diff mbox

53c700: fix BUG on untagged commands

Message ID 1465880407.18583.18.camel@linux.vnet.ibm.com (mailing list archive)
State Accepted, archived
Headers show

Commit Message

James Bottomley June 14, 2016, 5 a.m. UTC
The untagged command case in the 53c700 driver has been broken since
host wide tags were enabled because the replaced scsi_find_tag()
function had a special case for the tag value SCSI_NO_TAG to retrieve
sdev->current_cmnd.  The replacement function scsi_host_find_tag() has
no such special case and returns NULL causing untagged commands to
trigger a BUG() in the driver.  Inspection shows that the 53c700 is the
only driver using this SCSI_NO_TAG case, so a local fix in the driver
suffices to fix this problem globally.

Fixes: 64d513ac31b - "scsi: use host wide tags by default"
Cc: stable@vger.kernel.org	# 4.4+
Reported-by: Helge Deller <deller@gmx.de>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: James Bottomley <jejb@linux.vnet.ibm.com>

---



--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Johannes Thumshirn June 14, 2016, 7:15 a.m. UTC | #1
On Mon, Jun 13, 2016 at 10:00:07PM -0700, James Bottomley wrote:
> The untagged command case in the 53c700 driver has been broken since
> host wide tags were enabled because the replaced scsi_find_tag()
> function had a special case for the tag value SCSI_NO_TAG to retrieve
> sdev->current_cmnd.  The replacement function scsi_host_find_tag() has
> no such special case and returns NULL causing untagged commands to
> trigger a BUG() in the driver.  Inspection shows that the 53c700 is the
> only driver using this SCSI_NO_TAG case, so a local fix in the driver
> suffices to fix this problem globally.
> 
> Fixes: 64d513ac31b - "scsi: use host wide tags by default"
> Cc: stable@vger.kernel.org	# 4.4+
> Reported-by: Helge Deller <deller@gmx.de>
> Tested-by: Helge Deller <deller@gmx.de>
> Signed-off-by: James Bottomley <jejb@linux.vnet.ibm.com>

Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Ewan Milne June 14, 2016, 1:10 p.m. UTC | #2
On Mon, 2016-06-13 at 22:00 -0700, James Bottomley wrote:
> The untagged command case in the 53c700 driver has been broken since
> host wide tags were enabled because the replaced scsi_find_tag()
> function had a special case for the tag value SCSI_NO_TAG to retrieve
> sdev->current_cmnd.  The replacement function scsi_host_find_tag() has
> no such special case and returns NULL causing untagged commands to
> trigger a BUG() in the driver.  Inspection shows that the 53c700 is the
> only driver using this SCSI_NO_TAG case, so a local fix in the driver
> suffices to fix this problem globally.
> 
> Fixes: 64d513ac31b - "scsi: use host wide tags by default"
> Cc: stable@vger.kernel.org	# 4.4+
> Reported-by: Helge Deller <deller@gmx.de>
> Tested-by: Helge Deller <deller@gmx.de>
> Signed-off-by: James Bottomley <jejb@linux.vnet.ibm.com>
> 
> ---
> 
> diff --git a/drivers/scsi/53c700.c b/drivers/scsi/53c700.c
> index d4c2856..3ddc85e 100644
> --- a/drivers/scsi/53c700.c
> +++ b/drivers/scsi/53c700.c
> @@ -1122,7 +1122,7 @@ process_script_interrupt(__u32 dsps, __u32 dsp, struct scsi_cmnd *SCp,
>  		} else {
>  			struct scsi_cmnd *SCp;
>  
> -			SCp = scsi_host_find_tag(SDp->host, SCSI_NO_TAG);
> +			SCp = SDp->current_cmnd;
>  			if(unlikely(SCp == NULL)) {
>  				sdev_printk(KERN_ERR, SDp,
>  					"no saved request for untagged cmd\n");
> @@ -1826,7 +1826,7 @@ NCR_700_queuecommand_lck(struct scsi_cmnd *SCp, void (*done)(struct scsi_cmnd *)
>  		       slot->tag, slot);
>  	} else {
>  		slot->tag = SCSI_NO_TAG;
> -		/* must populate current_cmnd for scsi_host_find_tag to work */
> +		/* save current command for reselection */
>  		SCp->device->current_cmnd = SCp;
>  	}
>  	/* sanity check: some of the commands generated by the mid-layer
> 
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reviewed-by: Ewan D. Milne <emilne@redhat.com>



--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Martin K. Petersen June 15, 2016, 2 a.m. UTC | #3
>>>>> "James" == James Bottomley <jejb@linux.vnet.ibm.com> writes:

James> The untagged command case in the 53c700 driver has been broken
James> since host wide tags were enabled because the replaced
James> scsi_find_tag() function had a special case for the tag value
James> SCSI_NO_TAG to retrieve sdev-> current_cmnd.  The replacement
James> function scsi_host_find_tag() has no such special case and
James> returns NULL causing untagged commands to trigger a BUG() in the
James> driver.  Inspection shows that the 53c700 is the only driver
James> using this SCSI_NO_TAG case, so a local fix in the driver
James> suffices to fix this problem globally.

Applied to 4.7/scsi-fixes.
diff mbox

Patch

diff --git a/drivers/scsi/53c700.c b/drivers/scsi/53c700.c
index d4c2856..3ddc85e 100644
--- a/drivers/scsi/53c700.c
+++ b/drivers/scsi/53c700.c
@@ -1122,7 +1122,7 @@  process_script_interrupt(__u32 dsps, __u32 dsp, struct scsi_cmnd *SCp,
 		} else {
 			struct scsi_cmnd *SCp;
 
-			SCp = scsi_host_find_tag(SDp->host, SCSI_NO_TAG);
+			SCp = SDp->current_cmnd;
 			if(unlikely(SCp == NULL)) {
 				sdev_printk(KERN_ERR, SDp,
 					"no saved request for untagged cmd\n");
@@ -1826,7 +1826,7 @@  NCR_700_queuecommand_lck(struct scsi_cmnd *SCp, void (*done)(struct scsi_cmnd *)
 		       slot->tag, slot);
 	} else {
 		slot->tag = SCSI_NO_TAG;
-		/* must populate current_cmnd for scsi_host_find_tag to work */
+		/* save current command for reselection */
 		SCp->device->current_cmnd = SCp;
 	}
 	/* sanity check: some of the commands generated by the mid-layer