Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751479AbdLMHig (ORCPT <rfc822;w@1wt.eu>);
        Wed, 13 Dec 2017 02:38:36 -0500
Received: from mail-io0-f195.google.com ([209.85.223.195]:37555 "EHLO
        mail-io0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751092AbdLMHic (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 13 Dec 2017 02:38:32 -0500
X-Google-Smtp-Source: ACJfBosrZGduVzMLY4CCpxjAGiN651yep0P2ZWX1Bdj9N1zefhHH9DrhyWeE+0lNsjzKgXWxnuC55Q==
Subject: Re: [BUG] scsi/qla2xxx: a possible sleep-in-atomic bug in qlt_get_tag
To: James Bottomley <jejb@linux.vnet.ibm.com>, qla2xxx-upstream@qlogic.com,
        martin.petersen@oracle.com
Cc: linux-scsi@vger.kernel.org,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
References: <0363371c-db1c-169f-df5f-ca15b3839e41@gmail.com>
 <1513140121.3110.78.camel@linux.vnet.ibm.com>
From: Jia-Ju Bai <baijiaju1990@gmail.com>
Message-ID: <e6dc47be-50ef-a0dd-a07b-95e60a3103a1@gmail.com>
Date: Wed, 13 Dec 2017 15:38:20 +0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.0
MIME-Version: 1.0
In-Reply-To: <1513140121.3110.78.camel@linux.vnet.ibm.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1426
Lines: 46


On 2017/12/13 12:42, James Bottomley wrote:
> On Wed, 2017-12-13 at 11:18 +0800, Jia-Ju Bai wrote:
>> The driver may sleep under a spinlock.
>> The function call paths are:
>> qlt_handle_abts_recv_work (acquire the spinlock)
>>     qlt_response_pkt_all_vps
>>       qlt_response_pkt
>>         qlt_handle_cmd_for_atio
>>           qlt_get_tag
>>             percpu_ida_alloc --> may sleep
>>
>> qla82xx_msix_rsp_q (acquire the spinlock)
>>     qla24xx_process_response_queue
>>       qlt_handle_abts_recv
>>         qlt_response_pkt_all_vps
>>           qlt_response_pkt
>>             qlt_handle_cmd_for_atio
>>               qlt_get_tag
>>                 percpu_ida_alloc --> may sleep-in-atomic
>>
>> qla24xx_intr_handler (acquire the spinlock)
>>     qla24xx_process_response_queue
>>       qlt_handle_abts_recv
>>         qlt_response_pkt
>>           qlt_handle_cmd_for_atio
>>             qlt_get_tag
>>               percpu_ida_alloc --> may sleep
>>
>> I do not find a good way to fix it, so I only report.
>> This possible bug is found by my static analysis tool (DSAC) and
>> checked by my code review.
> The report is incorrect: percpu_ida_alloc with state==TASK_RUNNING is
> atomic (and interrupt) safe which appears to be the case here.
>
> James
>

Thanks for your reply :)
I have checked the definition of percpu_ida_alloc, and I think you are 
right.
Sorry for my incorrect bug report.


Thanks,
Jia-Ju Bai