git.alex.org.uk - linux-flexiantxendom0-natty.git/commit

author	Nicholas Bellinger <nab@linux-iscsi.org>
	Fri, 20 May 2011 03:19:11 +0000 (20:19 -0700)
committer	Steve Conklin <sconklin@canonical.com>
	Fri, 15 Jul 2011 17:21:00 +0000 (12:21 -0500)
commit	020b15d293b7b2853fcc82e430ff6d81ada10cd8
tree	bd1f7790f47e88e97aa288942f6514ec5377aa31	tree \| snapshot
parent	a39af7662feaa59d7a66db4fbb9318639a4e45fe	commit \| diff

target: Fix bug with task_sg chained transport_free_dev_tasks release

BugLink: http://bugs.launchpad.net/bugs/793702

commit f436677262a5b524ac87675014c6d4e8ee153029 upstream.

This patch addresses a bug in the target core release path for HW
operation where transport_free_dev_tasks() was incorrectly being called
from transport_lun_remove_cmd() while releasing a se_cmd reference and
calling struct target_core_fabric_ops->queue_data_in().

This would result in a OOPs with HW target mode when the release of
se_task->task_sg[] would happen before pci_unmap_sg() can be called in
HW target mode fabric module code. This patch addresses the issue by
moving transport_free_dev_tasks() from transport_lun_remove_cmd() into
transport_generic_free_cmd(), and adding TRANSPORT_FREE_CMD_INTR and
transport_generic_free_cmd_intr() to allow se_cmd descriptor release
to happen fromfrom within transport_processing_thread() process context
when release of se_cmd is not possible from HW interrupt context.

Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Signed-off-by: James Bottomley <jbottomley@parallels.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

drivers/target/target_core_transport.c		diff \| blob \| history
include/target/target_core_base.h		diff \| blob \| history
include/target/target_core_transport.h		diff \| blob \| history