mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-26 22:24:09 +08:00
b13a3539eb
In the case of UPIU/DME request execution failed in UFS device,
ufs_bsg_request() will complete the failed bsg job by calling
bsg_job_done(). Meanwhile, it returns this error status to blk-mq layer,
then triggers blk-mq completing this request again, this will cause the
following panic.
Call trace:
ll_sc___cmpxchg_case_acq_32+0x4/0x20
complete+0x28/0x70
blk_end_sync_rq+0x24/0x30
blk_mq_end_request+0xb8/0x118
bsg_job_put+0x4c/0x58
bsg_complete+0x20/0x30
blk_done_softirq+0xb4/0xe8
do_softirq+0x154/0x3f0
run_ksoftirqd+0x4c/0x68
smpboot_thread_fn+0x22c/0x268
kthread+0x130/0x138
ret_from_fork+0x10/0x1c
Code: f84107fe d65f03c0 d503201f f9800011 (885ffc10)
---[ end trace d92825bff6326e66 ]---
Kernel panic - not syncing: Fatal exception in interrupt
This patch is to fix this issue. The solution is to complete the ufs-bsg
job only if no error happened.
[mkp: commit description tweak]
Fixes: df032bf27a
(scsi: ufs: Add a bsg endpoint that supports UPIUs)
Signed-off-by: Bean Huo <beanhuo@micron.com>
Reviewed-by: Avri Altman <Avri.Altman@wdc.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
222 lines
5.0 KiB
C
222 lines
5.0 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* bsg endpoint that supports UPIUs
|
|
*
|
|
* Copyright (C) 2018 Western Digital Corporation
|
|
*/
|
|
#include "ufs_bsg.h"
|
|
|
|
static int ufs_bsg_get_query_desc_size(struct ufs_hba *hba, int *desc_len,
|
|
struct utp_upiu_query *qr)
|
|
{
|
|
int desc_size = be16_to_cpu(qr->length);
|
|
int desc_id = qr->idn;
|
|
int ret;
|
|
|
|
if (desc_size <= 0)
|
|
return -EINVAL;
|
|
|
|
ret = ufshcd_map_desc_id_to_length(hba, desc_id, desc_len);
|
|
if (ret || !*desc_len)
|
|
return -EINVAL;
|
|
|
|
*desc_len = min_t(int, *desc_len, desc_size);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int ufs_bsg_verify_query_size(struct ufs_hba *hba,
|
|
unsigned int request_len,
|
|
unsigned int reply_len)
|
|
{
|
|
int min_req_len = sizeof(struct ufs_bsg_request);
|
|
int min_rsp_len = sizeof(struct ufs_bsg_reply);
|
|
|
|
if (min_req_len > request_len || min_rsp_len > reply_len) {
|
|
dev_err(hba->dev, "not enough space assigned\n");
|
|
return -EINVAL;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int ufs_bsg_alloc_desc_buffer(struct ufs_hba *hba, struct bsg_job *job,
|
|
uint8_t **desc_buff, int *desc_len,
|
|
enum query_opcode desc_op)
|
|
{
|
|
struct ufs_bsg_request *bsg_request = job->request;
|
|
struct utp_upiu_query *qr;
|
|
u8 *descp;
|
|
|
|
if (desc_op != UPIU_QUERY_OPCODE_WRITE_DESC &&
|
|
desc_op != UPIU_QUERY_OPCODE_READ_DESC)
|
|
goto out;
|
|
|
|
qr = &bsg_request->upiu_req.qr;
|
|
if (ufs_bsg_get_query_desc_size(hba, desc_len, qr)) {
|
|
dev_err(hba->dev, "Illegal desc size\n");
|
|
return -EINVAL;
|
|
}
|
|
|
|
if (*desc_len > job->request_payload.payload_len) {
|
|
dev_err(hba->dev, "Illegal desc size\n");
|
|
return -EINVAL;
|
|
}
|
|
|
|
descp = kzalloc(*desc_len, GFP_KERNEL);
|
|
if (!descp)
|
|
return -ENOMEM;
|
|
|
|
if (desc_op == UPIU_QUERY_OPCODE_WRITE_DESC)
|
|
sg_copy_to_buffer(job->request_payload.sg_list,
|
|
job->request_payload.sg_cnt, descp,
|
|
*desc_len);
|
|
|
|
*desc_buff = descp;
|
|
|
|
out:
|
|
return 0;
|
|
}
|
|
|
|
static int ufs_bsg_request(struct bsg_job *job)
|
|
{
|
|
struct ufs_bsg_request *bsg_request = job->request;
|
|
struct ufs_bsg_reply *bsg_reply = job->reply;
|
|
