ahci: Fix data abort on multiple scsi resets.

Message ID	1396362400-32305-1-git-send-email-rogerq@ti.com
State	Accepted
Commit	3f62971162370213271dc1e7a396b6b3a6d5b6c6
Headers	show Return-Path: <patchwork-forward+bncBD45J6OZZMOBBOUZ5OMQKGQEIEC5HYA@linaro.org> Received-SPF: neutral (google.com: 209.85.220.178 is neither permitted nor denied by best guess record for domain of patch+caf_=patchwork-forward=linaro.org@linaro.org) client-ip=209.85.220.178; Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de designates 85.214.87.163 as permitted sender) client-ip=85.214.87.163; From: Roger Quadros <rogerq@ti.com> To: <trini@ti.com> Date: Tue, 1 Apr 2014 17:26:40 +0300 Message-ID: <1396362400-32305-1-git-send-email-rogerq@ti.com> MIME-Version: 1.0 Cc: elini@marvell.com, omrii@marvell.com, u-boot@lists.denx.de, aneesh@ti.com, Roger Quadros <rogerq@ti.com> Subject: [U-Boot] [PATCH] ahci: Fix data abort on multiple scsi resets. Precedence: list Sender: u-boot-bounces@lists.denx.de Errors-To: u-boot-bounces@lists.denx.de Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit

Message ID

1396362400-32305-1-git-send-email-rogerq@ti.com

State

Accepted

Commit

3f62971162370213271dc1e7a396b6b3a6d5b6c6

Headers

Received-SPF: neutral (google.com: 209.85.220.178 is neither permitted nor
	denied by best guess record for domain of
	patch+caf_=patchwork-forward=linaro.org@linaro.org)
	client-ip=209.85.220.178; 
Received-SPF: pass (google.com: domain of u-boot-bounces@lists.denx.de
	designates 85.214.87.163 as permitted sender)
	client-ip=85.214.87.163; 
From: Roger Quadros <rogerq@ti.com>
To: <trini@ti.com>
Date: Tue, 1 Apr 2014 17:26:40 +0300
Message-ID: <1396362400-32305-1-git-send-email-rogerq@ti.com>
MIME-Version: 1.0
Cc: elini@marvell.com, omrii@marvell.com, u-boot@lists.denx.de, aneesh@ti.com,
	Roger Quadros <rogerq@ti.com>
Subject: [U-Boot] [PATCH] ahci: Fix data abort on multiple scsi resets.
Precedence: list
Sender: u-boot-bounces@lists.denx.de
Errors-To: u-boot-bounces@lists.denx.de
Mailing-list: list patchwork-forward@linaro.org;
	contact patchwork-forward+owners@linaro.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Commit Message

Roger Quadros April 1, 2014, 2:26 p.m. UTC

Commit 2faf5fb82ed6 introduced a regression that causes a data
abort when running scsi init followed by scsi reset.

There are 2 problems with the original commit
1) ALLOC_CACHE_ALIGN_BUFFER() allocates memory on the stack but is
assigned to ataid[port] and used by other functions.
2) The function ata_scsiop_inquiry() tries to free memory which was
never allocated on the heap.

Fix these problems by using tmpid as a temporary cache aligned buffer.
Allocate memory separately for ataid[port] and re-use it if required.

Fixes: 2faf5fb82ed6 (ahci: Fix cache align error messages)

Reported-by: Eli Nidam <elini@marvell.com>
Signed-off-by: Roger Quadros <rogerq@ti.com>
---
 drivers/block/ahci.c | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

Comments

Tom Rini April 2, 2014, 9:18 p.m. UTC | #1

On Tue, Apr 01, 2014 at 05:26:40PM +0300, Roger Quadros wrote:

> Commit 2faf5fb82ed6 introduced a regression that causes a data
> abort when running scsi init followed by scsi reset.
> 
> There are 2 problems with the original commit
> 1) ALLOC_CACHE_ALIGN_BUFFER() allocates memory on the stack but is
> assigned to ataid[port] and used by other functions.
> 2) The function ata_scsiop_inquiry() tries to free memory which was
> never allocated on the heap.
> 
> Fix these problems by using tmpid as a temporary cache aligned buffer.
> Allocate memory separately for ataid[port] and re-use it if required.
> 
> Fixes: 2faf5fb82ed6 (ahci: Fix cache align error messages)
> 
> Reported-by: Eli Nidam <elini@marvell.com>
> Signed-off-by: Roger Quadros <rogerq@ti.com>

Applied to u-boot/master, thanks!

diff --git a/drivers/block/ahci.c b/drivers/block/ahci.c
index a409f63..c8f6573 100644
--- a/drivers/block/ahci.c
+++ b/drivers/block/ahci.c
@@ -623,6 +623,7 @@  static int ata_scsiop_inquiry(ccb *pccb)
 		95 - 4,
 	};
 	u8 fis[20];
+	u16 *idbuf;
 	ALLOC_CACHE_ALIGN_BUFFER(u16, tmpid, ATA_ID_WORDS);
 	u8 port;
 
@@ -649,17 +650,25 @@  static int ata_scsiop_inquiry(ccb *pccb)
 		return -EIO;
 	}
 
-	if (ataid[port])
-		free(ataid[port]);
-	ataid[port] = tmpid;
-	ata_swap_buf_le16(tmpid, ATA_ID_WORDS);
+	if (!ataid[port]) {
+		ataid[port] = malloc(ATA_ID_WORDS * 2);
+		if (!ataid[port]) {
+			printf("%s: No memory for ataid[port]\n", __func__);
+			return -ENOMEM;
+		}
+	}
+
+	idbuf = ataid[port];
+
+	memcpy(idbuf, tmpid, ATA_ID_WORDS * 2);
+	ata_swap_buf_le16(idbuf, ATA_ID_WORDS);
 
 	memcpy(&pccb->pdata[8], "ATA     ", 8);
-	ata_id_strcpy((u16 *) &pccb->pdata[16], &tmpid[ATA_ID_PROD], 16);
-	ata_id_strcpy((u16 *) &pccb->pdata[32], &tmpid[ATA_ID_FW_REV], 4);
+	ata_id_strcpy((u16 *)&pccb->pdata[16], &idbuf[ATA_ID_PROD], 16);
+	ata_id_strcpy((u16 *)&pccb->pdata[32], &idbuf[ATA_ID_FW_REV], 4);
 
 #ifdef DEBUG
-	ata_dump_id(tmpid);
+	ata_dump_id(idbuf);
 #endif
 	return 0;
 }

ahci: Fix data abort on multiple scsi resets.

Commit Message

Comments

Patch