Commit Graph

24 Commits

Author SHA1 Message Date
ken
ff1edb089b Fix a device departure bug for the the pass(4), enc(4), sg(4) and ch(4)
drivers.

The bug occurrs when a userland process has the driver instance
open and the underlying device goes away.  We get the devfs
callback that the device node has been destroyed, but not all of
the closes necessary to fully decrement the reference count on the
CAM peripheral.

The reason is that once devfs calls back and says the device has
been destroyed, it is moved off to deadfs, and devfs guarantees
that there will be no more open or close calls.  So the solution
is to keep track of how many outstanding open calls there are on
the device, and just release that many references when we get the
callback from devfs.

scsi_pass.c,
scsi_enc.c,
scsi_enc_internal.h:	Add an open count to the softc in these
			drivers.  Increment it on open and
			decrement it on close.

			When we get a devfs callback to say that
			the device node has gone away, decrement
			the peripheral reference count by the
			number of still outstanding opens.

			Make sure we don't access the peripheral
			with cam_periph_unlock() after what might
			be the final call to
			cam_periph_release_locked().  The
			peripheral might have been freed, and we
			will be dereferencing freed memory.

scsi_ch.c,
scsi_sg.c:		For the ch(4) and sg(4) drivers, add the
			same changes described above, and in
			addition, fix another bug that was
			previously fixed in the pass(4) and enc(4)
			drivers.

			These drivers were calling destroy_dev()
			from their cleanup routine, but that could
			cause a deadlock because the cleanup
			routine could be indirectly called from
			the driver's close routine.  This would
			cause a deadlock, because the device node
			is being held open by the active close
			call, and can't be destroyed.

Sponsored by:	Spectra Logic Corporation
MFC after:	1 week
2012-12-08 04:03:04 +00:00
mav
35f2c3dc00 Remove 'periph == NULL' check from bunch of periph drivers.
This condition can never be true as functions are called from single place
and the checks just pollute the code and confuse Clang Static Analyzer.
2012-10-10 18:10:11 +00:00
ken
498f14d067 Work around a race condition in devfs by changing the way closes
are handled in most CAM peripheral drivers that are not handled by
GEOM's disk class.

The usual character driver open and close semantics are that the
driver gets N open calls, but only one close, when the last caller
closes the device.

CAM peripheral drivers expect that behavior to be honored to the
letter, and the CAM peripheral driver code (specifically
cam_periph_release_locked_busses()) panics if it is done incorrectly.

Since devfs has to drop its locks while it calls a driver's close
routine, and it does not have a way to delay or prevent open calls
while it is calling the close routine, there is a race.

The sequence of events, simplified a bit, is:

- devfs acquires a lock
- devfs checks the reference count, and if it is 1, continues to close.
- devfs releases the lock

- 2nd process open call on the device happens here

- devfs calls the driver's close routine

- devfs acquires a lock
- devfs decrements the reference count
- devfs releases the lock

- 2nd process close call on the device happens here

At the second close, we get a panic in
cam_periph_release_locked_busses(), complaining that peripheral
has been released when the reference count is already 0.  This is
because we have gotten two closes in a row, which should not
happen.

The fix is to add the D_TRACKCLOSE flag to the driver's cdevsw, so
that we get a close() call for each open().  That does happen
reliably, so we can make sure that our reference counts are
correct.

Note that the sa(4) and pt(4) drivers only allow one context
through the open routine.  So these drivers aren't exposed to the
same race condition.

scsi_ch.c,
scsi_enc.c,
scsi_enc_internal.h,
scsi_pass.c,
scsi_sg.c:
		For these drivers, change the open() routine to
		increment the reference count for every open, and
		just decrement the reference count in the close.

		Call cam_periph_release_locked() in some scenarios
		to avoid additional lock and unlock calls.

scsi_pt.c:	Call cam_periph_release_locked() in some scenarios
		to avoid additional lock and unlock calls.

MFC after:	3 days
2012-05-27 06:11:09 +00:00
ken
8e2b5cb835 Fix a race condition in CAM peripheral free handling, locking
in the CAM XPT bus traversal code, and a number of other periph level
issues.

cam_periph.h,
cam_periph.c:	Modify cam_periph_acquire() to test the CAM_PERIPH_INVALID
		flag prior to allowing a reference count to be gained
		on a peripheral.  Callers of this function will receive
		CAM_REQ_CMP_ERR status in the situation of attempting to
		reference an invalidated periph.  This guarantees that
		a peripheral scheduled for a deferred free will not
		be accessed during its wait for destruction.

		Panic during attempts to drop a reference count on
		a peripheral that already has a zero reference count.

		In cam_periph_list(), use a local sbuf with SBUF_FIXEDLEN
		set so that mallocs do not occur while the xpt topology
		lock is held, regardless of the allocation policy of the
		passed in sbuf.