struct ufs_hba *hba = shost_priv(dev_to_shost(job->dev->parent));
|
|
unsigned int req_len = job->request_len;
|
|
unsigned int reply_len = job->reply_len;
|
|
struct uic_command uc = {};
|
|
int msgcode;
|
|
uint8_t *desc_buff = NULL;
|
|
int desc_len = 0;
|
|
enum query_opcode desc_op = UPIU_QUERY_OPCODE_NOP;
|
|
int ret;
|
|
|
|
ret = ufs_bsg_verify_query_size(hba, req_len, reply_len);
|
|
if (ret)
|
|
goto out;
|
|
|
|
bsg_reply->reply_payload_rcv_len = 0;
|
|
|
|
msgcode = bsg_request->msgcode;
|
|
switch (msgcode) {
|
|
case UPIU_TRANSACTION_QUERY_REQ:
|
|
desc_op = bsg_request->upiu_req.qr.opcode;
|
|
ret = ufs_bsg_alloc_desc_buffer(hba, job, &desc_buff,
|
|
&desc_len, desc_op);
|
|
if (ret)
|
|
goto out;
|
|
|
|
/* fall through */
|
|
case UPIU_TRANSACTION_NOP_OUT:
|
|
case UPIU_TRANSACTION_TASK_REQ:
|
|
ret = ufshcd_exec_raw_upiu_cmd(hba, &bsg_request->upiu_req,
|
|
&bsg_reply->upiu_rsp, msgcode,
|
|
desc_buff, &desc_len, desc_op);
|
|
if (ret)
|
|
dev_err(hba->dev,
|
|
"exe raw upiu: error code %d\n", ret);
|
|
|
|
break;
|
|
case UPIU_TRANSACTION_UIC_CMD:
|
|
memcpy(&uc, &bsg_request->upiu_req.uc, UIC_CMD_SIZE);
|
|
ret = ufshcd_send_uic_cmd(hba, &uc);
|
|
if (ret)
|
|
dev_err(hba->dev,
|
|
"send uic cmd: error code %d\n", ret);
|
|
|
|
memcpy(&bsg_reply->upiu_rsp.uc, &uc, UIC_CMD_SIZE);
|
|
|
|
break;
|
|
default:
|
|
ret = -ENOTSUPP;
|
|
dev_err(hba->dev, "unsupported msgcode 0x%x\n", msgcode);
|
|
|
|
break;
|
|
}
|
|
|
|
if (!desc_buff)
|
|
goto out;
|
|
|
|
if (desc_op == UPIU_QUERY_OPCODE_READ_DESC && desc_len)
|
|
bsg_reply->reply_payload_rcv_len =
|
|
sg_copy_from_buffer(job->request_payload.sg_list,
|
|
job->request_payload.sg_cnt,
|
|
desc_buff, desc_len);
|
|
|
|
kfree(desc_buff);
|
|
|
|
out:
|
|
bsg_reply->result = ret;
|
|
job->reply_len = sizeof(struct ufs_bsg_reply);
|
|
/* complete the job here only if no error */
|
|
if (ret == 0)
|
|
bsg_job_done(job, ret, bsg_reply->reply_payload_rcv_len);
|
|
|
|
return ret;
|
|
}
|
|
|
|
/**
|
|
* ufs_bsg_remove - detach and remove the added ufs-bsg node
|
|
*
|
|
* Should be called when unloading the driver.
|
|
*/
|
|
void ufs_bsg_remove(struct ufs_hba *hba)
|
|
{
|
|
struct device *bsg_dev = &hba->bsg_dev;
|
|
|
|
if (!hba->bsg_queue)
|
|
return;
|
|
|
|
bsg_remove_queue(hba->bsg_queue);
|
|
|
|
device_del(bsg_dev);
|
|
put_device(bsg_dev);
|
|
}
|
|
|
|
static inline void ufs_bsg_node_release(struct device *dev)
|
|
{
|
|
put_device(dev->parent);
|
|
}
|
|
|
|
/**
|
|
* ufs_bsg_probe - Add ufs bsg device node
|
|
* @hba: per adapter object
|
|
*
|
|
* Called during initial loading of the driver, and before scsi_scan_host.
|
|
*/
|
|
int ufs_bsg_probe(struct ufs_hba *hba)
|
|
{
|
|
struct device *bsg_dev = &hba->bsg_dev;
|
|
struct Scsi_Host *shost = hba->host;
|
|
struct device *parent = &shost->shost_gendev;
|
|
struct request_queue *q;
|
|
int ret;
|
|
|
|
device_initialize(bsg_dev);
|
|
|
|
bsg_dev->parent = get_device(parent);
|
|
bsg_dev->release = ufs_bsg_node_release;
|
|
|
|
dev_set_name(bsg_dev, "ufs-bsg");
|
|
|
|
ret = device_add(bsg_dev);
|
|
if (ret)
|
|
goto out;
|
|
|
|
q = bsg_setup_queue(bsg_dev, dev_name(bsg_dev), ufs_bsg_request, NULL, 0);
|
|
if (IS_ERR(q)) {
|
|
ret = PTR_ERR(q);
|
|
goto out;
|
|
}
|
|
|
|
hba->bsg_queue = q;
|
|
|
|
return 0;
|
|
|
|
out:
|
|
dev_err(bsg_dev, "fail to initialize a bsg dev %d\n", shost->host_no);
|
|
put_device(bsg_dev);
|
|
return ret;
|
|
}
|