Commit 96f15f29 authored by Jeff Skirvin's avatar Jeff Skirvin Committed by James Bottomley

[SCSI] isci: Fix a race condition in the SSP task management path

This commit fixes a race condition in the isci driver abort task and SSP
device task management path.  The race is caused when an I/O termination
in the SCU hardware is necessary because of an SSP target timeout condition,
and the check of the I/O end state races against the HW-termination-driven
end state.  The failure of the race meant that no TMF was sent to the device
to clean-up the pending I/O.
Signed-off-by: default avatarJeff Skirvin <jeffrey.d.skirvin@intel.com>
Reviewed-by: default avatarLukasz Dorau <lukasz.dorau@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
parent ecb2cf1a
...@@ -491,6 +491,7 @@ int isci_task_abort_task(struct sas_task *task) ...@@ -491,6 +491,7 @@ int isci_task_abort_task(struct sas_task *task)
struct isci_tmf tmf; struct isci_tmf tmf;
int ret = TMF_RESP_FUNC_FAILED; int ret = TMF_RESP_FUNC_FAILED;
unsigned long flags; unsigned long flags;
int target_done_already = 0;
/* Get the isci_request reference from the task. Note that /* Get the isci_request reference from the task. Note that
* this check does not depend on the pending request list * this check does not depend on the pending request list
...@@ -505,9 +506,11 @@ int isci_task_abort_task(struct sas_task *task) ...@@ -505,9 +506,11 @@ int isci_task_abort_task(struct sas_task *task)
/* If task is already done, the request isn't valid */ /* If task is already done, the request isn't valid */
if (!(task->task_state_flags & SAS_TASK_STATE_DONE) && if (!(task->task_state_flags & SAS_TASK_STATE_DONE) &&
(task->task_state_flags & SAS_TASK_AT_INITIATOR) && (task->task_state_flags & SAS_TASK_AT_INITIATOR) &&
old_request) old_request) {
idev = isci_get_device(task->dev->lldd_dev); idev = isci_get_device(task->dev->lldd_dev);
target_done_already = test_bit(IREQ_COMPLETE_IN_TARGET,
&old_request->flags);
}
spin_unlock(&task->task_state_lock); spin_unlock(&task->task_state_lock);
spin_unlock_irqrestore(&ihost->scic_lock, flags); spin_unlock_irqrestore(&ihost->scic_lock, flags);
...@@ -561,7 +564,7 @@ int isci_task_abort_task(struct sas_task *task) ...@@ -561,7 +564,7 @@ int isci_task_abort_task(struct sas_task *task)
if (task->task_proto == SAS_PROTOCOL_SMP || if (task->task_proto == SAS_PROTOCOL_SMP ||
sas_protocol_ata(task->task_proto) || sas_protocol_ata(task->task_proto) ||
test_bit(IREQ_COMPLETE_IN_TARGET, &old_request->flags) || target_done_already ||
test_bit(IDEV_GONE, &idev->flags)) { test_bit(IDEV_GONE, &idev->flags)) {
spin_unlock_irqrestore(&ihost->scic_lock, flags); spin_unlock_irqrestore(&ihost->scic_lock, flags);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment