From: Luben Tuikov <luben_tuikov@adaptec.com>
To: Alan Stern <stern@rowland.harvard.edu>
Cc: SCSI development list <linux-scsi@vger.kernel.org>,
Mohammed Sameer <uniball@gmx.net>,
USB users list <linux-usb-users@lists.sourceforge.net>
Subject: Re: BUG: CD driver sends command during host removal
Date: Wed, 29 Sep 2004 14:02:14 -0400 [thread overview]
Message-ID: <415AF8A6.2080705@adaptec.com> (raw)
In-Reply-To: <Pine.LNX.4.44L0.0409291239250.1167-100000@ida.rowland.org>
Alan Stern wrote:
>
>>>Next usb-storage called scsi_remove_host(). Apparently this caused some
>>>component of the CD driver to queue a command:
>
>
> This sounds like a bug, by the way. Commands shouldn't be queued because
> of a call to scsi_remove_host!
Yes.
>>>usb-storage accepted the command but then ignored it because the host was
>>>in process of removal. Should the queuecommand routine have rejected the
>>>command?
>>
>>Yes, if the service delivery subsystem (SDS) knows that the device is gone
>>and the command wouldn't be delivered, it should *not* "ignore" the
>>command, but return it with error.
>>
>>I.e. if the LLDD has active/most recent knowledge about the device
>>whereto the command is destined, it should act on that and return
>>an appropriate error. After all, this is what a properly implemented
>>SDS would do.
>
>
> According to Documentation/scsi/scsi_mid_low_api.txt, the only possible
> error returns are SCSI_MLQUEUE_DEVICE_BUSY and SCSI_MLQUEUE_HOST_BUSY.
> Neither is appropriate; should the second one be returned?
I believe internally SCSI Core returns DID_ERROR.
>
>>> This would involve a race, because it's possible for
>>>queuecommand to accept a command and then scsi_remove_host() to be called
>>>before the command is carried out.
>>
>>If the command hasn't been carried out, then delivery would fail and SDS
>>would return the appropriate error back to SCSI Core.
>
>
> How? The SCSI core deallocates the scsi_cmnd before the SDS has a chance
> to return anything.
Hmm, once queuecommand() has been called, SCSI Core *should NOT* touch
the struct command until the LLDD calls scsi_done() or it times
out and ownership is given back indirectly via the appropriate
return result of the times_out() function.
>>Where *was* the command? From the point of time when queuecommand() is
>>called until scsi_done() is called, the command belongs to the LLDD.
>>It should honor any TMF, regardless of the _state_ of the task.
>
>
> If the command belongs to the LLDD, why does scsi_remove_host do the
> following:
>
> calls scsi_host_cancel,
> which calls scsi_device_cancel_cb for each device,
> which calls scsi_device_cancel,
> which calls scsi_finish_command for each active command,
> which passes the command back to the upper layer
>
> Either there's a bug in the host removal sequence, or else the LLDD
> doesn't own any requests once scsi_remove_host has been called.
Ah, definitely sounds like a bug -- the LLDD has not been given
a chance to "return" the struct command.
One thing I wanted to point out is that in scsi_remove_host()
the _very_ first thing which should be done is setting
the proper shost_state, SHOST_DEL, which should imply
SHOST_CANCEL (by virtue of meaning), as opposed to "doubly"
setting it.
_Thought_ experiment: is it possibe to "catch" a command between
a non-canceled host but canceled device (of that host)?
So, first the host state is set to "cancelled", then each
device is set accordingly, then commands sent to each device
are "recovered" (all this top->down); and then
the resources freed in opposite order: commands, devices,
hosts. This may involve waiting for the LLDD to respond
in the recovery process.
Luben
next prev parent reply other threads:[~2004-09-29 18:02 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20040926082926.GA1944@uniball>
2004-09-27 18:18 ` BUG: CD driver sends command during host removal Alan Stern
2004-09-27 18:51 ` Mohammed Sameer
2004-09-29 16:06 ` Luben Tuikov
2004-09-29 16:55 ` Alan Stern
2004-09-29 17:09 ` Mike Anderson
2004-09-29 18:02 ` Luben Tuikov [this message]
2004-09-29 18:09 ` James Bottomley
2004-09-29 18:58 ` Luben Tuikov
2004-09-29 19:39 ` James Bottomley
2004-09-29 19:01 ` Alan Stern
2004-09-29 19:27 ` Mike Anderson
2004-09-29 19:33 ` Luben Tuikov
2004-09-29 19:50 ` James Bottomley
2004-09-29 20:31 ` Mike Anderson
2004-09-29 20:41 ` James Bottomley
2004-09-29 21:07 ` Mike Anderson
2004-09-29 21:14 ` James Bottomley
2004-09-29 21:20 ` Luben Tuikov
2004-09-29 21:26 ` James Bottomley
2004-09-29 21:20 ` Alan Stern
2004-10-02 23:57 ` Mohammed Sameer
2004-10-11 19:20 Alan Stern
2004-10-11 19:36 ` James Bottomley
2004-10-11 20:03 ` Alan Stern
2004-10-11 20:12 ` James Bottomley
2004-10-11 20:40 ` Mike Anderson
2004-10-11 21:15 ` James Bottomley
2004-10-11 23:13 ` Mike Anderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=415AF8A6.2080705@adaptec.com \
--to=luben_tuikov@adaptec.com \
--cc=linux-scsi@vger.kernel.org \
--cc=linux-usb-users@lists.sourceforge.net \
--cc=stern@rowland.harvard.edu \
--cc=uniball@gmx.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).