USB: UAS: fix disconnect by unplugging a hub

The SCSI layer can go into an ugly loop if you ignore that a device is
gone. You need to report an error in the command rather than in the
return value of the queue method.

We need to specifically check for ENODEV. The issue goes back to the
introduction of the driver.

Fixes: 115bb1ffa54c3 ("USB: Add UAS driver")
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Link: https://lore.kernel.org/r/20200916094026.30085-2-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/usb/storage/uas.c b/drivers/usb/storage/uas.c
index c1123da4340774c22a5045fb8df4b1f5718b09a2..abf7e3d6423425e3689cf7f5855163cb81e1e37e 100644 (file)
--- a/drivers/usb/storage/uas.c
+++ b/drivers/usb/storage/uas.c
@@ -662,8 +662,7 @@ static int uas_queuecommand_lck(struct scsi_cmnd *cmnd,
        if (devinfo->resetting) {
                cmnd->result = DID_ERROR << 16;
                cmnd->scsi_done(cmnd);
-               spin_unlock_irqrestore(&devinfo->lock, flags);
-               return 0;
+               goto zombie;
        }
 
        /* Find a free uas-tag */
@@ -699,6 +698,16 @@ static int uas_queuecommand_lck(struct scsi_cmnd *cmnd,
                cmdinfo->state &= ~(SUBMIT_DATA_IN_URB | SUBMIT_DATA_OUT_URB);
 
        err = uas_submit_urbs(cmnd, devinfo);
+       /*
+        * in case of fatal errors the SCSI layer is peculiar
+        * a command that has finished is a success for the purpose
+        * of queueing, no matter how fatal the error
+        */
+       if (err == -ENODEV) {
+               cmnd->result = DID_ERROR << 16;
+               cmnd->scsi_done(cmnd);
+               goto zombie;
+       }
        if (err) {
                /* If we did nothing, give up now */
                if (cmdinfo->state & SUBMIT_STATUS_URB) {
@@ -709,6 +718,7 @@ static int uas_queuecommand_lck(struct scsi_cmnd *cmnd,
        }
 
        devinfo->cmnd[idx] = cmnd;
+zombie:
        spin_unlock_irqrestore(&devinfo->lock, flags);
        return 0;
 }