Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 96f15f29 authored by Jeff Skirvin's avatar Jeff Skirvin Committed by James Bottomley
Browse files

[SCSI] isci: Fix a race condition in the SSP task management path 



This commit fixes a race condition in the isci driver abort task and SSP
device task management path.  The race is caused when an I/O termination
in the SCU hardware is necessary because of an SSP target timeout condition,
and the check of the I/O end state races against the HW-termination-driven
end state.  The failure of the race meant that no TMF was sent to the device
to clean-up the pending I/O.

Signed-off-by: default avatarJeff Skirvin <jeffrey.d.skirvin@intel.com>
Reviewed-by: default avatarLukasz Dorau <lukasz.dorau@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
parent ecb2cf1a

drivers/scsi/isci/task.c

+6 −3
Original line number Diff line number Diff line
@@ -491,6 +491,7 @@ int isci_task_abort_task(struct sas_task *task) 
	struct isci_tmf           tmf;

	int                       ret = TMF_RESP_FUNC_FAILED;

	unsigned long             flags;

	int                       target_done_already = 0;



	/* Get the isci_request reference from the task.  Note that

	 * this check does not depend on the pending request list
@@ -505,9 +506,11 @@ int isci_task_abort_task(struct sas_task *task) 
	/* If task is already done, the request isn't valid */

	if (!(task->task_state_flags & SAS_TASK_STATE_DONE) &&

	    (task->task_state_flags & SAS_TASK_AT_INITIATOR) &&

	    old_request)

	    old_request) {

		idev = isci_get_device(task->dev->lldd_dev);



		target_done_already = test_bit(IREQ_COMPLETE_IN_TARGET,

					       &old_request->flags);

	}

	spin_unlock(&task->task_state_lock);

	spin_unlock_irqrestore(&ihost->scic_lock, flags);
@@ -561,7 +564,7 @@ int isci_task_abort_task(struct sas_task *task) 


	if (task->task_proto == SAS_PROTOCOL_SMP ||

	    sas_protocol_ata(task->task_proto) ||

	    test_bit(IREQ_COMPLETE_IN_TARGET, &old_request->flags) ||

	    target_done_already ||

	    test_bit(IDEV_GONE, &idev->flags)) {



		spin_unlock_irqrestore(&ihost->scic_lock, flags);