1. 09 12月, 2010 9 次提交
    • C
      [SCSI] zfcp: Issue FCP command without holding SCSI host_lock · e55f8753
      Christof Schmitt 提交于
      Interrupting the connection to the FCP channel while I/O requests are
      being issued can lead to this deadlock. scsi_dispatch_cmd already
      holds the host_lock while the recovery trigger tries to acquire the
      host_lock again when iterating through the scsi_devices.
      
       INFO: lockdep is turned off.
       BUG: spinlock lockup on CPU#1, blast/9660, 0000000078f38878
       CPU: 1 Not tainted 2.6.35.7SWEN2 #2
       Process blast (pid: 9660, task: 0000000071f75940, ksp: 0000000074393ac0)
              0000000074393640 00000000743935c0 0000000000000002 0000000000000000
              0000000074393660 00000000743935d8 00000000743935d8 00000000005590c2
              0000000000000000 0000000078f38878 0000000026ede800 0000000078f38878
              000000000000000d 040000000000000c 0000000074393628 0000000000000000
              0000000000000000 0000000000100b2a 00000000743935c0 0000000074393600
       Call Trace:
       ([<0000000000100a32>] show_trace+0xee/0x144)
        [<00000000003be202>] do_raw_spin_lock+0x112/0x178
        [<000000000055d408>] _raw_spin_lock_irqsave+0x90/0xb0
        [<00000000003f1514>] __scsi_iterate_devices+0x38/0xbc
        [<00000000004849b0>] zfcp_erp_clear_adapter_status+0xd0/0x16c
        [<000000000048587a>] zfcp_erp_adapter_reopen+0x3a/0xb4
        [<0000000000489812>] zfcp_fsf_req_send+0x166/0x180
        [<000000000048c8d6>] zfcp_fsf_fcp_cmnd+0x272/0x408
        [<000000000048f864>] zfcp_scsi_queuecommand+0x11c/0x1e0
        [<00000000003f1f2a>] scsi_dispatch_cmd+0x1d6/0x324
        [<00000000003f9910>] scsi_request_fn+0x42c/0x56c
        [<00000000003828ae>] __blk_run_queue+0x86/0x140
        [<000000000037f742>] elv_insert+0x11a/0x208
        [<000000000038104c>] blk_insert_cloned_request+0x84/0xe4
        [<000003c0032b7c64>] dm_dispatch_request+0x6c/0x94 [dm_mod]
        [<000003c0032b7d5c>] map_request+0xd0/0x100 [dm_mod]
        [<000003c0032b9a78>] dm_request_fn+0xec/0x1bc [dm_mod]
        [<0000000000382c0e>] generic_unplug_device+0x5a/0x6c
        [<000003c0032b7f98>] dm_unplug_all+0x74/0x9c [dm_mod]
        [<00000000001d1272>] sync_page+0x76/0x9c
        [<00000000001d12ba>] sync_page_killable+0x22/0x60
        [<000000000055a768>] __wait_on_bit_lock+0xc0/0x124
        [<00000000001d1140>] __lock_page_killable+0x78/0x84
        [<00000000001d351c>] generic_file_aio_read+0x5a4/0x7e8
        [<0000000000228ec0>] do_sync_read+0xc8/0x12c
        [<0000000000229edc>] vfs_read+0xac/0x1ac
        [<000000000022a0d8>] SyS_read+0x58/0xa8
        [<00000000001146de>] sysc_noemu+0x10/0x16
        [<00000200000493c4>] 0x200000493c4
       INFO: lockdep is turned off.
      
