Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp1320953rwb; Wed, 26 Jul 2023 10:37:50 -0700 (PDT) X-Google-Smtp-Source: APBJJlH0Zf5o4vShRaAx79BIM/J56iCtQLjujLQitRX92+wWChqkS86S1QvyPhRo4LcOS1gQh4tt X-Received: by 2002:a17:902:e744:b0:1b8:3e15:40e8 with SMTP id p4-20020a170902e74400b001b83e1540e8mr2525811plf.56.1690393069952; Wed, 26 Jul 2023 10:37:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690393069; cv=none; d=google.com; s=arc-20160816; b=zKN6MHg9mlLewo7jRr3mnxCoHGCxqEmiTjPuaTO83qLnBhiRe54b0I+uEa4Rl8vPmo xHPnJz/IYFdE36j2Sx94zVMBPmlixXh2XQar6HE/SPOYmFu5SDTBWvCtul0Jen/rAsnO kXri6ehQw1TXzyL82rCS3cHCiCP3Y8r8rMstajz5iR1L6RG2ISXAzQ++lo50Ck2bDKQr nsYTXemQ2pFtwl0f+VIlfsrIECyE3de9TfJi7uGaoC8cKU4KGHtLZBWsIkc6/NtZ9MqC q7HbS/740ehHxJb3EmxYtRq+Zd5seNqDwHHRBCwekPDd4jXicCQwJcGE6kFECigDxZIb e9OA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from :dkim-signature; bh=y8QZa7qTEmGwCyA0yfHV1JjhyFQSM3L1Bj9irGZtMbI=; fh=+0qRgHZ7nWlaS0NDmqOYgDBvL9WjRsy7ETMGtQxmLow=; b=0VZHiBgsosf3PEcf1hEu4DjHs9Tu8KsW9+e/dHGXaYPKv1O+DI7QflYkj4EQTV1IV9 fV5rWMnzQjop4tEE3LW+FYXLnyfy5k9+21F5Cg676j+hWRIJnpTjvEyZDFgPWEL34k+V 9+Jomjsw939Ku/X7ACkILv+NTH2XY2OIV75sehn+3MF41TwIy4+QWCs1MIbNkWQ0rh+g kbtPQyaR34hAWoIKNWGEiJmFcQDb6kehHp9H+4Mo3eikMWQFdtECyKDz35HbIRYwIMlw pufuWzZ2Rn3muyeqnzHSEKKq7wWA+TuW/MndPCxdZcdCUAxbufk92adSXbu3oOGoYzAC H9yw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=V5ourLyD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w11-20020a170902e88b00b001bbcc4e0211si1454393plg.239.2023.07.26.10.37.37; Wed, 26 Jul 2023 10:37:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=V5ourLyD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231183AbjGZROi (ORCPT + 99 others); Wed, 26 Jul 2023 13:14:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53072 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229507AbjGZROh (ORCPT ); Wed, 26 Jul 2023 13:14:37 -0400 Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73C061739; Wed, 26 Jul 2023 10:14:36 -0700 (PDT) Received: by mail-pf1-x436.google.com with SMTP id d2e1a72fcca58-668704a5b5bso94109b3a.0; Wed, 26 Jul 2023 10:14:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690391676; x=1690996476; h=message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=y8QZa7qTEmGwCyA0yfHV1JjhyFQSM3L1Bj9irGZtMbI=; b=V5ourLyDBFitbj6i3NSu7Ce7nyCxoe4wZz6T48QqcrhwAyGppGZo6/+WkRI9pTCQhc ZKv2sR5SfQnbXhe8eslmUHoLwz/Dk2cyZSCWcaACOGBdVZueFvu5ixTwrS09deJZEeCl ggNyP8W+/4g2znmswMkpzWrVAtkKCAh36eSKLciRAPRvDQhheqyFytgwdBoZG4Ecxs/y JTAnoH6VABAO9MSHILqEdWZ1xznhrFaW/CWQxP6nx0FD9x8BsFJjFQ27EzuMopLeSN/E vIUvuUTPiuI3TdlPaDwPH2zPABN0ZDf+Y6vAALJ46Eq9cz21qVSeIhwttVhqxNA3p49O evtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690391676; x=1690996476; h=message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=y8QZa7qTEmGwCyA0yfHV1JjhyFQSM3L1Bj9irGZtMbI=; b=NyO5sWF/JPJqjxvsdtAGbJjzauSLTQmSI2r9QMtNtmYeXv6BTW8XeaWhqhofRZfy9P 79Max51NegOagbu5MbVniqZyEundi9+SG7BhFZYyirk7kKOIB6YguD1bSiw/QliCVIDR O/yyTnvx37K45WjFmbk8C4f6brz2rhEOks3aNP/lTOgUmpslgRcUD6d/hntym3VNwWBJ ZV1EuHHjDQXEY4syUNftBxDFReCcXoKm+6dQdHlhit5eqetWOAvTTaSuhBnWMCyu3rWU JCggWf5l9+TGuKemJwwBmLVT9xeeb2exIJwfKNETFiActgfqEVLeqw7CS+hEKCgHuNtE ypoA== X-Gm-Message-State: ABy/qLYQz+IZW/h1VzBkasLRD6nL7QuOwRnKiGI4dfxOrFNMcTdjG1NF 5OC6BxacCmQ1fisIXvIPu8I= X-Received: by 2002:a05:6a00:2d01:b0:686:b662:f303 with SMTP id fa1-20020a056a002d0100b00686b662f303mr3540492pfb.0.1690391675815; Wed, 26 Jul 2023 10:14:35 -0700 (PDT) Received: from 377044c6c369.cse.ust.hk (191host097.mobilenet.cse.ust.hk. [143.89.191.97]) by smtp.gmail.com with ESMTPSA id k196-20020a633dcd000000b005501b24b1c9sm12688361pga.62.2023.07.26.10.14.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Jul 2023 10:14:35 -0700 (PDT) From: Chengfeng Ye To: james.smart@broadcom.com, dick.kennedy@broadcom.com, jejb@linux.ibm.com, martin.petersen@oracle.com, sumit.semwal@linaro.org, christian.koenig@amd.com, justin.tee@broadcom.com Cc: linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, dri-devel@lists.freedesktop.org, linaro-mm-sig@lists.linaro.org, Chengfeng Ye Subject: [PATCH] scsi: lpfc: Fix potential deadlock on &ndlp->lock Date: Wed, 26 Jul 2023 17:14:23 +0000 Message-Id: <20230726171423.18692-1-dg573847474@gmail.com> X-Mailer: git-send-email 2.17.1 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org As &ndlp->lock is acquired by timer lpfc_els_retry_delay() under softirq context, process context code acquiring the lock &phba->hbalock should disable irq or bh, otherwise deadlock could happen if the timer preempt the execution while the lock is held in process context on the same CPU. The two lock acquisition inside lpfc_cleanup_pending_mbox() does not disable irq or softirq. [Deadlock Scenario] lpfc_cmpl_els_fdisc() -> lpfc_cleanup_pending_mbox() -> spin_lock(&ndlp->lock); -> lpfc_els_retry_delay() -> lpfc_nlp_get() -> spin_lock_irqsave(&ndlp->lock, flags); (deadlock here) This flaw was found by an experimental static analysis tool I am developing for irq-related deadlock. The patch fix the potential deadlock by spin_lock_irq() to disable irq. Signed-off-by: Chengfeng Ye --- drivers/scsi/lpfc/lpfc_sli.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c index 58d10f8f75a7..8555f6bb9742 100644 --- a/drivers/scsi/lpfc/lpfc_sli.c +++ b/drivers/scsi/lpfc/lpfc_sli.c @@ -21049,9 +21049,9 @@ lpfc_cleanup_pending_mbox(struct lpfc_vport *vport) mb->mbox_flag |= LPFC_MBX_IMED_UNREG; restart_loop = 1; spin_unlock_irq(&phba->hbalock); - spin_lock(&ndlp->lock); + spin_lock_irq(&ndlp->lock); ndlp->nlp_flag &= ~NLP_IGNR_REG_CMPL; - spin_unlock(&ndlp->lock); + spin_unlock_irq(&ndlp->lock); spin_lock_irq(&phba->hbalock); break; } @@ -21067,9 +21067,9 @@ lpfc_cleanup_pending_mbox(struct lpfc_vport *vport) ndlp = (struct lpfc_nodelist *)mb->ctx_ndlp; mb->ctx_ndlp = NULL; if (ndlp) { - spin_lock(&ndlp->lock); + spin_lock_irq(&ndlp->lock); ndlp->nlp_flag &= ~NLP_IGNR_REG_CMPL; - spin_unlock(&ndlp->lock); + spin_unlock_irq(&ndlp->lock); lpfc_nlp_put(ndlp); } } -- 2.17.1