Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp261674pxv; Thu, 15 Jul 2021 03:47:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzcQXFFPotxaF3lsqg2YhwJCJnBMG0T3ttqC6pYKsQNZUIvgK27VSsWxFWn4s8uC5C+7vTV X-Received: by 2002:aa7:ca44:: with SMTP id j4mr5878084edt.203.1626346036764; Thu, 15 Jul 2021 03:47:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626346036; cv=none; d=google.com; s=arc-20160816; b=0QqlzBzzZdGx6Rc6YvqQCgFFDkSWR5NekxnP2f5rIrcwNS51yO+vLubI9b2hNhHCpN 4Lfy6cMTt1Q4tSZzDMvXMAUdwJxjUIvCpfzJYDdGGKWKqpFBsmxoswtPcDaM4kTzF10z rlvEsLsBvoVQp6uX5TZf6Mb7qel/PA5qSE0gLHLq6kP4cc+/xZk90ZjT0RlYi1Pi7Qsh 3jseTG2V9FUOD6h88+AcG9R4OdoGQBoWDZjuVQOzSAXYyGh6h8rQV9qh1nblx9M1ciCE GZH2ydMy2WhDFBv7RNMI7Zey0CmwrcRTOypA15Wypv5u4/5QumhVtUnTVezrUnzPm1Vi lduw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from; bh=bryD6vUcVToYOs6mcFfN9qCaOSVNfa6Q3/x3kGfuZfQ=; b=gRH82U+WqVkCXZdRv2x0XWKEkKplFc+PNCfQFkCEWensjIoI4KzX0ltdAES8gix2JO g9kfBxVIw0PWHMhU1Fg69vrAqEVGlk9ECX2oCDH2AdAtiZfgQhhN5bit68rHvkSaM7oK RP/qoyQ/QsryA20mnzDf6HS9DDb8hQcBbhrl4r30Pk/yXyTsvN8xX6IajIH3U8kR6GuA Jle3lHmLq2y78LvJn8d6eQDe7JPVdBqIOG0GeoVSkUIBBYvZe75vU4ajN5KsKP7oeGbJ NnQG7VZHTA4eojKuQym4WG1z3/Rp4whqzeAtmJVlUvHOZR8tLsr6rgnpYIWYaUlNhUDP iMPw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id 11si6583573ejv.229.2021.07.15.03.46.53; Thu, 15 Jul 2021 03:47:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=arm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235945AbhGOIL3 (ORCPT + 99 others); Thu, 15 Jul 2021 04:11:29 -0400 Received: from foss.arm.com ([217.140.110.172]:48562 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229810AbhGOIL2 (ORCPT ); Thu, 15 Jul 2021 04:11:28 -0400 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5AB91D6E; Thu, 15 Jul 2021 01:08:35 -0700 (PDT) Received: from entos-ampere-02.shanghai.arm.com (entos-ampere-02.shanghai.arm.com [10.169.214.103]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPA id BD9163F774; Thu, 15 Jul 2021 01:08:32 -0700 (PDT) From: Jia He To: Ariel Elior , GR-everest-linux-l2@marvell.com, "David S. Miller" , Jakub Kicinski Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, nd@arm.com, Jia He Subject: [PATCH] qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() Date: Thu, 15 Jul 2021 16:08:21 +0800 Message-Id: <20210715080822.14575-1-justin.he@arm.com> X-Mailer: git-send-email 2.17.1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Liajian reported a bug_on hit on a ThunderX2 arm64 server with FastLinQ QL41000 ethernet controller: BUG: scheduling while atomic: kworker/0:4/531/0x00000200 [qed_probe:488()]hw prepare failed kernel BUG at mm/vmalloc.c:2355! Internal error: Oops - BUG: 0 [#1] SMP CPU: 0 PID: 531 Comm: kworker/0:4 Tainted: G W 5.4.0-77-generic #86-Ubuntu pstate: 00400009 (nzcv daif +PAN -UAO) Call trace: vunmap+0x4c/0x50 iounmap+0x48/0x58 qed_free_pci+0x60/0x80 [qed] qed_probe+0x35c/0x688 [qed] __qede_probe+0x88/0x5c8 [qede] qede_probe+0x60/0xe0 [qede] local_pci_probe+0x48/0xa0 work_for_cpu_fn+0x24/0x38 process_one_work+0x1d0/0x468 worker_thread+0x238/0x4e0 kthread+0xf0/0x118 ret_from_fork+0x10/0x18 In this case, qed_hw_prepare() returns error due to hw/fw error, but in theory work queue should be in process context instead of interrupt. The root cause might be the unpaired spin_{un}lock_bh() in _qed_mcp_cmd_and_union(), which causes botton half is disabled incorrectly. Reported-by: Lijian Zhang Signed-off-by: Jia He --- drivers/net/ethernet/qlogic/qed/qed_mcp.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/drivers/net/ethernet/qlogic/qed/qed_mcp.c b/drivers/net/ethernet/qlogic/qed/qed_mcp.c index 4387292c37e2..79d879a5d663 100644 --- a/drivers/net/ethernet/qlogic/qed/qed_mcp.c +++ b/drivers/net/ethernet/qlogic/qed/qed_mcp.c @@ -474,14 +474,18 @@ _qed_mcp_cmd_and_union(struct qed_hwfn *p_hwfn, spin_lock_bh(&p_hwfn->mcp_info->cmd_lock); - if (!qed_mcp_has_pending_cmd(p_hwfn)) + if (!qed_mcp_has_pending_cmd(p_hwfn)) { + spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); break; + } rc = qed_mcp_update_pending_cmd(p_hwfn, p_ptt); - if (!rc) + if (!rc) { + spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); break; - else if (rc != -EAGAIN) + } else if (rc != -EAGAIN) { goto err; + } spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); @@ -498,6 +502,8 @@ _qed_mcp_cmd_and_union(struct qed_hwfn *p_hwfn, return -EAGAIN; } + spin_lock_bh(&p_hwfn->mcp_info->cmd_lock); + /* Send the mailbox command */ qed_mcp_reread_offsets(p_hwfn, p_ptt); seq_num = ++p_hwfn->mcp_info->drv_mb_seq; @@ -524,14 +530,18 @@ _qed_mcp_cmd_and_union(struct qed_hwfn *p_hwfn, spin_lock_bh(&p_hwfn->mcp_info->cmd_lock); - if (p_cmd_elem->b_is_completed) + if (p_cmd_elem->b_is_completed) { + spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); break; + } rc = qed_mcp_update_pending_cmd(p_hwfn, p_ptt); - if (!rc) + if (!rc) { + spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); break; - else if (rc != -EAGAIN) + } else if (rc != -EAGAIN) { goto err; + } spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); } while (++cnt < max_retries); @@ -554,6 +564,7 @@ _qed_mcp_cmd_and_union(struct qed_hwfn *p_hwfn, return -EAGAIN; } + spin_lock_bh(&p_hwfn->mcp_info->cmd_lock); qed_mcp_cmd_del_elem(p_hwfn, p_cmd_elem); spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); -- 2.17.1