->nreply_queues is correct */ | 7485 | /* TODO, check that this next line h->nreply_queues is correct */ |
| 7482 | trans_support = readl(&(h->cfgtable->TransportSupport)); | ||
| 7483 | if (!(trans_support & PERFORMANT_MODE)) | ||
| 7484 | return; | ||
| 7485 | |||
| 7486 | h->nreply_queues = h->msix_vector > 0 ? h->msix_vector : 1; | 7486 | h->nreply_queues = h->msix_vector > 0 ? h->msix_vector : 1; |
| 7487 | hpsa_get_max_perf_mode_cmds(h); | 7487 | hpsa_get_max_perf_mode_cmds(h); |
| 7488 | /* Performant mode ring buffer and supporting data structures */ | 7488 | /* Performant mode ring buffer and supporting data structures */ |
diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c index 771c16bfdbac..f17aa7aa7879 100644 --- a/drivers/scsi/scsi_error.c +++ b/drivers/scsi/scsi_error.c | |||
| @@ -189,6 +189,7 @@ scsi_abort_command(struct scsi_cmnd *scmd) | |||
| 189 | /* | 189 | /* |
| 190 | * Retry after abort failed, escalate to next level. | 190 | * Retry after abort failed, escalate to next level. |
| 191 | */ | 191 | */ |
| 192 | scmd->eh_eflags &= ~SCSI_EH_ABORT_SCHEDULED; | ||
| 192 | SCSI_LOG_ERROR_RECOVERY(3, | 193 | SCSI_LOG_ERROR_RECOVERY(3, |
| 193 | scmd_printk(KERN_INFO, scmd, | 194 | scmd_printk(KERN_INFO, scmd, |
| 194 | "scmd %p previous abort failed\n", scmd)); | 195 | "scmd %p previous abort failed\n", scmd)); |
| @@ -920,10 +921,12 @@ void scsi_eh_prep_cmnd(struct scsi_cmnd *scmd, struct scsi_eh_save *ses, | |||
| 920 | ses->prot_op = scmd->prot_op; | 921 | ses->prot_op = scmd->prot_op; |
| 921 | 922 | ||
| 922 | scmd->prot_op = SCSI_PROT_NORMAL; | 923 | scmd->prot_op = SCSI_PROT_NORMAL; |
| 924 | scmd->eh_eflags = 0; | ||
| 923 | scmd->cmnd = ses->eh_cmnd; | 925 | scmd->cmnd = ses->eh_cmnd; |
| 924 | memset(scmd->cmnd, 0, BLK_MAX_CDB); | 926 | memset(scmd->cmnd, 0, BLK_MAX_CDB); |
| 925 | memset(&scmd->sdb, 0, sizeof(scmd->sdb)); | 927 | memset(&scmd->sdb, 0, sizeof(scmd->sdb)); |
| 926 | scmd->request->next_rq = NULL; | 928 | scmd->request->next_rq = NULL; |
| 929 | scmd->result = 0; | ||
| 927 | 930 | ||
| 928 | if (sense_bytes) { | 931 | if (sense_bytes) { |
| 929 | scmd->sdb.length = min_t(unsigned, SCSI_SENSE_BUFFERSIZE, | 932 | scmd->sdb.length = min_t(unsigned, SCSI_SENSE_BUFFERSIZE, |
| @@ -1157,6 +1160,15 @@ int scsi_eh_get_sense(struct list_head *work_q, | |||
| 1157 | __func__)); | 1160 | __func__)); |
| 1158 | break; | 1161 | break; |
| 1159 | } | 1162 | } |
| 1163 | if (status_byte(scmd->result) != CHECK_CONDITION) | ||
| 1164 | /* | ||
| 1165 | * don't request sense if there's no check condition | ||
| 1166 | * status because the error we're processing isn't one | ||
| 1167 | * that has a sense code (and some devices get | ||
| 1168 | * confused by sense requests out of the blue) | ||
| 1169 | */ | ||
| 1170 | continue; | ||
| 1171 | |||
| 1160 | SCSI_LOG_ERROR_RECOVERY(2, scmd_printk(KERN_INFO, scmd, | 1172 | SCSI_LOG_ERROR_RECOVERY(2, scmd_printk(KERN_INFO, scmd, |
| 1161 | "%s: requesting sense\n", | 1173 | "%s: requesting sense\n", |
| 1162 | current->comm)); | 1174 | current->comm)); |
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 65a123d9c676..9db097a28a74 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c | |||
| @@ -137,6 +137,7 @@ static void __scsi_queue_insert(struct scsi_cmnd *cmd, int reason, int unbusy) | |||
| 137 | * lock such that the kblockd_schedule_work() call happens | 137 | * lock such that the kblockd_schedule_work() call happens |
| 138 | * before blk_cleanup_queue() finishes. | 138 | * before blk_cleanup_queue() finishes. |
| 139 | */ | 139 | */ |
| 140 | cmd->result = 0; | ||
| 140 | spin_lock_irqsave(q->queue_lock, flags); | 141 | spin_lock_irqsave(q->queue_lock, flags); |
| 141 | blk_requeue_request(q, cmd->request); | 142 | blk_requeue_request(q, cmd->request); |
| 142 | kblockd_schedule_work(q, &device->requeue_work); | 143 | kblockd_schedule_work(q, &device->requeue_work); |
| @@ -1044,6 +1045,7 @@ static int scsi_init_sgtable(struct request *req, struct scsi_data_buffer *sdb, | |||
| 1044 | */ | 1045 | */ |
| 1045 | int scsi_init_io(struct scsi_cmnd *cmd, gfp_t gfp_mask) | 1046 | int scsi_init_io(struct scsi_cmnd *cmd, gfp_t gfp_mask) |
| 1046 | { | 1047 | { |
| 1048 | struct scsi_device *sdev = cmd->device; | ||
| 1047 | struct request *rq = cmd->request; | 1049 | struct request *rq = cmd->request; |
| 1048 | 1050 | ||
| 1049 | int error = scsi_init_sgtable(rq, &cmd->sdb, gfp_mask); | 1051 | int error = scsi_init_sgtable(rq, &cmd->sdb, gfp_mask); |
| @@ -1091,7 +1093,7 @@ err_exit: | |||
| 1091 | scsi_release_buffers(cmd); | 1093 | scsi_release_buffers(cmd); |
| 1092 | cmd->request->special = NULL; | 1094 | cmd->request->special = NULL; |
| 1093 | scsi_put_command(cmd); | 1095 | scsi_put_command(cmd); |
| 1094 | put_device(&cmd->device->sdev_gendev); | 1096 | put_device(&sdev->sdev_gendev); |
| 1095 | return error; | 1097 | return error; |
| 1096 | } | 1098 | } |
| 1097 | EXPORT_SYMBOL(scsi_init_io); | 1099 | EXPORT_SYMBOL(scsi_init_io); |
| @@ -1273,7 +1275,7 @@ int scsi_prep_return(struct request_queue *q, struct request *req, int ret) | |||
| 1273 | struct scsi_cmnd *cmd = req->special; | 1275 | struct scsi_cmnd *cmd = req->special; |
| 1274 | scsi_release_buffers(cmd); | 1276 | scsi_release_buffers(cmd); |
| 1275 | scsi_put_command(cmd); | 1277 | scsi_put_command(cmd); |
| 1276 | put_device(&cmd->device->sdev_gendev); | 1278 | put_device(&sdev->sdev_gendev); |
| 1277 | req->special = NULL; | 1279 | req->special = NULL; |
| 1278 | } | 1280 | } |
| 1279 | break; | 1281 | break; |