Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp678955pxb; Wed, 18 Nov 2020 14:20:06 -0800 (PST) X-Google-Smtp-Source: ABdhPJwmXgSZW6exMeIkzluwWYRBPD6rXyjrrQWBgjCYwklTRiyeE4gxZM8fHEbPG9LN4AuM07YG X-Received: by 2002:aa7:c90d:: with SMTP id b13mr28988233edt.136.1605738006400; Wed, 18 Nov 2020 14:20:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605738006; cv=none; d=google.com; s=arc-20160816; b=VOkafb/HCxeVwN0KTtcrbxyZqt2ey0nRyi/salTqVDWBJ/+zIFUUM3JAs6COWkoOA4 c3LTRHmaMaHDBZE7HZBNxbosFQd8u3GN+PBmSyHTbJgE+eZKhSRpEmwSj2mBOo4YAXQF 61c/2SZ9fVTQlVPmPSwjp3WNxh7jgcW+EwLGWchTN3qucPOT9ZKuJhlHRinIAghwHte/ hD2Qvlm4d6087EjwlT3ZXBUnqjOcLqmVYV2ML2D6t54FmrgUFWsvPDiqFsHds+/jgJfp NmDESEA64UUCeC3Gnn99A1EhWblqYLxQAAKgujV/f1zLYSnLYCeeOiKAkw3/HC6hir0h +l/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=RM/j1dYZXaby71CN0Kwa08xgL5WcFrBJWgzi9wQqzAQ=; b=HTte2wq12eRY2Yk/rm8tALbuX4G5BePygiEkatUQtCG59qfGXmkM6+smLHZcP6VqXv LPQaHaRDSBzo0mEaUpwKx5WULnsDaI0h0+43VhECo7Pk6GyKygRJgpz4QTeIbtlLEy0c 52DKjvc7ru7eEOQJCKa8mMHqfPo1f0RY21h9UMAUggFNJ3hsG19bk5QbmM/l4XG6dHGu PzYSajy8CJ0VRlHfSVjE/cT3l2Pu7bhK0zQfwuzgzh81KnRWOQON66pR1YsKcAbve19h 1HLMCRPzjrW5B2QTwcCGzj67m6ku9RyfnFzALeILmvi53Kjfd7BHTR4d790ykfrpWz+y xD/Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ec18si16193963ejb.679.2020.11.18.14.19.42; Wed, 18 Nov 2020 14:20:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726440AbgKRWRw (ORCPT + 99 others); Wed, 18 Nov 2020 17:17:52 -0500 Received: from jabberwock.ucw.cz ([46.255.230.98]:35390 "EHLO jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726081AbgKRWRw (ORCPT ); Wed, 18 Nov 2020 17:17:52 -0500 Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 85C271C0B87; Wed, 18 Nov 2020 23:17:49 +0100 (CET) Date: Wed, 18 Nov 2020 23:17:49 +0100 From: Pavel Machek To: Greg Kroah-Hartman Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Brian Bunker , Jitendra Khasdev , Hannes Reinecke , "Martin K. Petersen" , Sasha Levin Subject: Re: [PATCH 4.19 042/101] scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() Message-ID: <20201118221748.GC23840@amd> References: <20201117122113.128215851@linuxfoundation.org> <20201117122115.140763276@linuxfoundation.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="w7PDEPdKQumQfZlR" Content-Disposition: inline In-Reply-To: <20201117122115.140763276@linuxfoundation.org> User-Agent: Mutt/1.5.23 (2014-03-12) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --w7PDEPdKQumQfZlR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi! > From: Hannes Reinecke >=20 > [ Upstream commit 5faf50e9e9fdc2117c61ff7e20da49cd6a29e0ca ] >=20 > alua_bus_detach() might be running concurrently with alua_rtpg_work(), so > we might trip over h->sdev =3D=3D NULL and call BUG_ON(). The correct wa= y of > handling it is to not set h->sdev to NULL in alua_bus_detach(), and call > rcu_synchronize() before the final delete to ensure that all concurrent > threads have left the critical section. Then we can get rid of the > BUG_ON() and replace it with a simple if condition. I don't get it. In the new version, h->sdev will never be NULL, because it is never set to NULL. It is will be valid up-to the point when h is freed... synchronize_rcu() should prevent race with alua_rtpg(), but BUG_ON()s should stay, to catch any bogosity... Or maybe the if (!h->sdev) tests should be simply removed. But it does not make sense to silently continue. Best regards, Pavel > +++ b/drivers/scsi/device_handler/scsi_dh_alua.c > @@ -672,8 +672,8 @@ static int alua_rtpg(struct scsi_device *sdev, struct= alua_port_group *pg) > rcu_read_lock(); > list_for_each_entry_rcu(h, > &tmp_pg->dh_list, node) { > - /* h->sdev should always be valid */ > - BUG_ON(!h->sdev); > + if (!h->sdev) > + continue; > h->sdev->access_state =3D desc[0]; > } > rcu_read_unlock(); > @@ -719,7 +719,8 @@ static int alua_rtpg(struct scsi_device *sdev, struct= alua_port_group *pg) > pg->expiry =3D 0; > rcu_read_lock(); > list_for_each_entry_rcu(h, &pg->dh_list, node) { > - BUG_ON(!h->sdev); > + if (!h->sdev) > + continue; > h->sdev->access_state =3D > (pg->state & SCSI_ACCESS_STATE_MASK); > if (pg->pref) > @@ -1160,7 +1161,6 @@ static void alua_bus_detach(struct scsi_device *sde= v) > spin_lock(&h->pg_lock); > pg =3D rcu_dereference_protected(h->pg, lockdep_is_held(&h->pg_lock)); > rcu_assign_pointer(h->pg, NULL); > - h->sdev =3D NULL; > spin_unlock(&h->pg_lock); > if (pg) { > spin_lock_irq(&pg->lock); > @@ -1169,6 +1169,7 @@ static void alua_bus_detach(struct scsi_device *sde= v) > kref_put(&pg->kref, release_port_group); > } > sdev->handler_data =3D NULL; > + synchronize_rcu(); > kfree(h); > } > =20 -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany --w7PDEPdKQumQfZlR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAl+1nYwACgkQMOfwapXb+vK+hwCgtdGjUC5SDTskKGawaebLbk4A rbIAoMASXeepTdLkbGDwRW/3R1yeS5L7 =kj7v -----END PGP SIGNATURE----- --w7PDEPdKQumQfZlR--