Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp186912pxj; Wed, 23 Jun 2021 19:24:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzHMfQmzzRiW65Pc5ocHHHfDUwmx+//nBTJvJALKmub9AUF+Dnliq3bHlzWB+/Fi2RZVt5l X-Received: by 2002:a92:d58e:: with SMTP id a14mr1820089iln.44.1624501458995; Wed, 23 Jun 2021 19:24:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624501458; cv=none; d=google.com; s=arc-20160816; b=EuocyDxgM2+z4BBjqaZo46UQgoNDdRtseY4k8Ay4PQ8fsjiyJ/bJjek8t8yz917Vzg VfuJUVqbQGcSC08C5XpXpUwGjp7sdFpo5eovGc8Y8n4EVWCO/TJfUzHIsoqiNBANw0Nd 4YGFBAJwLcWDGIh7nH8FSYnI0NplMyUTLEvzPk1WWBpbwCOLAjMkm+cWLHkzWwKKz0j5 dUGiDNNIB7K7dB4tEoboq01WqCjsa+jH2oFbFTTXzinQtAkw2RMBdfhwWPFWIgEK7tfD tzf0VCBlSeQibZMcaL62heohaxwdJuKtrD5Xvs31YCJnOeDrDuJAyxTWqa9CgFkOcdV5 lliQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:message-id:references:in-reply-to :subject:cc:to:from:date:content-transfer-encoding:mime-version :sender:dkim-signature; bh=Wbj0g0OsECqzVg7j+YUqU2RzLznVnn89S4KbNLzazb0=; b=dU3qbShtQv9q/VwztKZJJIbPfNftr7Gc4zhmfXerc7RIxNYeHkx8fY2O0KMIwduWeI RSNBcR8YftHIsN1bN0Wdv4MfECup9yF1K8nDd76M1iw8KHlmCGHNO+WRdMU8Y1MO6Z+K NUdGKhQO05V9uPvoMcAqJoQOHBGz9wtJQKyXPEeOL0SMl36EiOmS1heBjkpiOd1LVCEk AltaTyJjBeqjrmHHcAI+oU7uR02zCoyYx/QycMBQQtV6CNL+nDLkMyMVvNqOomWuQgE6 UNjSMzc/PSHectWokuDCZi1YJT6mhuKaeoAII7JrQeoWsSFoWoEnKAGorMQuwn46TYFF CpWA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mg.codeaurora.org header.s=smtp header.b=expH7PjG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m1si788325iow.92.2021.06.23.19.23.58; Wed, 23 Jun 2021 19:24:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@mg.codeaurora.org header.s=smtp header.b=expH7PjG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229934AbhFXCZ0 (ORCPT + 99 others); Wed, 23 Jun 2021 22:25:26 -0400 Received: from so254-9.mailgun.net ([198.61.254.9]:52426 "EHLO so254-9.mailgun.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229906AbhFXCZZ (ORCPT ); Wed, 23 Jun 2021 22:25:25 -0400 DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mg.codeaurora.org; q=dns/txt; s=smtp; t=1624501387; h=Message-ID: References: In-Reply-To: Subject: Cc: To: From: Date: Content-Transfer-Encoding: Content-Type: MIME-Version: Sender; bh=Wbj0g0OsECqzVg7j+YUqU2RzLznVnn89S4KbNLzazb0=; b=expH7PjGPkd7qb5w5YMJ0unDPRUZQ449TD23oT0lBcyxtFulad9NthFE+Eli3xvXu/VfpAMF w1g8ecaj2LjWbVyoxbdmlie4S5/i+7XdWU42MlMz9aiZnaplx/g63qwKNibLbbA/FUfirLLT 6MjTMXqBR3K9bLlBkam4vQr/kuw= X-Mailgun-Sending-Ip: 198.61.254.9 X-Mailgun-Sid: WyI0MWYwYSIsICJsaW51eC1rZXJuZWxAdmdlci5rZXJuZWwub3JnIiwgImJlOWU0YSJd Received: from smtp.codeaurora.org (ec2-35-166-182-171.us-west-2.compute.amazonaws.com [35.166.182.171]) by smtp-out-n04.prod.us-east-1.postgun.com with SMTP id 60d3ec880090905e16612b6c (version=TLS1.2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); Thu, 24 Jun 2021 02:23:04 GMT Sender: cang=codeaurora.org@mg.codeaurora.org Received: by smtp.codeaurora.org (Postfix, from userid 1001) id 74768C43151; Thu, 24 Jun 2021 02:23:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-caf-mail-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=ALL_TRUSTED,BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.codeaurora.org (localhost.localdomain [127.0.0.1]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: cang) by smtp.codeaurora.org (Postfix) with ESMTPSA id E2CF8C433D3; Thu, 24 Jun 2021 02:23:01 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Thu, 24 Jun 2021 