FROMLIST: scsi: ufs: Fix task management completion

The UFS driver uses blk_mq_tagset_busy_iter() when identifying task management requests to complete, however blk_mq_tagset_busy_iter() doesn't work. blk_mq_tagset_busy_iter() only iterates requests dispatched by the block layer. That appears as if it might have started since commit 37f4a24c24 ("blk-mq: centralise related handling into blk_mq_get_driver_tag") which removed 'data->hctx->tags->rqs[rq->tag] = rq' from blk_mq_rq_ctx_init() which gets called: blk_get_request blk_mq_alloc_request __blk_mq_alloc_request blk_mq_rq_ctx_init Since UFS task management requests are not dispatched by the block layer, hctx->tags->rqs[rq->tag] remains NULL, and since blk_mq_tagset_busy_iter() relies on finding requests using hctx->tags->rqs[rq->tag], UFS task management requests are never found by blk_mq_tagset_busy_iter(). By using blk_mq_tagset_busy_iter(), the UFS driver was relying on internal details of the block layer, which was fragile and subsequently got broken. Fix by removing the use of blk_mq_tagset_busy_iter() and having the driver keep track of task management requests. Fixes: 1235fc569e0bf5 ("scsi: ufs: core: Fix task management request completion timeout") Fixes: 69a6c269c0 ("scsi: ufs: Use blk_{get,put}_request() to allocate and free TMFs") Cc: stable@vger.kernel.org Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> Bug: 200291871 Link: https://lore.kernel.org/linux-scsi/20210922091059.4040-1-adrian.hunter@intel.com/ Change-Id: I4e11f40c7371fd66b3a6b570d06c956b113df142 Signed-off-by: Bart Van Assche <bvanassche@google.com>
2021-09-22 12:10:59 +03:00
parent 7b6860d2a4
commit f4b3d35dfa
3 changed files with 32 additions and 30 deletions
--- a/drivers/scsi/ufs/ufshcd-add-info.h
+++ b/drivers/scsi/ufs/ufshcd-add-info.h
@@ -11,6 +11,7 @@
 */
 struct ufs_hba_add_info {
 	struct ufs_hba hba;
 	struct request **tmf_rqs;
 #ifdef CONFIG_SCSI_UFS_HPB
 	struct ufshpb_dev_info hpb_dev;
 #endif
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -6364,27 +6364,6 @@ static irqreturn_t ufshcd_check_errors(struct ufs_hba *hba, u32 intr_status)
 	return retval;
 }
 struct ctm_info {
 	struct ufs_hba	*hba;
 	unsigned long	pending;
 	unsigned int	ncpl;
 };
 static bool ufshcd_compl_tm(struct request *req, void *priv, bool reserved)
 {
 	struct ctm_info *const ci = priv;
 	struct completion *c;
 	WARN_ON_ONCE(reserved);
 	if (test_bit(req->tag, &ci->pending))
 		return true;
 	ci->ncpl++;
 	c = req->end_io_data;
 	if (c)
 		complete(c);
 	return true;
 }
 /**
 * ufshcd_tmc_handler - handle task management function completion
 * @hba: per adapter instance
@@ -6395,18 +6374,25 @@ static bool ufshcd_compl_tm(struct request *req, void *priv, bool reserved)
 */
 static irqreturn_t ufshcd_tmc_handler(struct ufs_hba *hba)
 {
-	unsigned long flags;
+	struct request **tmf_rqs = ufs_hba_add_info(hba)->tmf_rqs;
-	struct request_queue *q = hba->tmf_queue;
+	unsigned long flags, pending, issued;
-	struct ctm_info ci = {
+	irqreturn_t ret = IRQ_NONE;
-		.hba	 = hba,
+	int tag;
-	};
+
 	pending = ufshcd_readl(hba, REG_UTP_TASK_REQ_DOOR_BELL);
 	spin_lock_irqsave(hba->host->host_lock, flags);
-	ci.pending = ufshcd_readl(hba, REG_UTP_TASK_REQ_DOOR_BELL);
+	issued = hba->outstanding_tasks & ~pending;
-	blk_mq_tagset_busy_iter(q->tag_set, ufshcd_compl_tm, &ci);
+	for_each_set_bit(tag, &issued, hba->nutmrs) {
 		struct request *req = tmf_rqs[tag];
 		struct completion *c = req->end_io_data;
 		complete(c);
 		ret = IRQ_HANDLED;
 	}
 	spin_unlock_irqrestore(hba->host->host_lock, flags);
-	return ci.ncpl ? IRQ_HANDLED : IRQ_NONE;
+	return ret;
 }
 /**
@@ -6511,6 +6497,7 @@ out:
 static int __ufshcd_issue_tm_cmd(struct ufs_hba *hba,
 		struct utp_task_req_desc *treq, u8 tm_function)
 {
 	struct request **tmf_rqs = ufs_hba_add_info(hba)->tmf_rqs;
 	struct request_queue *q = hba->tmf_queue;
 	struct Scsi_Host *host = hba->host;
 	DECLARE_COMPLETION_ONSTACK(wait);
@@ -6529,9 +6516,9 @@ static int __ufshcd_issue_tm_cmd(struct ufs_hba *hba,
 	ufshcd_hold(hba, false);
 	spin_lock_irqsave(host->host_lock, flags);
 	blk_mq_start_request(req);
 	task_tag = req->tag;
 	tmf_rqs[req->tag] = req;
 	treq->req_header.dword_0 |= cpu_to_be32(task_tag);
 	memcpy(hba->utmrdl_base_addr + task_tag, treq, sizeof(*treq));
@@ -6575,6 +6562,7 @@ static int __ufshcd_issue_tm_cmd(struct ufs_hba *hba,
 	}
 	spin_lock_irqsave(hba->host->host_lock, flags);
 	tmf_rqs[req->tag] = NULL;
 	__clear_bit(task_tag, &hba->outstanding_tasks);
 	spin_unlock_irqrestore(hba->host->host_lock, flags);
@@ -9367,6 +9355,7 @@ static const struct blk_mq_ops ufshcd_tmf_ops = {
 */
 int ufshcd_init(struct ufs_hba *hba, void __iomem *mmio_base, unsigned int irq)
 {
 	struct request ***tmf_rqs = &ufs_hba_add_info(hba)->tmf_rqs;
 	int err;
 	struct Scsi_Host *host = hba->host;
 	struct device *dev = hba->dev;
@@ -9504,6 +9493,12 @@ int ufshcd_init(struct ufs_hba *hba, void __iomem *mmio_base, unsigned int irq)
 		err = PTR_ERR(hba->tmf_queue);
 		goto free_tmf_tag_set;
 	}
 	*tmf_rqs = devm_kcalloc(hba->dev, hba->nutmrs, sizeof(**tmf_rqs),
 				GFP_KERNEL);
 	if (!*tmf_rqs) {
 		err = -ENOMEM;
 		goto free_tmf_queue;
 	}
 	/* Reset the attached device */
 	ufshcd_vops_device_reset(hba);
--- a/drivers/scsi/ufs/ufshcd.h
+++ b/drivers/scsi/ufs/ufshcd.h
@@ -843,6 +843,12 @@ struct ufs_hba {
 	struct blk_mq_tag_set tmf_tag_set;
 	struct request_queue *tmf_queue;
 #if 0
 	/*
 	 * This has been moved into struct ufs_hba_add_info because of the GKI.
 	 */
 	struct request **tmf_rqs;
 #endif
 	struct uic_command *active_uic_cmd;
 	struct mutex uic_cmd_mutex;