aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorHerton Ronaldo Krzesinski <herton@mandriva.com.br>2010-03-30 12:35:38 -0400
committerJames Bottomley <James.Bottomley@suse.de>2010-05-01 10:54:22 -0400
commit9a908c1aa4d3898f62e2cb8af6936b16503ab3e6 (patch)
treef22d4a95f76bb3a9bc33198dea23033ec2e044ac /drivers
parentbe1066bbcd443a65df312fdecea7e4959adedb45 (diff)
[SCSI] advansys: fix narrow board error path
Error handling on advansys_board_found is fixed, because it's buggy in the case we have an ASC_NARROW_BOARD set and failure happens on AscInitAsc1000Driver step: it was freeing items of wrong struct in the dvc_var union of struct asc_board, which could lead to an oops in the case we set some of the fields in struct of narrow board as code was choosing to always freeing wide board fields, and not everything was being freed/released properly. Signed-off-by: Herton Ronaldo Krzesinski <herton@mandriva.com.br> Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/scsi/advansys.c50
1 files changed, 36 insertions, 14 deletions
diff --git a/drivers/scsi/advansys.c b/drivers/scsi/advansys.c
index 9201afe65609..7f87979da22d 100644
--- a/drivers/scsi/advansys.c
+++ b/drivers/scsi/advansys.c
@@ -4724,6 +4724,10 @@ static ushort AscInitMicroCodeVar(ASC_DVC_VAR *asc_dvc)
4724 BUG_ON((unsigned long)asc_dvc->overrun_buf & 7); 4724 BUG_ON((unsigned long)asc_dvc->overrun_buf & 7);
4725 asc_dvc->overrun_dma = dma_map_single(board->dev, asc_dvc->overrun_buf, 4725 asc_dvc->overrun_dma = dma_map_single(board->dev, asc_dvc->overrun_buf,
4726 ASC_OVERRUN_BSIZE, DMA_FROM_DEVICE); 4726 ASC_OVERRUN_BSIZE, DMA_FROM_DEVICE);
4727 if (dma_mapping_error(board->dev, asc_dvc->overrun_dma)) {
4728 warn_code = -ENOMEM;
4729 goto err_dma_map;
4730 }
4727 phy_addr = cpu_to_le32(asc_dvc->overrun_dma); 4731 phy_addr = cpu_to_le32(asc_dvc->overrun_dma);
4728 AscMemDWordCopyPtrToLram(iop_base, ASCV_OVERRUN_PADDR_D, 4732 AscMemDWordCopyPtrToLram(iop_base, ASCV_OVERRUN_PADDR_D,
4729 (uchar *)&phy_addr, 1); 4733 (uchar *)&phy_addr, 1);
@@ -4739,14 +4743,23 @@ static ushort AscInitMicroCodeVar(ASC_DVC_VAR *asc_dvc)
4739 AscSetPCAddr(iop_base, ASC_MCODE_START_ADDR); 4743 AscSetPCAddr(iop_base, ASC_MCODE_START_ADDR);
4740 if (AscGetPCAddr(iop_base) != ASC_MCODE_START_ADDR) { 4744 if (AscGetPCAddr(iop_base) != ASC_MCODE_START_ADDR) {
4741 asc_dvc->err_code |= ASC_IERR_SET_PC_ADDR; 4745 asc_dvc->err_code |= ASC_IERR_SET_PC_ADDR;
4742 return warn_code; 4746 warn_code = UW_ERR;
4747 goto err_mcode_start;
4743 } 4748 }
4744 if (AscStartChip(iop_base) != 1) { 4749 if (AscStartChip(iop_base) != 1) {
4745 asc_dvc->err_code |= ASC_IERR_START_STOP_CHIP; 4750 asc_dvc->err_code |= ASC_IERR_START_STOP_CHIP;
4746 return warn_code; 4751 warn_code = UW_ERR;
4752 goto err_mcode_start;
4747 } 4753 }
4748 4754
4749 return warn_code; 4755 return warn_code;
4756
4757err_mcode_start:
4758 dma_unmap_single(board->dev, asc_dvc->overrun_dma,
4759 ASC_OVERRUN_BSIZE, DMA_FROM_DEVICE);
4760err_dma_map:
4761 asc_dvc->overrun_dma = 0;
4762 return warn_code;
4750} 4763}
4751 4764
4752static ushort AscInitAsc1000Driver(ASC_DVC_VAR *asc_dvc) 4765static ushort AscInitAsc1000Driver(ASC_DVC_VAR *asc_dvc)
@@ -4802,6 +4815,8 @@ static ushort AscInitAsc1000Driver(ASC_DVC_VAR *asc_dvc)
4802 } 4815 }
4803 release_firmware(fw); 4816 release_firmware(fw);
4804 warn_code |= AscInitMicroCodeVar(asc_dvc); 4817 warn_code |= AscInitMicroCodeVar(asc_dvc);
