[SCSI] scsi_transport_fc: fc_user_scan correction
James Smart [Thu, 24 Apr 2008 16:12:46 +0000 (12:12 -0400)]
Way back when, when the fc_user_scan routine was created, it kept some
of its original logic that walked the rport list and kicked off a scan.
Unfortunately, it didn't keep any of the locking around the rport list,
nor did it consider the synchronous nature of the scan invoked. The result,
there are some scan requests where the rport list changes, thus a subsequent
scan is called on a bogus rport structure and the system NMI's.

Signed-off-by: James Smart <james.smart@emulex.com>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

drivers/scsi/scsi_transport_fc.c

index 6b092a6..5fd64e7 100644 (file)
@@ -1961,12 +1961,17 @@ fc_timed_out(struct scsi_cmnd *scmd)
 }
 
 /*
- * Must be called with shost->host_lock held
+ * Called by fc_user_scan to locate an rport on the shost that
+ * matches the channel and target id, and invoke scsi_scan_target()
+ * on the rport.
  */
-static int fc_user_scan(struct Scsi_Host *shost, uint channel,
-               uint id, uint lun)
+static void
+fc_user_scan_tgt(struct Scsi_Host *shost, uint channel, uint id, uint lun)
 {
        struct fc_rport *rport;
+       unsigned long flags;
+
+       spin_lock_irqsave(shost->host_lock, flags);
 
        list_for_each_entry(rport, &fc_host_rports(shost), peers) {
                if (rport->scsi_target_id == -1)
@@ -1975,13 +1980,54 @@ static int fc_user_scan(struct Scsi_Host *shost, uint channel,
                if (rport->port_state != FC_PORTSTATE_ONLINE)
                        continue;
 
-               if ((channel == SCAN_WILD_CARD || channel == rport->channel) &&
-                   (id == SCAN_WILD_CARD || id == rport->scsi_target_id)) {
-                       scsi_scan_target(&rport->dev, rport->channel,
-                                        rport->scsi_target_id, lun, 1);
+               if ((channel == rport->channel) &&
+                   (id == rport->scsi_target_id)) {
+                       spin_unlock_irqrestore(shost->host_lock, flags);
+                       scsi_scan_target(&rport->dev, channel, id, lun, 1);
+                       return;
                }
        }
 
+       spin_unlock_irqrestore(shost->host_lock, flags);
+}
+
+/*
+ * Called via sysfs scan routines. Necessary, as the FC transport
+ * wants to place all target objects below the rport object. So this
+ * routine must invoke the scsi_scan_target() routine with the rport
+ * object as the parent.
+ */
+static int
+fc_user_scan(struct Scsi_Host *shost, uint channel, uint id, uint lun)
+{
+       uint chlo, chhi;
+       uint tgtlo, tgthi;
+
+       if (((channel != SCAN_WILD_CARD) && (channel > shost->max_channel)) ||
+           ((id != SCAN_WILD_CARD) && (id >= shost->max_id)) ||
+           ((lun != SCAN_WILD_CARD) && (lun > shost->max_lun)))
+               return -EINVAL;
+
+       if (channel == SCAN_WILD_CARD) {
+               chlo = 0;
+               chhi = shost->max_channel + 1;
+       } else {
+               chlo = channel;
+               chhi = channel + 1;
+       }
+
+       if (id == SCAN_WILD_CARD) {
+               tgtlo = 0;
+               tgthi = shost->max_id;
+       } else {
+               tgtlo = id;
+               tgthi = id + 1;
+       }
+
+       for ( ; chlo < chhi; chlo++)
+               for ( ; tgtlo < tgthi; tgtlo++)
+                       fc_user_scan_tgt(shost, chlo, tgtlo, lun);
+
        return 0;
 }