isci: Fix a race condition in the SSP task management path
authorJeff Skirvin <jeffrey.d.skirvin@intel.com>
Fri, 12 Jul 2013 00:18:58 +0000 (17:18 -0700)
committerBen Hutchings <ben@decadent.org.uk>
Fri, 2 Aug 2013 20:15:04 +0000 (22:15 +0200)
commit 96f15f29038e58e1b0a96483e2b369ff446becf1 upstream.

This commit fixes a race condition in the isci driver abort task and SSP
device task management path.  The race is caused when an I/O termination
in the SCU hardware is necessary because of an SSP target timeout condition,
and the check of the I/O end state races against the HW-termination-driven
end state.  The failure of the race meant that no TMF was sent to the device
to clean-up the pending I/O.

Signed-off-by: Jeff Skirvin <jeffrey.d.skirvin@intel.com>
Reviewed-by: Lukasz Dorau <lukasz.dorau@intel.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
[bwh: Backported to 3.2: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
drivers/scsi/isci/task.c

index 66ad3dc..e294d11 100644 (file)
@@ -1038,6 +1038,7 @@ int isci_task_abort_task(struct sas_task *task)
        int                       ret = TMF_RESP_FUNC_FAILED;
        unsigned long             flags;
        int                       perform_termination = 0;
+       int                       target_done_already = 0;
 
        /* Get the isci_request reference from the task.  Note that
         * this check does not depend on the pending request list
@@ -1052,9 +1053,11 @@ int isci_task_abort_task(struct sas_task *task)
        /* If task is already done, the request isn't valid */
        if (!(task->task_state_flags & SAS_TASK_STATE_DONE) &&
            (task->task_state_flags & SAS_TASK_AT_INITIATOR) &&
-           old_request)
+           old_request) {
                isci_device = isci_lookup_device(task->dev);
-
+               target_done_already = test_bit(IREQ_COMPLETE_IN_TARGET,
+                                              &old_request->flags);
+       }
        spin_unlock(&task->task_state_lock);
        spin_unlock_irqrestore(&isci_host->scic_lock, flags);
 
@@ -1116,7 +1119,7 @@ int isci_task_abort_task(struct sas_task *task)
        }
        if (task->task_proto == SAS_PROTOCOL_SMP ||
            sas_protocol_ata(task->task_proto) ||
-           test_bit(IREQ_COMPLETE_IN_TARGET, &old_request->flags)) {
+           target_done_already) {
 
                spin_unlock_irqrestore(&isci_host->scic_lock, flags);