From: Alice Chao <[email protected]>
While error handler force complete command (Thread A) and completion irq
raising (Thread B) of the same command, it may cause race condition.
Below is racing step (from 1 to 6):
ufshcd_mcq_compl_pending_transfer (Thread A)
1 if (cmd && !test_bit(SCMD_STATE_COMPLETE, &cmd->state)) {
5 spin_lock_irqsave(&hwq->cq_lock, flags); // wait lock release
set_host_byte(cmd, DID_REQUEUE);
6 ufshcd_release_scsi_cmd(hba, lrbp); // access null pointer
scsi_done(cmd);
spin_unlock_irqrestore(&hwq->cq_lock, flags);
}
ufshcd_mcq_poll_cqe_lock (Thread B)
2 spin_lock_irqsave(&hwq->cq_lock, flags);
ufshcd_mcq_poll_cqe_nolock()
ufshcd_compl_one_cqe()
3 ufshcd_release_scsi_cmd() // lrbp->cmd = NULL;
4 spin_unlock_irqrestore(&hwq->cq_lock, flags);
Signed-off-by: Alice Chao <[email protected]>
---
drivers/ufs/core/ufshcd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c
index 8382e8cfa414..ef6bd146a767 100644
--- a/drivers/ufs/core/ufshcd.c
+++ b/drivers/ufs/core/ufshcd.c
@@ -5518,13 +5518,13 @@ static void ufshcd_mcq_compl_pending_transfer(struct ufs_hba *hba,
* For those cmds of which the cqes are not present
* in the cq, complete them explicitly.
*/
+ spin_lock_irqsave(&hwq->cq_lock, flags);
if (cmd && !test_bit(SCMD_STATE_COMPLETE, &cmd->state)) {
- spin_lock_irqsave(&hwq->cq_lock, flags);
set_host_byte(cmd, DID_REQUEUE);
ufshcd_release_scsi_cmd(hba, lrbp);
scsi_done(cmd);
- spin_unlock_irqrestore(&hwq->cq_lock, flags);
}
+ spin_unlock_irqrestore(&hwq->cq_lock, flags);
} else {
ufshcd_mcq_poll_cqe_lock(hba, hwq);
}
--
2.18.0
On 10/24/23 01:43, [email protected] wrote:
> diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c
> index 8382e8cfa414..ef6bd146a767 100644
> --- a/drivers/ufs/core/ufshcd.c
> +++ b/drivers/ufs/core/ufshcd.c
> @@ -5518,13 +5518,13 @@ static void ufshcd_mcq_compl_pending_transfer(struct ufs_hba *hba,
> * For those cmds of which the cqes are not present
> * in the cq, complete them explicitly.
> */
> + spin_lock_irqsave(&hwq->cq_lock, flags);
> if (cmd && !test_bit(SCMD_STATE_COMPLETE, &cmd->state)) {
> - spin_lock_irqsave(&hwq->cq_lock, flags);
> set_host_byte(cmd, DID_REQUEUE);
> ufshcd_release_scsi_cmd(hba, lrbp);
> scsi_done(cmd);
> - spin_unlock_irqrestore(&hwq->cq_lock, flags);
> }
> + spin_unlock_irqrestore(&hwq->cq_lock, flags);
> } else {
> ufshcd_mcq_poll_cqe_lock(hba, hwq);
> }
Reviewed-by: Bart Van Assche <[email protected]>
Alice,
> While error handler force complete command (Thread A) and completion
> irq raising (Thread B) of the same command, it may cause race
> condition.
Applied to 6.7/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
On Wed, Oct 25, 2023 at 07:20:53AM +0000, Alice Chao (趙珮均) wrote:
> Can we take it to the LTS version(6.1)?
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
</formletter>