Hannes & Christoph: Please comment on Sreekanth's proposed approach. > During expander reset handling, the driver invokes kernel function > scsi_host_find_tag() to obtain outstanding requests associated with > the scsi host managed by the driver. Driver loops from tag value zero > to hba queue depth to obtain the outstanding scmds. But when blk-mq is > enabled then Kernel’s block layer may return stale entry for one or > more requests. This may lead to Kernel panic if the returned value is > inaccessible or the memory pointed by the returned value is reused. > > Reference of upstream discussion - > https://patchwork.kernel.org/patch/10734933/ > > Fix: Instead of calling scsi_host_find_tag() API for each and every > smid(smid is tag +1) from one to shost->can_queue, now driver will > call this API (to obtain the outstanding scmd) for only those smid's > which are outstanding at the driver level. > > Driver will determine whether this smid is outstanding at driver level > by looking into it's corresponding MPI request frame, if it's MPI > request frame is empty then it means that this smid is free and no > need to call scsi_host_find_tag() API for this smid. By doing this > driver will invoke scsi_host_find_tag() for only those tags which are > outstanding at the driver level. > > Driver will check whether particular MPI request frame is empty or not > by looking into the "DevHandle" field. If this field is zero then it > means that this MPI request is empty. For active MPI request DevHandle > must be non-zero. > > Also driver will memset the MPI request frame once the corresponding > scmd is processed (i.e. just before calling scmd->done function). -- Martin K. Petersen Oracle Linux Engineering