4818 if (!asc_dvc->overrun_dma)
4819 return warn_code;
4805 asc_dvc->init_state |= ASC_INIT_STATE_END_LOAD_MC; 4820 asc_dvc->init_state |= ASC_INIT_STATE_END_LOAD_MC;
4806 AscEnableInterrupt(iop_base); 4821 AscEnableInterrupt(iop_base);
4807 return warn_code; 4822 return warn_code;
@@ -7978,9 +7993,10 @@ static int advansys_reset(struct scsi_cmnd *scp)
7978 status = AscInitAsc1000Driver(asc_dvc); 7993 status = AscInitAsc1000Driver(asc_dvc);
7979 7994
7980 /* Refer to ASC_IERR_* definitions for meaning of 'err_code'. */ 7995 /* Refer to ASC_IERR_* definitions for meaning of 'err_code'. */
7981 if (asc_dvc->err_code) { 7996 if (asc_dvc->err_code || !asc_dvc->overrun_dma) {
7982 scmd_printk(KERN_INFO, scp, "SCSI bus reset error: " 7997 scmd_printk(KERN_INFO, scp, "SCSI bus reset error: "
7983 "0x%x\n", asc_dvc->err_code); 7998 "0x%x, status: 0x%x\n", asc_dvc->err_code,
7999 status);
7984 ret = FAILED; 8000 ret = FAILED;
7985 } else if (status) { 8001 } else if (status) {
7986 scmd_printk(KERN_INFO, scp, "SCSI bus reset warning: " 8002 scmd_printk(KERN_INFO, scp, "SCSI bus reset warning: "
@@ -12311,7 +12327,7 @@ static int __devinit advansys_board_found(struct Scsi_Host *shost,
12311 asc_dvc_varp->overrun_buf = kzalloc(ASC_OVERRUN_BSIZE, GFP_KERNEL); 12327 asc_dvc_varp->overrun_buf = kzalloc(ASC_OVERRUN_BSIZE, GFP_KERNEL);
12312 if (!asc_dvc_varp->overrun_buf) { 12328 if (!asc_dvc_varp->overrun_buf) {
12313 ret = -ENOMEM; 12329 ret = -ENOMEM;
12314 goto err_free_wide_mem; 12330 goto err_free_irq;
12315 } 12331 }
12316 warn_code = AscInitAsc1000Driver(asc_dvc_varp); 12332 warn_code = AscInitAsc1000Driver(asc_dvc_varp);
12317 12333
@@ -12320,30 +12336,36 @@ static int __devinit advansys_board_found(struct Scsi_Host *shost,
12320 "warn 0x%x, error 0x%x\n", 12336 "warn 0x%x, error 0x%x\n",
12321 asc_dvc_varp->init_state, warn_code, 12337 asc_dvc_varp->init_state, warn_code,
12322 asc_dvc_varp->err_code); 12338 asc_dvc_varp->err_code);
12323 if (asc_dvc_varp->err_code) { 12339 if (!asc_dvc_varp->overrun_dma) {
12324 ret = -ENODEV; 12340 ret = -ENODEV;
12325 kfree(asc_dvc_varp->overrun_buf); 12341 goto err_free_mem;
12326 } 12342 }
12327 } 12343 }
12328 } else { 12344 } else {
12329 if (advansys_wide_init_chip(shost)) 12345 if (advansys_wide_init_chip(shost)) {
12330 ret = -ENODEV; 12346 ret = -ENODEV;
12347 goto err_free_mem;
12348 }
12331 } 12349 }
12332 12350
12333 if (ret)
12334 goto err_free_wide_mem;
12335
12336 ASC_DBG_PRT_SCSI_HOST(2, shost); 12351 ASC_DBG_PRT_SCSI_HOST(2, shost);
12337 12352
12338 ret = scsi_add_host(shost, boardp->dev); 12353 ret = scsi_add_host(shost, boardp->dev);
12339 if (ret) 12354 if (ret)
12340 goto err_free_wide_mem; 12355 goto err_free_mem;
12341 12356
12342 scsi_scan_host(shost); 12357 scsi_scan_host(shost);
12343 return 0; 12358 return 0;
12344 12359
12345 err_free_wide_mem: 12360 err_free_mem:
12346 advansys_wide_free_mem(boardp); 12361 if (ASC_NARROW_BOARD(boardp)) {
12362 if (asc_dvc_varp->overrun_dma)
12363 dma_unmap_single(boardp->dev, asc_dvc_varp->overrun_dma,
12364 ASC_OVERRUN_BSIZE, DMA_FROM_DEVICE);
12365 kfree(asc_dvc_varp->overrun_buf);
12366 } else
12367 advansys_wide_free_mem(boardp);
12368 err_free_irq:
12347 free_irq(boardp->irq, shost); 12369 free_irq(boardp->irq, shost);
12348 err_free_dma: 12370 err_free_dma:
12349#ifdef CONFIG_ISA 12371#ifdef CONFIG_ISA
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-07 14:14:17 -0500