It turns out that libata has already dma_map_sg'd the scatterlist
entries that go with an ata_queued_cmd by the time it calls
sas_ata_qc_issue. sas_ata_qc_issue passes this scatterlist to aic94xx.
Unfortunately, aic94xx assumes that any scatterlist passed to it needs
to be pci_map_sg'd... which blows away the mapping that libata created!
This causes (on a x260) Calgary IOMMU table leaks and duplicate frees
when aic94xx and libata try to {pci,dma}_unmap_sg the scatterlist.
Since dma_map_sg and pci_map_sg are fed the same struct device, I think
it's safe to add a flag to sas_task that tells aic94xx that it need
not map the scatterlist. It didn't break anything on the x260, though
I don't have any SATAPI devices to test with. Is this the correct
approach to fixing this problem?
--
Signed-off-by: Darrick J. Wong <[email protected]>
diff --git a/drivers/scsi/aic94xx/aic94xx_task.c b/drivers/scsi/aic94xx/aic94xx_task.c
index 9840708..eaffaa6 100644
--- a/drivers/scsi/aic94xx/aic94xx_task.c
+++ b/drivers/scsi/aic94xx/aic94xx_task.c
@@ -74,8 +74,11 @@ static inline int asd_map_scatterlist(st
return 0;
}
- num_sg = pci_map_sg(asd_ha->pcidev, task->scatter, task->num_scatter,
- task->data_dir);
+ if (task->external_sg)
+ num_sg = task->num_scatter;
+ else
+ num_sg = pci_map_sg(asd_ha->pcidev, task->scatter,
+ task->num_scatter, task->data_dir);
if (num_sg == 0)
return -ENOMEM;
@@ -120,8 +123,9 @@ static inline int asd_map_scatterlist(st
return 0;
err_unmap:
- pci_unmap_sg(asd_ha->pcidev, task->scatter, task->num_scatter,
- task->data_dir);
+ if (!task->external_sg)
+ pci_unmap_sg(asd_ha->pcidev, task->scatter, task->num_scatter,
+ task->data_dir);
return res;
}
@@ -142,8 +146,9 @@ static inline void asd_unmap_scatterlist
}
asd_free_coherent(asd_ha, ascb->sg_arr);
- pci_unmap_sg(asd_ha->pcidev, task->scatter, task->num_scatter,
- task->data_dir);
+ if (!task->external_sg)
+ pci_unmap_sg(asd_ha->pcidev, task->scatter, task->num_scatter,
+ task->data_dir);
}
/* ---------- Task complete tasklet ---------- */
diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
index 8f8cd40..04115c3 100644
--- a/drivers/scsi/libsas/sas_ata.c
+++ b/drivers/scsi/libsas/sas_ata.c
@@ -167,6 +167,7 @@ static unsigned int sas_ata_qc_issue(str
task->num_scatter = num;
}
+ task->external_sg = 1;
task->data_dir = qc->dma_dir;
task->scatter = qc->__sg;
task->ata_task.retry_count = 1;
diff --git a/include/scsi/libsas.h b/include/scsi/libsas.h
index 1263bd5..25a1fb3 100644
--- a/include/scsi/libsas.h
+++ b/include/scsi/libsas.h
@@ -546,6 +546,7 @@ struct sas_task {
void *uldd_task;
struct work_struct abort_work;
+ int external_sg;
};
On Fri, 2006-11-10 at 16:59 -0800, Darrick J. Wong wrote:
> It turns out that libata has already dma_map_sg'd the scatterlist
> entries that go with an ata_queued_cmd by the time it calls
> sas_ata_qc_issue. sas_ata_qc_issue passes this scatterlist to aic94xx.
> Unfortunately, aic94xx assumes that any scatterlist passed to it needs
> to be pci_map_sg'd... which blows away the mapping that libata created!
> This causes (on a x260) Calgary IOMMU table leaks and duplicate frees
> when aic94xx and libata try to {pci,dma}_unmap_sg the scatterlist.
>
> Since dma_map_sg and pci_map_sg are fed the same struct device, I think
> it's safe to add a flag to sas_task that tells aic94xx that it need
> not map the scatterlist. It didn't break anything on the x260, though
> I don't have any SATAPI devices to test with. Is this the correct
> approach to fixing this problem?
Rather than introduce an extra flag, I think we can key of the protocol
flag: libata is the only thing that initiates STP tasks. How does this
look?
James
Index: BUILD-2.6/drivers/scsi/aic94xx/aic94xx_task.c
===================================================================
--- BUILD-2.6.orig/drivers/scsi/aic94xx/aic94xx_task.c 2006-12-03 17:57:27.000000000 -0600
+++ BUILD-2.6/drivers/scsi/aic94xx/aic94xx_task.c 2006-12-05 10:43:01.000000000 -0600
@@ -74,8 +74,13 @@ static inline int asd_map_scatterlist(st
return 0;
}
- num_sg = pci_map_sg(asd_ha->pcidev, task->scatter, task->num_scatter,
- task->data_dir);
+ /* STP tasks come from libata which has already mapped
+ * the SG list */
+ if (task->task_proto == SAS_PROTOCOL_STP)
+ num_sg = task->num_scatter;
+ else
+ num_sg = pci_map_sg(asd_ha->pcidev, task->scatter,
+ task->num_scatter, task->data_dir);
if (num_sg == 0)
return -ENOMEM;
@@ -120,8 +125,9 @@ static inline int asd_map_scatterlist(st
return 0;
err_unmap:
- pci_unmap_sg(asd_ha->pcidev, task->scatter, task->num_scatter,
- task->data_dir);
+ if (task->task_proto != SAS_PROTOCOL_STP)
+ pci_unmap_sg(asd_ha->pcidev, task->scatter, task->num_scatter,
+ task->data_dir);
return res;
}
@@ -142,8 +148,9 @@ static inline void asd_unmap_scatterlist
}
asd_free_coherent(asd_ha, ascb->sg_arr);
- pci_unmap_sg(asd_ha->pcidev, task->scatter, task->num_scatter,
- task->data_dir);
+ if (task->task_proto != SAS_PROTOCOL_STP)
+ pci_unmap_sg(asd_ha->pcidev, task->scatter, task->num_scatter,
+ task->data_dir);
}
/* ---------- Task complete tasklet ---------- */
James Bottomley wrote:
> Rather than introduce an extra flag, I think we can key of the protocol
> flag: libata is the only thing that initiates STP tasks. How does this
> look?
ACK.
--D