ncr5380: Call scsi_eh_prep_cmnd() and scsi_eh_restore_cmnd() as and when appropriate
authorFinn Thain <fthain@telegraphics.com.au>
Mon, 22 Feb 2016 23:07:09 +0000 (10:07 +1100)
committerMartin K. Petersen <martin.petersen@oracle.com>
Tue, 1 Mar 2016 14:38:58 +0000 (09:38 -0500)
commit8d5dbec3bcb24a7d071962448e0fecaca8c75cc7
treeccb8868cb74c02bb283bf69d84722dcfe83e1e8c
parentccf6efd78317ef6265829c81a3e1a19f628b1a2d
ncr5380: Call scsi_eh_prep_cmnd() and scsi_eh_restore_cmnd() as and when appropriate

This bug causes the wrong command to have its sense pointer overwritten,
which sometimes leads to a NULL pointer deref. Fix this by checking which
command is being requeued before restoring the scsi_eh_save data.

It turns out that some targets will disconnect a REQUEST SENSE command.
The autosense algorithm doesn't anticipate this. Hence multiple commands
can end up undergoing autosense simultaneously, and they will all try to
use the same scsi_eh_save struct, which won't work. Defer autosense when
the scsi_eh_save storage is in use by another command.

Fixes: f27db8eb98a1 ("ncr5380: Fix autosense bugs")
Reported-and-tested-by: Michael Schmitz <schmitzmic@gmail.com>
Cc: <stable@vger.kernel.org> # 4.5
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/scsi/NCR5380.c
drivers/scsi/atari_NCR5380.c