1. 01 3月, 2016 4 次提交
    • F
      ncr5380: Forget aborted commands · dc183965
      Finn Thain 提交于
      The list structures and related logic used in the NCR5380 driver mean that
      a command cannot be queued twice (i.e. can't appear on more than one queue
      and can't appear on the same queue more than once).
      
      The abort handler must forget the command so that the mid-layer can re-use
      it. E.g. the ML may send it back to the LLD via via scsi_eh_get_sense().
      
      Fix this and also fix two error paths, so that commands get forgotten iff
      completed.
      
      Fixes: 8b00c3d5 ("ncr5380: Implement new eh_abort_handler")
      Tested-by: NMichael Schmitz <schmitzmic@gmail.com>
      Cc: <stable@vger.kernel.org> # 4.5
      Signed-off-by: NFinn Thain <fthain@telegraphics.com.au>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      dc183965
    • F
      ncr5380: Dont re-enter NCR5380_select() · 71a00593
      Finn Thain 提交于
      Calling NCR5380_select() from the abort handler causes various problems.
      Firstly, it means potentially re-entering NCR5380_select(). Secondly, it
      means that the lock is released, which permits the EH handlers to be
      re-entered. The combination results in crashes. Don't do it.
      
      Fixes: 8b00c3d5 ("ncr5380: Implement new eh_abort_handler")
      Reported-and-tested-by: NMichael Schmitz <schmitzmic@gmail.com>
      Cc: <stable@vger.kernel.org> # 4.5
      Signed-off-by: NFinn Thain <fthain@telegraphics.com.au>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      71a00593
    • F
      ncr5380: Dont release lock for PIO transfer · 1678847e
      Finn Thain 提交于
      The calls to NCR5380_transfer_pio() for DATA IN and DATA OUT phases will
      modify cmd->SCp.this_residual, cmd->SCp.ptr and cmd->SCp.buffer. That
      works as long as EH does not intervene, which became possible in
      atari_NCR5380.c when I changed the locking to bring it closer to
      NCR5380.c.
      
      If error recovery aborts the command, the scsi_cmnd in question and its
      buffer will be returned to the mid-layer. So the transfer has to cease,
      but it can't be stopped by the initiator because the target controls the
      bus phase.
      
      The problem does not arise if the lock is not released. That was fine for
      atari_scsi, because it implements DMA. For the other drivers, we have to
      release the lock and re-enable interrupts for long PIO data transfers.
      
      The solution is to split the transfer into small chunks. In between chunks
      the main loop releases the lock and re-enables interrupts. Thus interrupts
      can be serviced and eh_bus_reset_handler can intervene if need be.
      
      This fixes an oops in NCR5380_transfer_pio() that can happen when the EH
      abort handler is invoked during DATA IN or DATA OUT phase.
      
      Fixes: 11d2f63b ("ncr5380: Change instance->host_lock to hostdata->lock")
      Reported-and-tested-by: NMichael Schmitz <schmitzmic@gmail.com>
      Cc: <stable@vger.kernel.org> # 4.5
      Signed-off-by: NFinn Thain <fthain@telegraphics.com.au>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      1678847e
    • F
      ncr5380: Correctly clear command pointers and lists after bus reset · 1884c283
      Finn Thain 提交于
      Commands subject to exception handling are to be returned to the scsi
      mid-layer. Make sure that the various command pointers and command lists
      in the low-level driver are correctly cleansed of affected commands.
      
      This fixes some bugs that I accidentally introduced in v4.5-rc1 including
      the removal of INIT_LIST_HEAD for the 'autosense' and 'disconnected'
      command lists, and the possible NULL pointer dereference in
      NCR5380_bus_reset() that was reported by Dan Carpenter.
      
      hostdata->sensing may also point to an affected command so this pointer
      also has to be cleared. The abort handler calls complete_cmd() to take
      care of this; let's have the bus reset handler do the same.
      
      The issue queue may also contain an affected command. If so, remove it.
      This also follows the abort handler logic.
      Reported-by: NDan Carpenter <dan.carpenter@oracle.com>
      Fixes: 62717f53 ("ncr5380: Implement new eh_bus_reset_handler")
      Tested-by: NMichael Schmitz <schmitzmic@gmail.com>
      Cc: <stable@vger.kernel.org> # 4.5
      Signed-off-by: NFinn Thain <fthain@telegraphics.com.au>
      Signed-off-by: NMartin K. Petersen <martin.petersen@oracle.com>
      1884c283
  2. 07 1月, 2016 36 次提交