1. 19 Feb, 2012 38 commits
  2. 18 Feb, 2012 2 commits
    • Alan Stern's avatar
      [SCSI] scsi_pm: Fix bug in the SCSI power management handler · fea6d607
      Alan Stern authored
      This patch (as1520) fixes a bug in the SCSI layer's power management
      implementation.
      
      LUN scanning can be carried out asynchronously in do_scan_async(), and
      sd uses an asynchronous thread for the time-consuming parts of disk
      probing in sd_probe_async().  Currently nothing coordinates these
      async threads with system sleep transitions; they can and do attempt
      to continue scanning/probing SCSI devices even after the host adapter
      has been suspended.  As one might expect, the outcome is not ideal.
      
      This is what the "prepare" stage of system suspend was created for.
      After the prepare callback has been called for a host, target, or
      device, drivers are not allowed to register any children underneath
      them.  Currently the SCSI prepare callback is not implemented; this
      patch rectifies that omission.
      
      For SCSI hosts, the prepare routine calls scsi_complete_async_scans()
      to wait until async scanning is finished.  It might be slightly more
      efficient to wait only until the host in question has been scanned,
      but there's currently no way to do that.  Besides, during a sleep
      transition we will ultimately have to wait until all the host scanning
      has finished anyway.
      
      For SCSI devices, the prepare routine calls async_synchronize_full()
      to wait until sd probing is finished.  The routine does nothing for
      SCSI targets, because asynchronous target scanning is done only as
      part of host scanning.
      Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      CC: <stable@kernel.org>
      Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
      fea6d607
    • Huajun Li's avatar
      [SCSI] scsi_scan: Fix 'Poison overwritten' warning caused by using freed 'shost' · 267a6ad4
      Huajun Li authored
      In do_scan_async(), calling scsi_autopm_put_host(shost) may reference
      freed shost, and cause Posison overwitten warning.
      Yes, this case can happen, for example, an USB is disconnected just
      when do_scan_async() thread starts to run, then scsi_host_put() called
      in scsi_finish_async_scan() will lead to shost be freed(because the
      refcount of shost->shost_gendev decreases to 1 after USB disconnects),
      at this point, if references shost again, system will show following
      warning msg.
      
      To make scsi_autopm_put_host(shost) always reference a valid shost,
      put it just before scsi_host_put() in function
      scsi_finish_async_scan().
      
      [  299.281565] =============================================================================
      [  299.281634] BUG kmalloc-4096 (Tainted: G          I ): Poison overwritten
      [  299.281682] -----------------------------------------------------------------------------
      [  299.281684]
      [  299.281752] INFO: 0xffff880056c305d0-0xffff880056c305d0. First byte
      0x6a instead of 0x6b
      [  299.281816] INFO: Allocated in scsi_host_alloc+0x4a/0x490 age=1688
      cpu=1 pid=2004
      [  299.281870] 	__slab_alloc+0x617/0x6c1
      [  299.281901] 	__kmalloc+0x28c/0x2e0
      [  299.281931] 	scsi_host_alloc+0x4a/0x490
      [  299.281966] 	usb_stor_probe1+0x5b/0xc40 [usb_storage]
      [  299.282010] 	storage_probe+0xa4/0xe0 [usb_storage]
      [  299.282062] 	usb_probe_interface+0x172/0x330 [usbcore]
      [  299.282105] 	driver_probe_device+0x257/0x3b0
      [  299.282138] 	__driver_attach+0x103/0x110
      [  299.282171] 	bus_for_each_dev+0x8e/0xe0
      [  299.282201] 	driver_attach+0x26/0x30
      [  299.282230] 	bus_add_driver+0x1c4/0x430
      [  299.282260] 	driver_register+0xb6/0x230
      [  299.282298] 	usb_register_driver+0xe5/0x270 [usbcore]
      [  299.282337] 	0xffffffffa04ab03d
      [  299.282364] 	do_one_initcall+0x47/0x230
      [  299.282396] 	sys_init_module+0xa0f/0x1fe0
      [  299.282429] INFO: Freed in scsi_host_dev_release+0x18a/0x1d0 age=85
      cpu=0 pid=2008
      [  299.282482] 	__slab_free+0x3c/0x2a1
      [  299.282510] 	kfree+0x296/0x310
      [  299.282536] 	scsi_host_dev_release+0x18a/0x1d0
      [  299.282574] 	device_release+0x74/0x100
      [  299.282606] 	kobject_release+0xc7/0x2a0
      [  299.282637] 	kobject_put+0x54/0xa0
      [  299.282668] 	put_device+0x27/0x40
      [  299.282694] 	scsi_host_put+0x1d/0x30
      [  299.282723] 	do_scan_async+0x1fc/0x2b0
      [  299.282753] 	kthread+0xdf/0xf0
      [  299.282782] 	kernel_thread_helper+0x4/0x10
      [  299.282817] INFO: Slab 0xffffea00015b0c00 objects=7 used=7 fp=0x
            (null) flags=0x100000000004080
      [  299.282882] INFO: Object 0xffff880056c30000 @offset=0 fp=0x          (null)
      [  299.282884]
      ...
      Signed-off-by: default avatarHuajun Li <huajun.li.lee@gmail.com>
      Cc: stable@kernel.org
      Acked-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
      267a6ad4