		Add a new routine, cam_periph_release_locked_buses(),
		that can be called when the caller already holds
		the CAM topology lock.

		Add some extra debugging for duplicate peripheral
		allocations in cam_periph_alloc().

		Treat CAM_DEV_NOT_THERE much the same as a selection
		timeout (AC_LOST_DEVICE is emitted), but forgo retries.

cam_xpt.c:      Revamp the way the EDT traversal code does locking
		and reference counting.  This was broken, since it
		assumed that the EDT would not change during
		traversal, but that assumption is no longer valid.

		So, to prevent devices from going away while we
		traverse the EDT, make sure we properly lock
		everything and hold references on devices that
		we are using.

		The two peripheral driver traversal routines should
		be examined.  xptpdperiphtraverse() holds the
		topology lock for the entire time it runs.
		xptperiphtraverse() is now locked properly, but
		only holds the topology lock while it is traversing
		the list, and not while the traversal function is
		running.

		The bus locking code in xptbustraverse() should
		also be revisited at a later time, since it is
		complex and should probably be simplified.

scsi_da.c:	Pay attention to the return value from cam_periph_acquire().

		Return 0 always from daclose() even if the disk is now gone.

		Add some rudimentary error injection support.

scsi_sg.c:	Fix reference counting in the sg(4) driver.

		The sg driver was calling cam_periph_release() on close,
		but never called cam_periph_acquire() (which increments
		the reference count) on open.

		The periph code correctly complained that the sg(4)
		driver was trying to decrement the refcount when it
		was already 0.

Sponsored by:	Spectra Logic
MFC after:	2 weeks
2012-01-12 00:41:48 +00:00
mav
9bc238fc03 Make CAM report devices with ATA/SATA transport to devstat(9) as IDE. 2011-04-14 21:25:32 +00:00
mjacob
1898e1308d Pick up the right change, not it's close cousin. The one
previously submitted was wrong.

Point hat:      mjacob
X-MFC:          207933
MFC after:	1 week
2010-05-11 22:51:13 +00:00
mjacob
1676f7d82f Deal sensibly with more than 26 sg devices. It isn't a complete
solution.

Sponsored by:   Panasas
MFC after:	1 week
2010-05-11 22:22:01 +00:00
mjacob
bc081f5e7d We actually can generate a host number.
MFC after:	1 month
2010-03-17 18:53:58 +00:00
mav
924c32a1e2 MFp4:
- Reduce code duplication in ATA XPT and PMP driver.
- Move PIO size setting from ada driver to ATA XPT. It is XPT business
to negotiate transfer details. ada driver is now stateless.
- Report PIO size to SIM. It is required for correct PATA SIM operation.
- Tune PMP scan timings. It workarounds some problems with SiI.
- If reset hapens during PMP initialization - restart it.
- Introduce early-initialized periph drivers, which are used during initial
scan process. Use it for xpt, probe, aprobe and pmp. It gives pmp chance
to finish scan before mountroot and numerate devices in right order.
2009-10-31 10:43:38 +00:00
scottl
e33e5dce32 Separate the parallel scsi knowledge out of the core of the XPT, and
modularize it so that new transports can be created.

Add a transport for SATA

Add a periph+protocol layer for ATA

Add a driver for AHCI-compliant hardware.

Add a maxio field to CAM so that drivers can advertise their max
I/O capability.  Modify various drivers so that they are insulated
from the value of MAXPHYS.

The new ATA/SATA code supports AHCI-compliant hardware, and will override
the classic ATA driver if it is loaded as a module at boot time or compiled
into the kernel.  The stack now support NCQ (tagged queueing) for increased
performance on modern SATA drives.  It also supports port multipliers.

ATA drives are accessed via 'ada' device nodes.  ATAPI drives are
accessed via 'cd' device nodes.  They can all be enumerated and manipulated
via camcontrol, just like SCSI drives.  SCSI commands are not translated to
their ATA equivalents; ATA native commands are used throughout the entire
stack, including camcontrol.  See the camcontrol manpage for further
details.  Testing this code may require that you update your fstab, and
possibly modify your BIOS to enable AHCI functionality, if available.

This code is very experimental at the moment.  The userland ABI/API has
changed, so applications will need to be recompiled.  It may change
further in the near future.  The 'ada' device name may also change as
more infrastructure is completed in this project.  The goal is to
eventually put all CAM busses and devices until newbus, allowing for
interesting topology and management options.

Few functional changes will be seen with existing SCSI/SAS/FC drivers,
though the userland ABI has still changed.  In the future, transports
specific modules for SAS and FC may appear in order to better support
the topologies and capabilities of these technologies.

