Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp31530pxj;
        Wed, 23 Jun 2021 14:53:32 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyE6DjrbK1iRCmgiZSCKO+y0LB/uOXK07Ps34yzUooU35opWhStM8lISe1oiy9YCQmFH/0y
X-Received: by 2002:a05:6402:1a47:: with SMTP id bf7mr2493495edb.236.1624485212587;
        Wed, 23 Jun 2021 14:53:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1624485212; cv=none;
        d=google.com; s=arc-20160816;
        b=L7yrcK3kV4rOEDyqp7qu3pW+xRRMGtKThPHoh3DskRYzt7lQTwNpR9XVEucqA0+OGe
         bPzUQcKXJHBklgWs0rK3d3w0Sm/ckD4JclhZpJXWTQ7CgmBuCcw+ej3kdugA8w1awJwI
         mZ8QR0slsLQRKLwP9iHSR6B8sf9tsyD3UbpEr1/7uzB6LW4kf6Hj5rRWEWmgCV4hpsJp
         qDSnwjsgRrpOaiu5d7uZNfppVhuBbGtm5FjNq9DcOF/RxbxDyqwRNbiQBchV1MMbSQnU
         UMsOrXMd9KvxfUclSwbeWG20MaBVDErLOw0LAKlfS2xzUkiGQclzATYSkBZV5OKkFpmq
         R9Ng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject;
        bh=fUmvPVX0pNQIpjmU77OymHRA3RCFDEaz2r2r5An26CU=;
        b=ZoM42AUkKwbOcv4KQAj6m+HKEYkbPKnhc3zVK3a7MEyhJZCoafh1Kbv+uHlmTyaM+u
         aeM5qMR3pd57iv/lhN6AMNfmspgscuGIEWNm3etKMgn3lxjTQEqPyuhRhmb8YDBkRW4a
         0CmKmvPGap+wutxQ3vtVDEN8naMjvbAayH48Bxrf9/ah6aDW9hKomLGDnlEjOGoM9ydZ
         5XvcQKj9CGniiuB+vAE4OC+In4z5dKkKnTfwLZAtxmmmvOcVRPCYjNS8PGwZyRVj9pSe
         ZBQdNVglrGGpe6uYgwq+0s6mSQf0cmBjtfSXf5Xj2TWEtEkKxAWrDJkyIyjWRJ/ROdE2
         gepQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id c2si692385ejj.366.2021.06.23.14.53.09;
        Wed, 23 Jun 2021 14:53:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229952AbhFWVxs (ORCPT <rfc822;madrobroadblock@gmail.com>
        + 99 others); Wed, 23 Jun 2021 17:53:48 -0400
Received: from mail-pg1-f178.google.com ([209.85.215.178]:46701 "EHLO
        mail-pg1-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229759AbhFWVxs (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 23 Jun 2021 17:53:48 -0400
Received: by mail-pg1-f178.google.com with SMTP id n12so2903121pgs.13;
        Wed, 23 Jun 2021 14:51:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=fUmvPVX0pNQIpjmU77OymHRA3RCFDEaz2r2r5An26CU=;
        b=WE6K3ixx9ZKwUBRJcQKnAa95TdW41cOfeK+YLoRT6RnOIX5jexaW5qy/167iBPFswF
         Dhv9doeTcQyr8UnaDOifT2/2MfYbdRiIL/8ZQO2ghuC3uH96CKR62yczJLDP7Talbd0Z
         KMvcOFNBD5wcMPufeXR7B6DVb1b8CMVg+tpva3x7vH9DkapMIvffssYtlvBujeIt88ga
         HtF7sZG3r/4caFCgcgvlqePIs5S2X1TjNJYA/tQ6PHDgWtHf3TFaVV7s5nUC+T+SxdeS
         lUGdRS0rl5QpHg26qAjlX8nprQ1uYnipKW3XWIGYifD1c0QSJo274UL0+wUVlsG/pW+q
         BuaQ==
X-Gm-Message-State: AOAM531pmzE1f2JKFMvjgaJKR/ShPX2coazIMH99uF0GIDUXSn5skFfx
        cG6ncEy/N9Hoy5QZtSb5Bdue4Lr2Ye8rZw==
X-Received: by 2002:aa7:9381:0:b029:306:34f8:b5d5 with SMTP id t1-20020aa793810000b029030634f8b5d5mr1725330pfe.23.1624485088483;
        Wed, 23 Jun 2021 14:51:28 -0700 (PDT)
Received: from [192.168.3.217] (c-73-241-217-19.hsd1.ca.comcast.net. [73.241.217.19])
        by smtp.gmail.com with ESMTPSA id o12sm74022pgq.83.2021.06.23.14.51.26
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 23 Jun 2021 14:51:27 -0700 (PDT)
Subject: Re: [PATCH v4 10/10] scsi: ufs: Apply more limitations to user access
To:     Can Guo <cang@codeaurora.org>, asutoshd@codeaurora.org,