10:23:01 +0800 From: Can Guo To: Bart Van Assche Cc: asutoshd@codeaurora.org, nguyenb@codeaurora.org, hongwus@codeaurora.org, ziqichen@codeaurora.org, linux-scsi@vger.kernel.org, kernel-team@android.com, Alim Akhtar , Avri Altman , "James E.J. Bottomley" , "Martin K. Petersen" , Adrian Hunter , Bean Huo , Stanley Chu , Keoseong Park , "Gustavo A. R. Silva" , Jaegeuk Kim , Kiwoong Kim , Satya Tangirala , open list Subject: Re: [PATCH v4 10/10] scsi: ufs: Apply more limitations to user access In-Reply-To: <89a3c8bf-bbfc-4a2a-73f0-a0db956fbf0e@acm.org> References: <1624433711-9339-1-git-send-email-cang@codeaurora.org> <1624433711-9339-12-git-send-email-cang@codeaurora.org> <89a3c8bf-bbfc-4a2a-73f0-a0db956fbf0e@acm.org> Message-ID: X-Sender: cang@codeaurora.org User-Agent: Roundcube Webmail/1.3.9 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Bart, On 2021-06-24 05:51, Bart Van Assche wrote: > On 6/23/21 12:35 AM, Can Guo wrote: >> +int ufshcd_get_user_access(struct ufs_hba *hba) >> +__acquires(&hba->host_sem) >> +{ >> + down(&hba->host_sem); >> + if (!ufshcd_is_user_access_allowed(hba)) { >> + up(&hba->host_sem); >> + return -EBUSY; >> + } >> + if (ufshcd_rpm_get_sync(hba)) { >> + ufshcd_rpm_put_sync(hba); >> + up(&hba->host_sem); >> + return -EBUSY; >> + } >> + return 0; >> +} >> +EXPORT_SYMBOL_GPL(ufshcd_get_user_access); >> + >> +void ufshcd_put_user_access(struct ufs_hba *hba) >> +__releases(&hba->host_sem) >> +{ >> + ufshcd_rpm_put_sync(hba); >> + up(&hba->host_sem); >> +} >> +EXPORT_SYMBOL_GPL(ufshcd_put_user_access); > > Please indent __acquires() and __releases() annotations by one tab as > is > done elsewhere in the kernel. OK. > >> static inline bool ufshcd_is_user_access_allowed(struct ufs_hba *hba) >> { >> - return !hba->shutting_down; >> + return !hba->shutting_down && !hba->is_sys_suspended && >> + !hba->is_wlu_sys_suspended && >> + hba->ufshcd_state == UFSHCD_STATE_OPERATIONAL; >> } > > Is my understanding of the following correct? > - ufshcd_is_user_access_allowed() is not in the hot path and hence > should not be inline. OK. > - The hba->shutting_down member variable is set from inside a shutdown > callback. Hence, the hba->shutting_down test can be left out since > no UFS sysfs attributes are accessed after shutdown has started. We see that user can still access UFS sysfs during shutdown if shutdown is invoked by: reboot -f, hence the check. > - During system suspend, user space software is paused before the > device > driver freeze callbacks are invoked. Hence, the hba->is_sys_suspended > check can be left out. is_sys_suspended indicates that system resume failed (power/clk is OFF). > - If a LUN is runtime suspended, it should be resumed if accessed from > user space instead of failing user space accesses. In other words, > the > hba->is_wlu_sys_suspended check seems inappropriate to me. hba->is_wlu_sys_suspended indicates that wl system resume failed, device is not operational. > - If the HBA is not in an operational state, user space accesses > should be blocked until error handling has finished. After error > handling has finished, the user space access should fail if and only > if error handling failed. > Yes, which is why ufshcd_get_user_access() acquires host_sem first and checks the OPERATOINAL flag here. host_sem shall make sure that user space accesses should be blocked until error handling has finished. Thanks, Can Guo. > Thanks, > > Bart.