The modularization of CAM and the addition of the ATA/SATA modules is
meant to break CAM out of the mold of being specific to SCSI, letting it
grow to be a framework for arbitrary transports and protocols.  It also
allows drivers to be written to support discrete hardware without
jeopardizing the stability of non-related hardware.  While only an AHCI
driver is provided now, a Silicon Image driver is also in the works.
Drivers for ICH1-4, ICH5-6, PIIX, classic IDE, and any other hardware
is possible and encouraged.  Help with new transports is also encouraged.

Submitted by:	scottl, mav
Approved by:	re
2009-07-10 08:18:08 +00:00
trasz
199a90a8fe Add missing 'break' statements.
Found with:	Coverity Prevent(tm)
CID:		3936, 3937
Reviewed by:	scottl@
2009-05-12 15:03:47 +00:00
trasz
b036768f87 Add missing 'break' statement.
Reviewed by:	scottl
Approved by:	rwatson (mentor)
Sponsored by:	FreeBSD Foundation
Found with:	Coverity Prevent(tm)
CID:		3667
2009-01-14 21:31:22 +00:00
trasz
4c485439e2 Don't call destroy_dev(9) with a mutex held. While here, shuffle
things around so the periph destructors look alike.  Based on a patch
by Jaakko Heinonen.

Submitted by:	Jaakko Heinonen
Reviewed by:	scottl
Approved by:	rwatson (mentor)
Sponsored by:	FreeBSD Foundation
2009-01-10 17:22:49 +00:00
scottl
db25dc2716 Fix refcount locking in cd, pass, and sg periphs. 2008-12-21 06:20:11 +00:00
ed
4212d51a7d Remove unit2minor() use from kernel code.
When I changed kern_conf.c three months ago I made device unit numbers
equal to (unneeded) device minor numbers. We used to require
bitshifting, because there were eight bits in the middle that were
reserved for a device major number. Not very long after I turned
dev2unit(), minor(), unit2minor() and minor2unit() into macro's.
The unit2minor() and minor2unit() macro's were no-ops.

We'd better not remove these four macro's from the kernel, because there
is a lot of (external) code that may still depend on them. For now it's
harmless to remove all invocations of unit2minor() and minor2unit().

Reviewed by:	kib
2008-09-26 14:19:52 +00:00
scottl
74448961ec Add a helper function for registering async callbacks. Besides
eliminating a lot of duplicated code, this also fixes a locking edge case.
2007-05-16 16:54:23 +00:00
scottl
a40b57339d Revert a driver API change to xpt_alloc_ccb that isn't necessary. Fix a
couple of associated error checks.
2007-04-18 04:58:53 +00:00
scottl
ee0894c663 Don't delete the devalias, as per the man page.
Submitted by: jmg
2007-04-17 01:12:35 +00:00
scottl
7d03d3285a Destroy the devalias before destroying the dev. 2007-04-16 19:40:13 +00:00
scottl
7605c12c0f Remove Giant from CAM. Drivers (SIMs) now register a mutex that CAM will
use to synchornize and protect all data objects that are used for that
SIM.  Drivers that are not yet MPSAFE register Giant and operate as
usual.  RIght now, no drivers are MPSAFE, though a few will be changed
in the coming week as this work settles down.

The driver API has changed, so all CAM drivers will need to be recompiled.
The userland API has not changed, so tools like camcontrol do not need to
be recompiled.
2007-04-15 08:49:19 +00:00
scottl
2cece7cde2 A fix for the SG_GET_TIMEOUT function slipped into a previous commit by
accident.  Remove the text describing the problem as it is no longer
relevant.  Also give real implementations for the GET and SET ioctls.
2007-04-10 20:03:42 +00:00
scottl
1212cb7f95 Make use of M_ZERO in various malloc calls. 2007-04-09 05:47:32 +00:00
scottl
5b70942275 Fix a logic bug that slipped in at the last minute and apparently escaped
testing.
2007-04-09 05:43:02 +00:00
scottl
1320f9f144 Add the CAM 'SG' peripheral device. This device implements a subset of the
Linux SCSI SG passthrough device API.  The intention is to allow for both
running of Linux apps that want to talk to /dev/sg* nodes, and to facilitate
porting of apps from Linux to FreeBSD.  As such, both native and linuxolator
entry points and definitions are provided.

Caveats:
 - This does not support the procfs and sysfs nodes that the Linux SG
   driver provides.  Some Linux apps may rely on these for operation,
   others may only use them for informational purposes.
 - More ioctls need to be implemented.
 - Linux uses a naming scheme of "sg[a-z]" for devices, while FreeBSD uses a
   scheme of "sg[0-9]".  Devfs aliasis (symlinks) are automatically created
   to link the two together.  However, tools like camcontrol only see the
   native names.
 - Some operations were originally designed to return byte counts or other
   data directly as the syscall return value.  The linuxolator doesn't appear
   to support this well, so this driver just punts for these cases.

Now that the driver is in place, others are welcome to add missing
functionality.  Thanks to Roman Divacky for pushing this work along.
2007-04-07 19:40:58 +00:00