Commit e2396f1e authored by James Bottomley's avatar James Bottomley

[SCSI] aic94xx: fix TMF ascb handling to prevent sequencer panic

This is a particularly nasty bug.  The problem is that if any internal
ascb times out, currently we free it even though it's pending at the
sequencer.  This results in the sequencer getting terminally confused
and the error message:

BUG:sequencer:dl:no ascb

Being returned when it comes back.  The way to fix this is to manage
freeing the ascb from the tasklet completion routine, so that we only
free it when the sequencer actually returns it.  The code is also
altered to use on stack completions and transfer variables.
Signed-off-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
parent 8de3ef25
...@@ -140,7 +140,7 @@ struct asd_ascb { ...@@ -140,7 +140,7 @@ struct asd_ascb {
/* internally generated command */ /* internally generated command */
struct timer_list timer; struct timer_list timer;
struct completion completion; struct completion *completion;
u8 tag_valid:1; u8 tag_valid:1;
__be16 tag; /* error recovery only */ __be16 tag; /* error recovery only */
...@@ -294,7 +294,6 @@ static inline void asd_init_ascb(struct asd_ha_struct *asd_ha, ...@@ -294,7 +294,6 @@ static inline void asd_init_ascb(struct asd_ha_struct *asd_ha,
ascb->timer.function = NULL; ascb->timer.function = NULL;
init_timer(&ascb->timer); init_timer(&ascb->timer);
ascb->tc_index = -1; ascb->tc_index = -1;
init_completion(&ascb->completion);
} }
/* Must be called with the tc_index_lock held! /* Must be called with the tc_index_lock held!
......
...@@ -343,11 +343,13 @@ Again: ...@@ -343,11 +343,13 @@ Again:
task->task_state_flags &= ~SAS_TASK_AT_INITIATOR; task->task_state_flags &= ~SAS_TASK_AT_INITIATOR;
task->task_state_flags |= SAS_TASK_STATE_DONE; task->task_state_flags |= SAS_TASK_STATE_DONE;
if (unlikely((task->task_state_flags & SAS_TASK_STATE_ABORTED))) { if (unlikely((task->task_state_flags & SAS_TASK_STATE_ABORTED))) {
struct completion *completion = ascb->completion;
spin_unlock_irqrestore(&task->task_state_lock, flags); spin_unlock_irqrestore(&task->task_state_lock, flags);
ASD_DPRINTK("task 0x%p done with opcode 0x%x resp 0x%x " ASD_DPRINTK("task 0x%p done with opcode 0x%x resp 0x%x "
"stat 0x%x but aborted by upper layer!\n", "stat 0x%x but aborted by upper layer!\n",
task, opcode, ts->resp, ts->stat); task, opcode, ts->resp, ts->stat);
complete(&ascb->completion); if (completion)
complete(completion);
} else { } else {
spin_unlock_irqrestore(&task->task_state_lock, flags); spin_unlock_irqrestore(&task->task_state_lock, flags);
task->lldd_task = NULL; task->lldd_task = NULL;
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment