Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1114568imm; Wed, 1 Aug 2018 10:25:08 -0700 (PDT) X-Google-Smtp-Source: AAOMgpckbYkvrj2FO5V8TlLLVbS2nqxkWjtVo7mCYpmK4pFlkSUKOyBOpPrjylhui4LoKGP8PEE/ X-Received: by 2002:a63:524e:: with SMTP id s14-v6mr25872556pgl.35.1533144308751; Wed, 01 Aug 2018 10:25:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533144308; cv=none; d=google.com; s=arc-20160816; b=oC7qFaNoflIlwOFmL9gVs2aC2DWDxKcXm9rqb53SddSJXPEtj4jH+61ViJqh6hfU+f jA5KV+ydJYfhvO/8RWfTpwND60Fma5p6HPN7TI/0VIjYyRmtyLStavdXvBZtXU5rhy7B ov3kJt8KHNuSrSTgPWMifQCIQvj9bWJuJSOT/PPVwLGSryl2hlOHt2RbD1hMUBT+/+pJ jrTNdH9lmX5ybpNVa0FlVvX7J5dzR0h0UrW0khL9S8oIxIB8gdnGhhTnjL6rbAeA0i9S msP3rpr2eNFK0P/qUzGZnEiuGFSzNZZzbkjS+pupnOSt0tSODLNXnHkcePdAJecq+qN4 3hog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=mpCM3c02YNKlGi/CdeuN0oEaFLOTphz4MOu+PiN8u5Y=; b=r3wKzDV6uKsekmrmP6manVZc3bVm4ccPBnqvzVMbHz9bSsrKF4dQ7kGZnghAItmox5 eGwRqaAqSAVHI6v16MMLzvwLWZ6WeLM6j/az12s+7XcHiiMWncu5FES4KvIZ3If8qWls cpZ29HKcnlaBlVCPgCjcEtjEoiistvM097qm2C9cnGu0uL0y+Biu4MV+YexKwwHYMovo gPYQIFRWrwIHFfNq4pD0lTVQJVueiA7zo7Ip7OUYYbI7UiUqol46TbY+FyNRJIPv89WO YWcLMGt7oIXM+ET9MkYexCf5PaAZ1DxLEvwMQRzHHGYGyGW0W+8s45qUXUjpPLP0WVGy kzkg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x25-v6si18054415pfi.138.2018.08.01.10.24.54; Wed, 01 Aug 2018 10:25:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2406173AbeHATIs (ORCPT + 99 others); Wed, 1 Aug 2018 15:08:48 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:50618 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2405036AbeHATIr (ORCPT ); Wed, 1 Aug 2018 15:08:47 -0400 Received: from localhost (D57E6652.static.ziggozakelijk.nl [213.126.102.82]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 11505CC9; Wed, 1 Aug 2018 17:22:04 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Uma Krishnan , "Matthew R. Ochs" , "Martin K. Petersen" , Sasha Levin Subject: [PATCH 4.14 206/246] scsi: cxlflash: Synchronize reset and remove ops Date: Wed, 1 Aug 2018 18:51:56 +0200 Message-Id: <20180801165021.573908267@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180801165011.700991984@linuxfoundation.org> References: <20180801165011.700991984@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Uma Krishnan [ Upstream commit a3feb6ef50def7c91244d7bd15a3625b7b49b81f ] The following Oops can be encountered if a device removal or system shutdown is initiated while an EEH recovery is in process: [c000000ff2f479c0] c008000015256f18 cxlflash_pci_slot_reset+0xa0/0x100 [cxlflash] [c000000ff2f47a30] c00800000dae22e0 cxl_pci_slot_reset+0x168/0x290 [cxl] [c000000ff2f47ae0] c00000000003ef1c eeh_report_reset+0xec/0x170 [c000000ff2f47b20] c00000000003d0b8 eeh_pe_dev_traverse+0x98/0x170 [c000000ff2f47bb0] c00000000003f80c eeh_handle_normal_event+0x56c/0x580 [c000000ff2f47c60] c00000000003fba4 eeh_handle_event+0x2a4/0x338 [c000000ff2f47d10] c0000000000400b8 eeh_event_handler+0x1f8/0x200 [c000000ff2f47dc0] c00000000013da48 kthread+0x1a8/0x1b0 [c000000ff2f47e30] c00000000000b528 ret_from_kernel_thread+0x5c/0xb4 The remove handler frees AFU memory while the EEH recovery is in progress, leading to a race condition. This can result in a crash if the recovery thread tries to access this memory. To resolve this issue, the cxlflash remove handler will evaluate the device state and yield to any active reset or probing threads. Signed-off-by: Uma Krishnan Acked-by: Matthew R. Ochs Signed-off-by: Martin K. Petersen Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/scsi/cxlflash/main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/drivers/scsi/cxlflash/main.c +++ b/drivers/scsi/cxlflash/main.c @@ -946,9 +946,9 @@ static void cxlflash_remove(struct pci_d return; } - /* If a Task Management Function is active, wait for it to complete - * before continuing with remove. - */ + /* Yield to running recovery threads before continuing with remove */ + wait_event(cfg->reset_waitq, cfg->state != STATE_RESET && + cfg->state != STATE_PROBING); spin_lock_irqsave(&cfg->tmf_slock, lock_flags); if (cfg->tmf_active) wait_event_interruptible_lock_irq(cfg->tmf_waitq,