[SCSI] libsas: close error handling vs sas_ata_task_done() race
authorDan Williams <dan.j.williams@intel.com>
Mon, 28 Nov 2011 20:08:22 +0000 (12:08 -0800)
committerJames Bottomley <JBottomley@Parallels.com>
Sun, 19 Feb 2012 19:58:38 +0000 (13:58 -0600)
commit3dff5721e4f67e6231dfc419d30aaa7563bfffd4
tree752102ef79f985f4d153b4791461404f67cdf467
parente500a34b0257def5b9ec07563afeeada1ead87bb
[SCSI] libsas: close error handling vs sas_ata_task_done() race

Since sas_ata does not implement ->freeze(), completions for scmds and
internal commands can still arrive concurrent with
ata_scsi_cmd_error_handler() and sas_ata_post_internal() respectively.
By the time either of those is called libata has committed to completing
the qc, and the ATA_PFLAG_FROZEN flag tells sas_ata_task_done() it has
lost the race.

In the sas_ata_post_internal() case we take on the additional
responsibility of freeing the sas_task to close the race with
sas_ata_task_done() freeing the the task while sas_ata_post_internal()
is in the process of invoking ->lldd_abort_task().

Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
drivers/scsi/libsas/sas_ata.c
drivers/scsi/libsas/sas_scsi_host.c
include/scsi/libsas.h