projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 68ab2d7)
scsi: cxlflash: Fix crash in cxlflash_restore_luntable()
authorUma Krishnan <ukrishn@linux.vnet.ibm.com>
Tue, 29 Nov 2016 00:41:19 +0000 (18:41 -0600)
committerMartin K. Petersen <martin.petersen@oracle.com>
Wed, 30 Nov 2016 16:34:00 +0000 (11:34 -0500)
During test, the following crash was observed:

[34538.981505] Faulting instruction address: 0xd000000007c9c870
cpu 0x9: Vector: 300 (Data Access) at [c0000007f1e8f590]
    pc: d000000007c9c870: cxlflash_restore_luntable+0x70/0x1d0 [cxlflash]
    lr: d000000007c9c84c: cxlflash_restore_luntable+0x4c/0x1d0 [cxlflash]
    sp: c0000007f1e8f810
   msr: 9000000100009033
   dar: c00000171d637438
 dsisr: 40000000
  current = 0xc0000007f1e43f90
  paca    = 0xc000000007b25100   softe: 0        irq_happened: 0x01
    pid   = 493, comm = eehd
enter ? for help
[c0000007f1e8f8a0d000000007c940b0 init_afu+0xd60/0x1200 [cxlflash]
[c0000007f1e8f9a0d000000007c945a8 cxlflash_pci_slot_reset+0x58/0xe0 [cxlflash]
[c0000007f1e8fa20d00000000715f790 cxl_pci_slot_reset+0x230/0x340 [cxl]
[c0000007f1e8fae0c000000000040dd4 eeh_report_reset+0x144/0x180
[c0000007f1e8fb20c00000000003f708 eeh_pe_dev_traverse+0x98/0x170
[c0000007f1e8fbb0c000000000041618 eeh_handle_normal_event+0x328/0x410
[c0000007f1e8fc30c000000000041db8 eeh_handle_event+0x178/0x330
[c0000007f1e8fce0c000000000042118 eeh_event_handler+0x1a8/0x1b0
[c0000007f1e8fd80c00000000011420c kthread+0xec/0x100
[c0000007f1e8fe30c00000000000a47c ret_from_kernel_thread+0x5c/0xe0

When superpipe mode is disabled for a LUN, the references for the
local lun are deleted but the LUN is still identified as being present
in the LUN table. This mismatched state can result in the above crash
when the LUN table is restored during an error recovery operation.

To fix this issue, the local LUN information structure is updated to
reflect the LUN is no longer in the LUN table once all references to
the LUN are gone.

Signed-off-by: Uma Krishnan <ukrishn@linux.vnet.ibm.com>
Acked-by: Matthew R. Ochs <mrochs@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
drivers/scsi/cxlflash/lunmgt.c patch | blob | blame | history

diff --git a/drivers/scsi/cxlflash/lunmgt.c b/drivers/scsi/cxlflash/lunmgt.c
index a0923cade6f3ead93b53dbb868e492df08635c51..6c318db90c85cee7e02019ee06a757f26102bf06 100644 (file)
--- a/drivers/scsi/cxlflash/lunmgt.c
+++ b/drivers/scsi/cxlflash/lunmgt.c
@@ -254,8 +254,14 @@ int cxlflash_manage_lun(struct scsi_device *sdev,
                if (lli->parent->mode != MODE_NONE)
                        rc = -EBUSY;
                else {
+                       /*
+                        * Clean up local LUN for this port and reset table
+                        * tracking when no more references exist.
+                        */
                        sdev->hostdata = NULL;
                        lli->port_sel &= ~CHAN2PORT(chan);
+                       if (lli->port_sel == 0U)
+                               lli->in_table = false;
                }
        }