[S390] dasd: fix race condition in resume code

There is a race while re-reading the device characteristics. After
cleaning the memory area a cqr is build which reads the device
characteristics. This may take a rather long time and the device
characteristics structure is zero during this. Now it could be
possible that the block tasklet starts working and a new cqr will be
build. The build_cp command refers to the device characteristics
structure and this may lead into a divide by zero exception.
Fix this by re-reading the device characteristics into a temporary
structur and copy the data to the original structure. Also take the
ccwdev_lock.

Signed-off-by: Stefan Haberland <stefan.haberland@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

diff --git a/drivers/s390/block/dasd.c b/drivers/s390/block/dasd.c
index dad0449475b698fdeae045db1b06b1393a70a21d..53b8c255360a413507e0be74428b95ca0798ebb4 100644 (file)
--- a/drivers/s390/block/dasd.c
+++ b/drivers/s390/block/dasd.c
@@ -2508,8 +2508,6 @@ int dasd_generic_restore_device(struct ccw_device *cdev)
        device->stopped &= ~DASD_UNRESUMED_PM;
 
        dasd_schedule_device_bh(device);
-       if (device->block)
-               dasd_schedule_block_bh(device->block);
 
        if (device->discipline->restore)
                rc = device->discipline->restore(device);
@@ -2520,6 +2518,9 @@ int dasd_generic_restore_device(struct ccw_device *cdev)
                 */
                device->stopped |= DASD_UNRESUMED_PM;
 
+       if (device->block)
+               dasd_schedule_block_bh(device->block);
+
        dasd_put_device(device);
        return 0;
 }

diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c
index ab352175558885861ab3426dd8a3e921ec67bab6..0be7c15f45c56be97907811f8deec45b3f329de8 100644 (file)
--- a/drivers/s390/block/dasd_eckd.c
+++ b/drivers/s390/block/dasd_eckd.c
@@ -2338,6 +2338,8 @@ static struct dasd_ccw_req *dasd_eckd_build_cp(struct dasd_device *startdev,
        /* Calculate number of blocks/records per track. */
        blksize = block->bp_block;
        blk_per_trk = recs_per_track(&private->rdc_data, 0, blksize);
+       if (blk_per_trk == 0)
+               return ERR_PTR(-EINVAL);
        /* Calculate record id of first and last block. */
        first_rec = first_trk = blk_rq_pos(req) >> block->s2b_shift;
        first_offs = sector_div(first_trk, blk_per_trk);
@@ -3211,6 +3213,7 @@ int dasd_eckd_pm_freeze(struct dasd_device *device)
 int dasd_eckd_restore_device(struct dasd_device *device)
 {
        struct dasd_eckd_private *private;
+       struct dasd_eckd_characteristics temp_rdc_data;
        int is_known, rc;
        struct dasd_uid temp_uid;
 
@@ -3245,15 +3248,17 @@ int dasd_eckd_restore_device(struct dasd_device *device)
        dasd_eckd_read_features(device);
 
        /* Read Device Characteristics */
-       memset(&private->rdc_data, 0, sizeof(private->rdc_data));
        rc = dasd_generic_read_dev_chars(device, DASD_ECKD_MAGIC,
-                                        &private->rdc_data, 64);
+                                        &temp_rdc_data, 64);
        if (rc) {
                DBF_EVENT(DBF_WARNING,
                          "Read device characteristics failed, rc=%d for "
                          "device: %s", rc, dev_name(&device->cdev->dev));
                goto out_err;
        }
+       spin_lock(get_ccwdev_lock(device->cdev));
+       memcpy(&private->rdc_data, &temp_rdc_data, sizeof(temp_rdc_data));
+       spin_unlock(get_ccwdev_lock(device->cdev));
 
        /* add device to alias management */
        dasd_alias_add_device(device);