[SCSI] sym53c8xx_2: slave_alloc/destroy safety (2.6.27.5)

Make the sym53c8xx_2 driver slave_alloc/destroy less unsafe. References to the destroyed LCB are cleared from the target structure (instead of leaving a dangling pointer), and when the last LCB for the target is destroyed the reference to the upper layer target data is cleared. The host lock is used to prevent a race with the interrupt handler. Also user commands are prevented for targets with all LCBs destroyed. Signed-off-by: Aaro Koskinen <Aaro.Koskinen@nokia.com> Tested-by: Tony Battersby <tonyb@cybernetics.com> Signed-off-by: Mike Christie <michaelc@cs.wisc.edu> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
author: Aaro Koskinen <Aaro.Koskinen@nokia.com> 2009-04-14 16:47:00 -0400
committer: James Bottomley <James.Bottomley@HansenPartnership.com> 2009-05-20 18:21:14 -0400
commit: fa8584566cc9cdaf067dbc12132792887a521da9 (patch)
tree: e103d0c9b1885ad8c017ea5f20b7881f06e85239 /drivers/scsi/sym53c8xx_2/sym_glue.c
parent: 410604d25faddb1b4f0f9667b7452c06cc06cea1 (diff)
1 files changed, 52 insertions, 14 deletions
diff --git a/drivers/scsi/sym53c8xx_2/sym_glue.c b/drivers/scsi/sym53c8xx_2/sym_glue.c
index 583966ec8266..45374d66d26a 100644
--- a/drivers/scsi/sym53c8xx_2/sym_glue.c
+++ b/drivers/scsi/sym53c8xx_2/sym_glue.c
@@ -737,11 +737,14 @@ static int sym53c8xx_slave_alloc(struct scsi_device *sdev)
        struct sym_hcb *np = sym_get_hcb(sdev->host);
        struct sym_tcb *tp = &np->target[sdev->id];
        struct sym_lcb *lp;
+        unsigned long flags;
+        int error;
        if (sdev->id >= SYM_CONF_MAX_TARGET || sdev->lun >= SYM_CONF_MAX_LUN)
                return -ENXIO;
-        tp->starget = sdev->sdev_target;
+        spin_lock_irqsave(np->s.host->host_lock, flags);
        /*
         * Fail the device init if the device is flagged NOSCAN at BOOT in
         * the NVRAM.  This may speed up boot and maintain coherency with
@@ -753,26 +756,37 @@ static int sym53c8xx_slave_alloc(struct scsi_device *sdev)
        if (tp->usrflags & SYM_SCAN_BOOT_DISABLED) {
                tp->usrflags &= ~SYM_SCAN_BOOT_DISABLED;
-                starget_printk(KERN_INFO, tp->starget,
+                starget_printk(KERN_INFO, sdev->sdev_target,
                                "Scan at boot disabled in NVRAM\n");
-                return -ENXIO;
+                error = -ENXIO;
+                goto out;
        }
        if (tp->usrflags & SYM_SCAN_LUNS_DISABLED) {
-                if (sdev->lun != 0)
+                if (sdev->lun != 0) {
-                        return -ENXIO;
+                        error = -ENXIO;
-                starget_printk(KERN_INFO, tp->starget,
+                        goto out;
+                }
+                starget_printk(KERN_INFO, sdev->sdev_target,
                                "Multiple LUNs disabled in NVRAM\n");
        }
        lp = sym_alloc_lcb(np, sdev->id, sdev->lun);
-        if (!lp)
+        if (!lp) {
-                return -ENOMEM;
+                error = -ENOMEM;
+                goto out;
+        }
+        if (tp->nlcb == 1)
+                tp->starget = sdev->sdev_target;
        spi_min_period(tp->starget) = tp->usr_period;
        spi_max_width(tp->starget) = tp->usr_width;
-        return 0;
+        error = 0;
+out:
+        spin_unlock_irqrestore(np->s.host->host_lock, flags);
+        return error;
 }
 /*
@@ -819,12 +833,34 @@ static int sym53c8xx_slave_configure(struct scsi_device *sdev)
 static void sym53c8xx_slave_destroy(struct scsi_device *sdev)
 {
        struct sym_hcb *np = sym_get_hcb(sdev->host);
-        struct sym_lcb *lp = sym_lp(&np->target[sdev->id], sdev->lun);
+        struct sym_tcb *tp = &np->target[sdev->id];
+        struct sym_lcb *lp = sym_lp(tp, sdev->lun);
+        unsigned long flags;
+        spin_lock_irqsave(np->s.host->host_lock, flags);
+        if (lp->busy_itlq || lp->busy_itl) {
+                /*
+                 * This really shouldn't happen, but we can't return an error
+                 * so let's try to stop all on-going I/O.
+                 */
+                starget_printk(KERN_WARNING, tp->starget,
+                               "Removing busy LCB (%d)\n", sdev->lun);
+                sym_reset_scsi_bus(np, 1);
+        }
-        if (lp->itlq_tbl)
+        if (sym_free_lcb(np, sdev->id, sdev->lun) == 0) {
-                sym_mfree_dma(lp->itlq_tbl, SYM_CONF_MAX_TASK * 4, "ITLQ_TBL");
+                /*
-        kfree(lp->cb_tags);
+                 * It was the last unit for this target.
-        sym_mfree_dma(lp, sizeof(*lp), "LCB");
+                 */
+                tp->head.sval        = 0;
+                tp->head.wval        = np->rv_scntl3;
+                tp->head.uval        = 0;
+                tp->tgoal.check_nego = 1;
+                tp->starget          = NULL;
+        }
+        spin_unlock_irqrestore(np->s.host->host_lock, flags);
 }
 /*
@@ -890,6 +926,8 @@ static void sym_exec_user_command (struct sym_hcb *np, struct sym_usrcmd *uc)
                        if (!((uc->target >> t) & 1))
                                continue;
                        tp = &np->target[t];
+                        if (!tp->nlcb)
+                                continue;
                        switch (uc->cmd) {
author	Aaro Koskinen <Aaro.Koskinen@nokia.com>	2009-04-14 16:47:00 -0400
committer	James Bottomley <James.Bottomley@HansenPartnership.com>	2009-05-20 18:21:14 -0400
commit	fa8584566cc9cdaf067dbc12132792887a521da9 (patch)
tree	e103d0c9b1885ad8c017ea5f20b7881f06e85239 /drivers/scsi/sym53c8xx_2/sym_glue.c
parent	410604d25faddb1b4f0f9667b7452c06cc06cea1 (diff)