Received: by 2002:a05:6358:5282:b0:b5:90e7:25cb with SMTP id g2csp3407743rwa; Tue, 23 Aug 2022 04:23:29 -0700 (PDT) X-Google-Smtp-Source: AA6agR4wJ3Ji+/PVcY9gVQs3cpisdQJVy1BLgRHG9sUnYbD/iumqmJmQOK6aBozmOq60GZLQEZY4 X-Received: by 2002:a62:3884:0:b0:52b:ead1:7bc8 with SMTP id f126-20020a623884000000b0052bead17bc8mr24902284pfa.78.1661253809647; Tue, 23 Aug 2022 04:23:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661253809; cv=none; d=google.com; s=arc-20160816; b=jOUu2zlbC6o28i3dYv/+JdNtScftRuwdKuj916yBY8j1HD+w96H0PMBNawJ9p41IbT 2o7X6/o4sGi0jRURMq5vZkzmg3mgkm1MJlXpe+KWCmiAXydXGqm0O5qDzy0jJWJMt+WQ pCKW6iGt55ReZ2N4WNtMkJSK9v6oApIwGHZNXGU9b0GHMjsaqIopdBrlV5Xp2Sph+TGC MiIdp7hns+XOepyTTv08xmFLTk5Hmfg25Qnht5u62WNTvccJWX5PGn8RYibFqBJmC4io ns6J1iClh5WqUgJPdwENwP7+4EGP+TdHlZl0I97342ZSuUYXMcNMjqPnDLfpiejXQRRE 5EAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=RRcT5PrbWsTM+ij6zyl2SermYbFyimb17Fvq9Xm091M=; b=wQ1irI44NybkKgSu4dj1GVLALl6YMDAMP5wqOAeA9gB0L22FZtnQKLmuQHhFrf0IbD csHE9/rqFa2/fxtWSxb+K8X97pcdDcye6E+MjCNB+dMosU9J9tO3D/FdUjOyFfE+Ku3L VIQTwzZQKlOw2CnLEfrZ9HzvkOIik9PmLtoFKZ1Wb3cX7+jiRhS8qXAKGYLqG0k0SdpE uybs4Dm6cJaN5N9j3Jhz0Lfw3Y/yvLiL9uydpH7MyIMItBaDsMRElVyJ/ezWotHFwwBn sOO0fM6rGQV0mIi7uA7XsOhKG9AGt//wL79JrjDdsTl9xXA6HnyBX3Hdi+C0E6nRziyB xN0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=XlUPJTxP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l18-20020a170902d35200b00171230490b8si8498891plk.129.2022.08.23.04.23.15; Tue, 23 Aug 2022 04:23:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=XlUPJTxP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1353047AbiHWKKX (ORCPT + 99 others); Tue, 23 Aug 2022 06:10:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46040 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352768AbiHWKC3 (ORCPT ); Tue, 23 Aug 2022 06:02:29 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 915637B7BD; Tue, 23 Aug 2022 01:50:52 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id B04386123D; Tue, 23 Aug 2022 08:50:51 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A0630C433C1; Tue, 23 Aug 2022 08:50:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1661244651; bh=PBt7CMEjjSJnz42jZq6jLSJAqz/KxiL3mKGMUFZmvrI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XlUPJTxP7QRv7l8XbmrHziUAAB6uqz0G3pnqAXME3WyeqSAFz6uWf2ZrGruzAobLQ BiA2NP8Er8aMQNJi4Mz0SIVHKfdKiIFlVpTwlS2tEKdlv+L3ztL3BQuiimZJfmYqJd jiF7g+M4USD2A0oCY6EWMnlrp+kLSbdvK2G6v71M= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Douglas Gilbert , Tony Battersby , "Martin K. Petersen" Subject: [PATCH 4.14 170/229] scsi: sg: Allow waiting for commands to complete on removed device Date: Tue, 23 Aug 2022 10:25:31 +0200 Message-Id: <20220823080059.714289917@linuxfoundation.org> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220823080053.202747790@linuxfoundation.org> References: <20220823080053.202747790@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Tony Battersby commit 3455607fd7be10b449f5135c00dc306b85dc0d21 upstream. When a SCSI device is removed while in active use, currently sg will immediately return -ENODEV on any attempt to wait for active commands that were sent before the removal. This is problematic for commands that use SG_FLAG_DIRECT_IO since the data buffer may still be in use by the kernel when userspace frees or reuses it after getting ENODEV, leading to corrupted userspace memory (in the case of READ-type commands) or corrupted data being sent to the device (in the case of WRITE-type commands). This has been seen in practice when logging out of a iscsi_tcp session, where the iSCSI driver may still be processing commands after the device has been marked for removal. Change the policy to allow userspace to wait for active sg commands even when the device is being removed. Return -ENODEV only when there are no