      Call zfcp_fsf_fcp_cmnd without the host_lock and disable the
      interrupts when acquiring the req_q_lock. According to the patch
      description in "[PATCH] Eliminate error handler overload of the SCSI
      serial number", the serial_number is not used, so simply drop the
      queuecommand wrapper function and run zfcp_scsi_queuecommand without
      holding the host_lock.
      Reviewed-by: NSwen Schillig <swen@vnet.ibm.com>
      Signed-off-by: NChristof Schmitt <christof.schmitt@de.ibm.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@suse.de>
      e55f8753
    • S
      [SCSI] zfcp: Prevent usage w/o holding a reference · 14718e3c
      Swen Schillig 提交于
      The ERP got values assigned for which no reference was taken.  This
      can lead to an unpredictable race condition.  Fix this by only
      assigning the values which are required and for which a reference was
      pulled or is held implicitly.
      Signed-off-by: NSwen Schillig <swen@vnet.ibm.com>
      Signed-off-by: NChristof Schmitt <christof.schmitt@de.ibm.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@suse.de>
      14718e3c
    • S
      [SCSI] zfcp: No ERP escalation on gpn_ft eval · d3e1088d
      Swen Schillig 提交于
      If the evaluation of GPN_FT requests wants to remove an invalid port
      from the system the zfcp_erp_port_shutdown function is triggered.
      Depending on the system status a superior action (e.g. adapter reopen)
      is required. This can lead to an invalid mem access of the port struct
      which might be freed at the time since the superior action is not
      holding a reference of the port which triggered this ERP action.
      Signed-off-by: NSwen Schillig <swen@vnet.ibm.com>
      Signed-off-by: NChristof Schmitt <christof.schmitt@de.ibm.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@suse.de>
      d3e1088d
    • S
      [SCSI] zfcp: Correct false abort data assignment. · 6fbf25e8
      Swen Schillig 提交于
      The request data assignment between the fsf abort initiator and its
      corresponding handler is not consistent and leads to an unpredictable
      behaviour, e.g. kernel panic.  This patch fixes this issue and assigns
      the correct value.
      Signed-off-by: NSwen Schillig <swen@vnet.ibm.com>
      Signed-off-by: NChristof Schmitt <christof.schmitt@de.ibm.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@suse.de>
      6fbf25e8
    • S
      [SCSI] zfcp: Fix common FCP request reception · 5bfb2c31
      Swen Schillig 提交于
      The reception of a common FCP request should only be evaluated if the
      corresponding SCSI request data is available. Therefore put the
      information under the lock protection and verify the existence before
      processing.  This fixes the following kernel panic.
      
      Unable to handle kernel pointer dereference at virtual kernel address 0000000180000000
      Oops: 003b [#1] PREEMPT SMP DEBUG_PAGEALLOC
      CPU: 0 Not tainted 2.6.35.7-45.x.20101007-s390xdefault #1
      Process blast (pid: 9711, task: 00000000a3be8e40, ksp: 00000000b221bac0)
      Krnl PSW : 0704300180000000 0000000000489878 (zfcp_fsf_fcp_handler_common+0x4c/0x3a0)
                 R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:3 PM:0 EA:3
      Krnl GPRS: 00000000b663c1b8 0000000180000000 000000007ab5bdf0 0000000000000000
                 00000000b0ccd800 0000000000000018 07000000a3be8e78 00000000b5d3e600
                 000000007ab5bdf0 0000000000000066 00000000b72137f0 00000000b72137f0
                 0000000000000000 00000000005a8178 00000000bdf37a60 00000000bdf379f0
      Krnl Code: 0000000000489866: e3c030000004       lg      %r12,0(%r3)
                 000000000048986c: e310c0000004       lg      %r1,0(%r12)
                 0000000000489872: e31011e00004       lg      %r1,480(%r1)
                >0000000000489878: 581011ec           l       %r1,492(%r1)
                 000000000048987c: a774001c           brc     7,4898b4
                 0000000000489880: b91400b1           lgfr    %r11,%r1
                 0000000000489884: 5810405c           l       %r1,92(%r4)
                 0000000000489888: 5510d00c           cl      %r1,12(%r13)
      Call Trace:
      ([<000000000010d344>] debug_event_common+0x22c/0x244)
       [<000000000048a0b4>] zfcp_fsf_fcp_cmnd_handler+0x2c/0x3b4
       [<000000000048b5b6>] zfcp_fsf_req_complete+0x1b6/0x9dc
       [<000000000048bede>] zfcp_fsf_reqid_check+0x102/0x138
       [<000000000048e478>] zfcp_qdio_int_resp+0x70/0x110
       [<000000000044a1ec>] qdio_kick_handler+0xb0/0x19c
       [<000000000044c228>] __tiqdio_inbound_processing+0x30c/0xebc
       [<000000000014a5fc>] tasklet_action+0x1b4/0x1e8
       [<000000000014b676>] __do_softirq+0x106/0x1cc
       [<000000000010d91a>] do_softirq+0xe6/0xec
       [<000000000014b0c8>] irq_exit+0xd4/0xd8
       [<00000000004307ec>] do_IRQ+0x7c0/0xf54
       [<0000000000114d28>] io_return+0x0/0x16
       [<000000000055fef0>] sub_preempt_count+0x50/0xe4
      ([<00000000b1f873c0>] 0xb1f873c0)
       [<000000000055e25a>] _raw_spin_unlock+0x46/0x74
       [<0000000000241c40>] __d_lookup+0x288/0x2c8
       [<000000000023502c>] do_lookup+0x7c/0x25c
       [<0000000000237fa8>] link_path_walk+0x5e4/0xe2c
       [<0000000000238a00>] path_walk+0x98/0x148
       [<0000000000238c98>] do_path_lookup+0x74/0xc0
       [<000000000023989c>] user_path_at+0x64/0xa4
       [<000000000022e366>] vfs_fstatat+0x4e/0xb0
       [<000000000022e4d6>] SyS_newstat+0x2e/0x54
       [<00000000001146de>] sysc_noemu+0x10/0x16
       [<0000020000153456>] 0x20000153456
      INFO: lockdep is turned off.
      Last Breaking-Event-Address:
       [<000000000048a0ae>] zfcp_fsf_fcp_cmnd_handler+0x26/0x3b4
      Signed-off-by: NSwen Schillig <swen@vnet.ibm.com>
      Signed-off-by: NChristof Schmitt <christof.schmitt@de.ibm.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@suse.de>
      5bfb2c31
    • J
      [SCSI] Eliminate error handler overload of the SCSI serial number · 459dbf72
      James Bottomley 提交于
      The error handler is using the test cmd->serial_number == 0 in the
      abort routines to signal that the command to be aborted has already
      completed normally.  This design was to close a race window in the
      original error handler where a command could go through the normal
      completion routines after it timed out but before error handling was
      started.
      
