tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
"This is a set of seven fixes, three (hpsa) and free'd command
references correcting bugs in the last round of updates and the
remaining four correcting problems within the SCSI error handler that
was causing a deadlock within USB"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
[SCSI] More USB deadlock fixes
[SCSI] Fix USB deadlock caused by SCSI error handling
[SCSI] Fix command result state propagation
[SCSI] Fix spurious request sense in error handling
[SCSI] don't reference freed command in scsi_prep_return
[SCSI] don't reference freed command in scsi_init_sgtable
[SCSI] hpsa: fix NULL dereference in hpsa_put_ctlr_into_performant_mode()

Linus Torvalds 6dda80ff 3fe89d2e

options
unified split
Changed files
+20 -6
drivers
scsi
hpsa.c
scsi_error.c
scsi_lib.c
+4 -4
drivers/scsi/hpsa.c
··· 7463 7463 if (hpsa_simple_mode) 7464 7464 return; 7465 7465 7466 + trans_support = readl(&(h->cfgtable->TransportSupport)); 7467 + if (!(trans_support & PERFORMANT_MODE)) 7468 + return; 7469 + 7466 7470 /* Check for I/O accelerator mode support */ 7467 7471 if (trans_support & CFGTBL_Trans_io_accel1) { 7468 7472 transMethod |= CFGTBL_Trans_io_accel1 | ··· 7483 7479 } 7484 7480 7485 7481 /* TODO, check that this next line h->nreply_queues is correct */ 7486 - trans_support = readl(&(h->cfgtable->TransportSupport)); 7487 - if (!(trans_support & PERFORMANT_MODE)) 7488 - return; 7489 - 7490 7482 h->nreply_queues = h->msix_vector > 0 ? h->msix_vector : 1; 7491 7483 hpsa_get_max_perf_mode_cmds(h); 7492 7484 /* Performant mode ring buffer and supporting data structures */
+12
drivers/scsi/scsi_error.c
··· 189 189 /* 190 190 * Retry after abort failed, escalate to next level. 191 191 */ 192 + scmd->eh_eflags &= ~SCSI_EH_ABORT_SCHEDULED; 192 193 SCSI_LOG_ERROR_RECOVERY(3, 193 194 scmd_printk(KERN_INFO, scmd, 194 195 "scmd %p previous abort failed\n", scmd)); ··· 921 920 ses->prot_op = scmd->prot_op; 922 921 923 922 scmd->prot_op = SCSI_PROT_NORMAL; 923 + scmd->eh_eflags = 0; 924 924 scmd->cmnd = ses->eh_cmnd; 925 925 memset(scmd->cmnd, 0, BLK_MAX_CDB); 926 926 memset(&scmd->sdb, 0, sizeof(scmd->sdb)); 927 927 scmd->request->next_rq = NULL; 928 + scmd->result = 0; 928 929 929 930 if (sense_bytes) { 930 931 scmd->sdb.length = min_t(unsigned, SCSI_SENSE_BUFFERSIZE, ··· 1160 1157 __func__)); 1161 1158 break; 1162 1159 } 1160 + if (status_byte(scmd->result) != CHECK_CONDITION) 1161 + /* 1162 + * don't request sense if there's no check condition 1163 + * status because the error we're processing isn't one 1164 + * that has a sense code (and some devices get 1165 + * confused by sense requests out of the blue) 1166 + */ 1167 + continue; 1168 + 1163 1169 SCSI_LOG_ERROR_RECOVERY(2, scmd_printk(KERN_INFO, scmd, 1164 1170 "%s: requesting sense\n", 1165 1171 current->comm));
+4 -2
drivers/scsi/scsi_lib.c
··· 137 137 * lock such that the kblockd_schedule_work() call happens 138 138 * before blk_cleanup_queue() finishes. 139 139 */ 140 + cmd->result = 0; 140 141 spin_lock_irqsave(q->queue_lock, flags); 141 142 blk_requeue_request(q, cmd->request); 142 143 kblockd_schedule_work(q, &device->requeue_work); ··· 1045 1044 */ 1046 1045 int scsi_init_io(struct scsi_cmnd *cmd, gfp_t gfp_mask) 1047 1046 { 1047 + struct scsi_device *sdev = cmd->device; 1048 1048 struct request *rq = cmd->request; 1049 1049 1050 1050 int error = scsi_init_sgtable(rq, &cmd->sdb, gfp_mask); ··· 1093 1091 scsi_release_buffers(cmd); 1094 1092 cmd->request->special = NULL; 1095 1093 scsi_put_command(cmd); 1096 - put_device(&cmd->device->sdev_gendev); 1094 + put_device(&sdev->sdev_gendev); 1097 1095 return error; 1098 1096 } 1099 1097 EXPORT_SYMBOL(scsi_init_io); ··· 1275 1273 struct scsi_cmnd *cmd = req->special; 1276 1274 scsi_release_buffers(cmd); 1277 1275 scsi_put_command(cmd); 1278 - put_device(&cmd->device->sdev_gendev); 1276 + put_device(&sdev->sdev_gendev); 1279 1277 req->special = NULL; 1280 1278 } 1281 1279 break;