more responses to read. Link: https://lore.kernel.org/r/5ebea46f-fe83-2d0b-233d-d0dcb362dd0a@cybernetics.com Cc: Acked-by: Douglas Gilbert Signed-off-by: Tony Battersby Signed-off-by: Martin K. Petersen Signed-off-by: Greg Kroah-Hartman --- drivers/scsi/sg.c | 57 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 34 insertions(+), 23 deletions(-) --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -196,7 +196,7 @@ static void sg_link_reserve(Sg_fd * sfp, static void sg_unlink_reserve(Sg_fd * sfp, Sg_request * srp); static Sg_fd *sg_add_sfp(Sg_device * sdp); static void sg_remove_sfp(struct kref *); -static Sg_request *sg_get_rq_mark(Sg_fd * sfp, int pack_id); +static Sg_request *sg_get_rq_mark(Sg_fd * sfp, int pack_id, bool *busy); static Sg_request *sg_add_request(Sg_fd * sfp); static int sg_remove_request(Sg_fd * sfp, Sg_request * srp); static Sg_device *sg_get_dev(int dev); @@ -418,6 +418,7 @@ sg_read(struct file *filp, char __user * Sg_fd *sfp; Sg_request *srp; int req_pack_id = -1; + bool busy; sg_io_hdr_t *hp; struct sg_header *old_hdr = NULL; int retval = 0; @@ -465,25 +466,19 @@ sg_read(struct file *filp, char __user * } else req_pack_id = old_hdr->pack_id; } - srp = sg_get_rq_mark(sfp, req_pack_id); + srp = sg_get_rq_mark(sfp, req_pack_id, &busy); if (!srp) { /* now wait on packet to arrive */ - if (atomic_read(&sdp->detaching)) { - retval = -ENODEV; - goto free_old_hdr; - } if (filp->f_flags & O_NONBLOCK) { retval = -EAGAIN; goto free_old_hdr; } retval = wait_event_interruptible(sfp->read_wait, - (atomic_read(&sdp->detaching) || - (srp = sg_get_rq_mark(sfp, req_pack_id)))); - if (atomic_read(&sdp->detaching)) { - retval = -ENODEV; - goto free_old_hdr; - } - if (retval) { - /* -ERESTARTSYS as signal hit process */ + ((srp = sg_get_rq_mark(sfp, req_pack_id, &busy)) || + (!busy && atomic_read(&sdp->detaching)))); + if (!srp) { + /* signal or detaching */ + if (!retval) + retval = -ENODEV; goto free_old_hdr; } } @@ -934,9 +929,7 @@ sg_ioctl(struct file *filp, unsigned int if (result < 0) return result; result = wait_event_interruptible(sfp->read_wait, - (srp_done(sfp, srp) || atomic_read(&sdp->detaching))); - if (atomic_read(&sdp->detaching)) - return -ENODEV; + srp_done(sfp, srp)); write_lock_irq(&sfp->rq_list_lock); if (srp->done) { srp->done = 2; @@ -2096,19 +2089,28 @@ sg_unlink_reserve(Sg_fd * sfp, Sg_reques } static Sg_request * -sg_get_rq_mark(Sg_fd * sfp, int pack_id) +sg_get_rq_mark(Sg_fd * sfp, int pack_id, bool *busy) { Sg_request *resp; unsigned long iflags; + *busy = false; write_lock_irqsave(&sfp->rq_list_lock, iflags); list_for_each_entry(resp, &sfp->rq_list, entry) { - /* look for requests that are ready + not SG_IO owned */ - if ((1 == resp->done) && (!resp->sg_io_owned) && + /* look for requests that are not SG_IO owned */ + if ((!resp->sg_io_owned) && ((-1 == pack_id) || (resp->header.pack_id == pack_id))) { - resp->done = 2; /* guard against other readers */ - write_unlock_irqrestore(&sfp->rq_list_lock, iflags); - return resp; + switch (resp->done) { + case 0: /* request active */ + *busy = true; + break; + case 1: /* request done; response ready to return */ + resp->done = 2; /* guard against other readers */ + write_unlock_irqrestore(&sfp->rq_list_lock, iflags); + return resp; + case 2: /* response already being returned */ + break; + } } } write_unlock_irqrestore(&sfp->rq_list_lock, iflags); @@ -2162,6 +2164,15 @@ sg_remove_request(Sg_fd * sfp, Sg_reques res = 1; } write_unlock_irqrestore(&sfp->rq_list_lock, iflags); + + /* + * If the device is detaching, wakeup any readers in case we just + * removed the last response, which would leave nothing for them to + * return other than -ENODEV. + */ + if (unlikely(atomic_read(&sfp->parentdp->detaching))) + wake_up_interruptible_all(&sfp->read_wait); + return res; }