diff options
author | Andrew Vasquez <andrew.vasquez@qlogic.com> | 2010-05-29 00:08:19 +0200 |
---|---|---|
committer | James Bottomley <James.Bottomley@suse.de> | 2010-07-27 19:01:21 +0200 |
commit | 6ac5260850841eb4055811a68ff47d658ebe9a59 (patch) | |
tree | 00e6bc407c4732ffb709ba9de7d8c743b9520194 /drivers | |
parent | [SCSI] qla2xxx: Correct use-after-free oops seen during EH-abort. (diff) | |
download | linux-6ac5260850841eb4055811a68ff47d658ebe9a59.tar.xz linux-6ac5260850841eb4055811a68ff47d658ebe9a59.zip |
[SCSI] qla2xxx: Correct async-srb issues.
* hold the hardware_lock throughout the duration of ctx-sp
timeout handling -- could result in use-after-free oops.
* retry a timed-out login-request.
* done() routines are called with the hardware-lock held, issue
qla2x00_mark_device_lost() with proper 'defer' flag.
* FCP2 capabilities are only relevant to target devices.
Signed-off-by: Giridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Diffstat (limited to 'drivers')
-rw-r--r-- | drivers/scsi/qla2xxx/qla_init.c | 20 | ||||
-rw-r--r-- | drivers/scsi/qla2xxx/qla_isr.c | 2 |
2 files changed, 15 insertions, 7 deletions
diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c index 4bf973483818..cc7352545081 100644 --- a/drivers/scsi/qla2xxx/qla_init.c +++ b/drivers/scsi/qla2xxx/qla_init.c @@ -60,9 +60,8 @@ qla2x00_ctx_sp_timeout(unsigned long __data) ctx = sp->ctx; iocb = ctx->u.iocb_cmd; iocb->timeout(sp); - spin_unlock_irqrestore(&ha->hardware_lock, flags); - iocb->free(sp); + spin_unlock_irqrestore(&ha->hardware_lock, flags); } void @@ -137,8 +136,16 @@ qla2x00_async_iocb_timeout(srb_t *sp) fcport->d_id.b.area, fcport->d_id.b.al_pa)); fcport->flags &= ~FCF_ASYNC_SENT; - if (ctx->type == SRB_LOGIN_CMD) + if (ctx->type == SRB_LOGIN_CMD) { + struct srb_iocb *lio = ctx->u.iocb_cmd; qla2x00_post_async_logout_work(fcport->vha, fcport, NULL); + /* Retry as needed. */ + lio->u.logio.data[0] = MBS_COMMAND_ERROR; + lio->u.logio.data[1] = lio->u.logio.flags & SRB_LOGIN_RETRIED ? + QLA_LOGIO_LOGIN_RETRIED : 0; + qla2x00_post_async_login_done_work(fcport->vha, fcport, + lio->u.logio.data); + } } static void @@ -420,10 +427,11 @@ qla2x00_async_login_done(struct scsi_qla_host *vha, fc_port_t *fcport, if (data[1] & QLA_LOGIO_LOGIN_RETRIED) set_bit(RELOGIN_NEEDED, &vha->dpc_flags); else - qla2x00_mark_device_lost(vha, fcport, 1, 0); + qla2x00_mark_device_lost(vha, fcport, 1, 1); break; case MBS_PORT_ID_USED: fcport->loop_id = data[1]; + qla2x00_post_async_logout_work(vha, fcport, NULL); qla2x00_post_async_login_work(vha, fcport, NULL); break; case MBS_LOOP_ID_USED: @@ -431,7 +439,7 @@ qla2x00_async_login_done(struct scsi_qla_host *vha, fc_port_t *fcport, rval = qla2x00_find_new_loop_id(vha, fcport); if (rval != QLA_SUCCESS) { fcport->flags &= ~FCF_ASYNC_SENT; - qla2x00_mark_device_lost(vha, fcport, 1, 0); + qla2x00_mark_device_lost(vha, fcport, 1, 1); break; } qla2x00_post_async_login_work(vha, fcport, NULL); @@ -463,7 +471,7 @@ qla2x00_async_adisc_done(struct scsi_qla_host *vha, fc_port_t *fcport, if (data[1] & QLA_LOGIO_LOGIN_RETRIED) set_bit(RELOGIN_NEEDED, &vha->dpc_flags); else - qla2x00_mark_device_lost(vha, fcport, 1, 0); + qla2x00_mark_device_lost(vha, fcport, 1, 1); return; } diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c index bc82ba99f251..912befdceb16 100644 --- a/drivers/scsi/qla2xxx/qla_isr.c +++ b/drivers/scsi/qla2xxx/qla_isr.c @@ -949,7 +949,7 @@ qla2x00_mbx_iocb_entry(scsi_qla_host_t *vha, struct req_que *req, fcport->port_type = FCT_TARGET; if (le16_to_cpu(mbx->mb1) & BIT_0) fcport->port_type = FCT_INITIATOR; - if (le16_to_cpu(mbx->mb1) & BIT_1) + else if (le16_to_cpu(mbx->mb1) & BIT_1) fcport->flags |= FCF_FCP2_DEVICE; } goto logio_done; |