SCSI: isci: Fix a race condition in the SSP task management path
Jeff Skirvin [Fri, 12 Jul 2013 00:18:58 +0000 (17:18 -0700)]
commit 96f15f29038e58e1b0a96483e2b369ff446becf1 upstream.

This commit fixes a race condition in the isci driver abort task and SSP
device task management path.  The race is caused when an I/O termination
in the SCU hardware is necessary because of an SSP target timeout condition,
and the check of the I/O end state races against the HW-termination-driven
end state.  The failure of the race meant that no TMF was sent to the device
to clean-up the pending I/O.

Signed-off-by: Jeff Skirvin <jeffrey.d.skirvin@intel.com>
Reviewed-by: Lukasz Dorau <lukasz.dorau@intel.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/scsi/isci/task.c

index 9bb020a..0d30ca8 100644 (file)
@@ -491,6 +491,7 @@ int isci_task_abort_task(struct sas_task *task)
        struct isci_tmf           tmf;
        int                       ret = TMF_RESP_FUNC_FAILED;
        unsigned long             flags;
+       int                       target_done_already = 0;
 
        /* Get the isci_request reference from the task.  Note that
         * this check does not depend on the pending request list
@@ -505,9 +506,11 @@ int isci_task_abort_task(struct sas_task *task)
        /* If task is already done, the request isn't valid */
        if (!(task->task_state_flags & SAS_TASK_STATE_DONE) &&
            (task->task_state_flags & SAS_TASK_AT_INITIATOR) &&
-           old_request)
+           old_request) {
                idev = isci_get_device(task->dev->lldd_dev);
-
+               target_done_already = test_bit(IREQ_COMPLETE_IN_TARGET,
+                                              &old_request->flags);
+       }
        spin_unlock(&task->task_state_lock);
        spin_unlock_irqrestore(&ihost->scic_lock, flags);
 
@@ -561,7 +564,7 @@ int isci_task_abort_task(struct sas_task *task)
 
        if (task->task_proto == SAS_PROTOCOL_SMP ||
            sas_protocol_ata(task->task_proto) ||
-           test_bit(IREQ_COMPLETE_IN_TARGET, &old_request->flags) ||
+           target_done_already ||
            test_bit(IDEV_GONE, &idev->flags)) {
 
                spin_unlock_irqrestore(&ihost->scic_lock, flags);