      Mike Anderson pointed out that when we converted our timeout and
      softirq completions, we picked up atomicity here because the block
      layer now mediates this with the REQ_ATOM_COMPLETE flag and guarantees
      that *either* the command times out or our done routine is called, but
      ensures we can't get both occurring.  That makes the serial number
      zero check redundant and it can be removed.
      Signed-off-by: NJames Bottomley <James.Bottomley@suse.de>
      459dbf72
    • A
      [SCSI] pmcraid: disable msix and expand device config entry · 5da61410
      Anil Ravindranath 提交于
      Firmware requires a larger configuration entry size than the driver
      currently allows, and MSI-X pretty much doesn't work with current FW,
      so disable it for now.
      Signed-off-by: NAnil Ravindranath <anil_ravindranath@pmc-sierra.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@suse.de>
      5da61410
    • J
      [SCSI] bsg: correct fault if queue object removed while dev_t open · c7a841f3
      James Smart 提交于
      This patch corrects an issue in bsg that results in a general protection
      fault if an LLD is removed while an application is using an open file
      handle to a bsg device, and the application issues an ioctl. The fault
      occurs because the class_dev is NULL, having been cleared in
      bsg_unregister_queue() when the driver was removed.  With this
      patch, a check is made for the class_dev, and the application
      will receive ENXIO if the related object is gone.
      Signed-off-by: NCarl Lajeunesse <carl.lajeunesse@emulex.com>
      Signed-off-by: NJames Smart <james.smart@emulex.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@suse.de>
      c7a841f3
    • D
      [SCSI] osd: checking NULL instead of ERR_PTR() · 057f02a3
      Dan Carpenter 提交于
      bio_map_kern() returns ERR_PTRs on failure and never returns NULL.
      
      [jejb: remove redundant unlikely spotted by Tobias Klauser]
      Signed-off-by: NDan Carpenter <error27@gmail.com>
      Acked-by: NBoaz Harrosh <bharrosh@panasas.com>
      Signed-off-by: NJames Bottomley <James.Bottomley@suse.de>
      057f02a3
  2. 08 12月, 2010 18 次提交
  3. 07 12月, 2010 12 次提交
  4. 06 12月, 2010 1 次提交