53c700: fix BUG on untagged commands

Message ID	1465880407.18583.18.camel@linux.vnet.ibm.com (mailing list archive)
State	Accepted, archived
Headers	show Return-Path: <linux-parisc-owner@kernel.org> Gateway: Authorized Use Only! Violators will be prosecuted for <linux-parisc@vger.kernel.org> from <jejb@linux.vnet.ibm.com>; Mon, 13 Jun 2016 23:00:11 -0600 Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 13 Jun 2016 23:00:10 -0600 Subject: [PATCH] 53c700: fix BUG on untagged commands From: James Bottomley <jejb@linux.vnet.ibm.com> To: linux-scsi <linux-scsi@vger.kernel.org>, Parisc List <linux-parisc@vger.kernel.org> Cc: Christoph Hellwig <hch@infradead.org> Date: Mon, 13 Jun 2016 22:00:07 -0700 Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Message-Id: <1465880407.18583.18.camel@linux.vnet.ibm.com> Sender: linux-parisc-owner@vger.kernel.org Precedence: bulk

Message ID

1465880407.18583.18.camel@linux.vnet.ibm.com (mailing list archive)

State

Accepted, archived

Headers

Subject: [PATCH] 53c700: fix BUG on untagged commands
From: James Bottomley <jejb@linux.vnet.ibm.com>
To: linux-scsi <linux-scsi@vger.kernel.org>,
	Parisc List <linux-parisc@vger.kernel.org>
Cc: Christoph Hellwig <hch@infradead.org>
Date: Mon, 13 Jun 2016 22:00:07 -0700
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Message-Id: <1465880407.18583.18.camel@linux.vnet.ibm.com>
Sender: linux-parisc-owner@vger.kernel.org
Precedence: bulk

Commit Message

James Bottomley June 14, 2016, 5 a.m. UTC

The untagged command case in the 53c700 driver has been broken since
host wide tags were enabled because the replaced scsi_find_tag()
function had a special case for the tag value SCSI_NO_TAG to retrieve
sdev->current_cmnd.  The replacement function scsi_host_find_tag() has
no such special case and returns NULL causing untagged commands to
trigger a BUG() in the driver.  Inspection shows that the 53c700 is the
only driver using this SCSI_NO_TAG case, so a local fix in the driver
suffices to fix this problem globally.

Fixes: 64d513ac31b - "scsi: use host wide tags by default"
Cc: stable@vger.kernel.org	# 4.4+
Reported-by: Helge Deller <deller@gmx.de>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: James Bottomley <jejb@linux.vnet.ibm.com>

---



--
To unsubscribe from this list: send the line "unsubscribe linux-parisc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Johannes Thumshirn June 14, 2016, 7:15 a.m. UTC | #1

On Mon, Jun 13, 2016 at 10:00:07PM -0700, James Bottomley wrote:
> The untagged command case in the 53c700 driver has been broken since
> host wide tags were enabled because the replaced scsi_find_tag()
> function had a special case for the tag value SCSI_NO_TAG to retrieve
> sdev->current_cmnd.  The replacement function scsi_host_find_tag() has
> no such special case and returns NULL causing untagged commands to
> trigger a BUG() in the driver.  Inspection shows that the 53c700 is the
> only driver using this SCSI_NO_TAG case, so a local fix in the driver
> suffices to fix this problem globally.
> 
> Fixes: 64d513ac31b - "scsi: use host wide tags by default"
> Cc: stable@vger.kernel.org	# 4.4+
> Reported-by: Helge Deller <deller@gmx.de>
> Tested-by: Helge Deller <deller@gmx.de>
> Signed-off-by: James Bottomley <jejb@linux.vnet.ibm.com>

Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>

Ewan Milne June 14, 2016, 1:10 p.m. UTC | #2

On Mon, 2016-06-13 at 22:00 -0700, James Bottomley wrote:
> The untagged command case in the 53c700 driver has been broken since
> host wide tags were enabled because the replaced scsi_find_tag()
> function had a special case for the tag value SCSI_NO_TAG to retrieve
> sdev->current_cmnd.  The replacement function scsi_host_find_tag() has
> no such special case and returns NULL causing untagged commands to
> trigger a BUG() in the driver.  Inspection shows that the 53c700 is the
> only driver using this SCSI_NO_TAG case, so a local fix in the driver
> suffices to fix this problem globally.
> 
> Fixes: 64d513ac31b - "scsi: use host wide tags by default"
> Cc: stable@vger.kernel.org	# 4.4+
> Reported-by: Helge Deller <deller@gmx.de>
> Tested-by: Helge Deller <deller@gmx.de>
> Signed-off-by: James Bottomley <jejb@linux.vnet.ibm.com>
> 
> ---
> 
> diff --git a/drivers/scsi/53c700.c b/drivers/scsi/53c700.c
> index d4c2856..3ddc85e 100644
> --- a/drivers/scsi/53c700.c
> +++ b/drivers/scsi/53c700.c
> @@ -1122,7 +1122,7 @@ process_script_interrupt(__u32 dsps, __u32 dsp, struct scsi_cmnd *SCp,
>  		} else {
>  			struct scsi_cmnd *SCp;
>  
> -			SCp = scsi_host_find_tag(SDp->host, SCSI_NO_TAG);
> +			SCp = SDp->current_cmnd;
>  			if(unlikely(SCp == NULL)) {
>  				sdev_printk(KERN_ERR, SDp,
>  					"no saved request for untagged cmd\n");
> @@ -1826,7 +1826,7 @@ NCR_700_queuecommand_lck(struct scsi_cmnd *SCp, void (*done)(struct scsi_cmnd *)
>  		       slot->tag, slot);
>  	} else {
>  		slot->tag = SCSI_NO_TAG;
> -		/* must populate current_cmnd for scsi_host_find_tag to work */
> +		/* save current command for reselection */
>  		SCp->device->current_cmnd = SCp;
>  	}
>  	/* sanity check: some of the commands generated by the mid-layer
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reviewed-by: Ewan D. Milne <emilne@redhat.com>



--
To unsubscribe from this list: send the line "unsubscribe linux-parisc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Martin K. Petersen June 15, 2016, 2 a.m. UTC | #3

>>>>> "James" == James Bottomley <jejb@linux.vnet.ibm.com> writes:

James> The untagged command case in the 53c700 driver has been broken
James> since host wide tags were enabled because the replaced
James> scsi_find_tag() function had a special case for the tag value
James> SCSI_NO_TAG to retrieve sdev-> current_cmnd.  The replacement
James> function scsi_host_find_tag() has no such special case and
James> returns NULL causing untagged commands to trigger a BUG() in the
James> driver.  Inspection shows that the 53c700 is the only driver
James> using this SCSI_NO_TAG case, so a local fix in the driver
James> suffices to fix this problem globally.

Applied to 4.7/scsi-fixes.

diff --git a/drivers/scsi/53c700.c b/drivers/scsi/53c700.c
index d4c2856..3ddc85e 100644
--- a/drivers/scsi/53c700.c
+++ b/drivers/scsi/53c700.c
@@ -1122,7 +1122,7 @@  process_script_interrupt(__u32 dsps, __u32 dsp, struct scsi_cmnd *SCp,
 		} else {
 			struct scsi_cmnd *SCp;
 
-			SCp = scsi_host_find_tag(SDp->host, SCSI_NO_TAG);
+			SCp = SDp->current_cmnd;
 			if(unlikely(SCp == NULL)) {
 				sdev_printk(KERN_ERR, SDp,
 					"no saved request for untagged cmd\n");
@@ -1826,7 +1826,7 @@  NCR_700_queuecommand_lck(struct scsi_cmnd *SCp, void (*done)(struct scsi_cmnd *)
 		       slot->tag, slot);
 	} else {
 		slot->tag = SCSI_NO_TAG;
-		/* must populate current_cmnd for scsi_host_find_tag to work */
+		/* save current command for reselection */
 		SCp->device->current_cmnd = SCp;
 	}
 	/* sanity check: some of the commands generated by the mid-layer

53c700: fix BUG on untagged commands

Commit Message

Comments

Patch