        nguyenb@codeaurora.org, hongwus@codeaurora.org,
        ziqichen@codeaurora.org, linux-scsi@vger.kernel.org,
        kernel-team@android.com
Cc:     Alim Akhtar <alim.akhtar@samsung.com>,
        Avri Altman <avri.altman@wdc.com>,
        "James E.J. Bottomley" <jejb@linux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@oracle.com>,
        Adrian Hunter <adrian.hunter@intel.com>,
        Bean Huo <beanhuo@micron.com>,
        Stanley Chu <stanley.chu@mediatek.com>,
        Keoseong Park <keosung.park@samsung.com>,
        "Gustavo A. R. Silva" <gustavoars@kernel.org>,
        Jaegeuk Kim <jaegeuk@kernel.org>,
        Kiwoong Kim <kwmad.kim@samsung.com>,
        Satya Tangirala <satyat@google.com>,
        open list <linux-kernel@vger.kernel.org>
References: <1624433711-9339-1-git-send-email-cang@codeaurora.org>
 <1624433711-9339-12-git-send-email-cang@codeaurora.org>
From:   Bart Van Assche <bvanassche@acm.org>
Message-ID: <89a3c8bf-bbfc-4a2a-73f0-a0db956fbf0e@acm.org>
Date:   Wed, 23 Jun 2021 14:51:25 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <1624433711-9339-12-git-send-email-cang@codeaurora.org>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 6/23/21 12:35 AM, Can Guo wrote:
> +int ufshcd_get_user_access(struct ufs_hba *hba)
> +__acquires(&hba->host_sem)
> +{
> +	down(&hba->host_sem);
> +	if (!ufshcd_is_user_access_allowed(hba)) {
> +		up(&hba->host_sem);
> +		return -EBUSY;
> +	}
> +	if (ufshcd_rpm_get_sync(hba)) {
> +		ufshcd_rpm_put_sync(hba);
> +		up(&hba->host_sem);
> +		return -EBUSY;
> +	}
> +	return 0;
> +}
> +EXPORT_SYMBOL_GPL(ufshcd_get_user_access);
> +
> +void ufshcd_put_user_access(struct ufs_hba *hba)
> +__releases(&hba->host_sem)
> +{
> +	ufshcd_rpm_put_sync(hba);
> +	up(&hba->host_sem);
> +}
> +EXPORT_SYMBOL_GPL(ufshcd_put_user_access);

Please indent __acquires() and __releases() annotations by one tab as is
done elsewhere in the kernel.

>  static inline bool ufshcd_is_user_access_allowed(struct ufs_hba *hba)
>  {
> -	return !hba->shutting_down;
> +	return !hba->shutting_down && !hba->is_sys_suspended &&
> +		!hba->is_wlu_sys_suspended &&
> +		hba->ufshcd_state == UFSHCD_STATE_OPERATIONAL;
>  }

Is my understanding of the following correct?
- ufshcd_is_user_access_allowed() is not in the hot path and hence
  should not be inline.
- The hba->shutting_down member variable is set from inside a shutdown
  callback. Hence, the hba->shutting_down test can be left out since
  no UFS sysfs attributes are accessed after shutdown has started.
- During system suspend, user space software is paused before the device
  driver freeze callbacks are invoked. Hence, the hba->is_sys_suspended
  check can be left out.
- If a LUN is runtime suspended, it should be resumed if accessed from
  user space instead of failing user space accesses. In other words, the
  hba->is_wlu_sys_suspended check seems inappropriate to me.
- If the HBA is not in an operational state, user space accesses
  should be blocked until error handling has finished. After error
  handling has finished, the user space access should fail if and only
  if error handling failed.

Thanks,

Bart.