Received: by 2002:a05:6358:c692:b0:131:369:b2a3 with SMTP id fe18csp4613852rwb; Mon, 31 Jul 2023 09:24:28 -0700 (PDT) X-Google-Smtp-Source: APBJJlHEW09ELXHdvsXCPAiBky2f8X1sQSItBPuWFMXVGjE1a0/nCv96qMsbAtm+T/FRa5AYm5uV X-Received: by 2002:a17:903:1112:b0:1b8:4baa:52ff with SMTP id n18-20020a170903111200b001b84baa52ffmr12125848plh.47.1690820668372; Mon, 31 Jul 2023 09:24:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1690820668; cv=none; d=google.com; s=arc-20160816; b=clYpoGQ8lmpy78qEbY4CdLc8zouCBcUts0r3MNIK5Kbmmr9mTQUvYTuvKB1YD3INXV bFNbwnGE0rQjIpX0gNj0pYEZvlSJDuNwTbS8gDRGbpm3jhflQcvSPLem5JnyPOOINxDd bX5xmwmh7DgB3aLGfTCWOBCqqYckrE7X0P7tXYE8PExAPpTuEbLNPloFy/EYV8TuHbD2 htcqa/gkkQnxKvGjjd+oSYhYY4j0ilab6MMxWsdmVef9bIiEQuuksoWIfLuQJh0+IJ7C xJUp+iEhh2YaiXb2P1U9vSYIvQtNzbJY2ancgweLAZVeXODNKnguxG+UOUfNyVLPpuJ1 YY7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=SSJT7kcV4Rhk+b8oB624C63i7adQDSXb+42Vq0rGPV4=; fh=ydKWiu0Tvk6uWgsLCCWYQmiOJX49y3wMai+02PRE2kk=; b=n4rk9OuZxBknDx1HQKt30lATJZVt7+01rTzpzeAdbUlHFsmwr4CVElAPB+0n6A42b8 d+Z0lVshnpjOa/1BQMcLBMMe43IraU+sP2wnV5NFLuNgRkiy17QH1GtHoeRxdfSY5rs0 VnwQM2TAFSo5AR2q4OzMWyHehwLDm9V1BG0YkWNlxviTeW0wy0ootv1h3Qdk5M4hZyoO 3dH5jDoQy47xQBg+KF+RDvS8SbvEoJcIHmMWr4plNAVPVy3+kJWnMiwjYirdhE22ZD0Z KEKI3bxu5+kueGAf0Q6v247G1jN5DwRMbs2Jy85XpQQKoVaFJUM+X4wY2KQqbkTeLMb3 goWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b="lZyo/dBO"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x12-20020a170902ec8c00b001b9c120a39csi7792872plg.357.2023.07.31.09.24.14; Mon, 31 Jul 2023 09:24:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@quicinc.com header.s=qcppdkim1 header.b="lZyo/dBO"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=quicinc.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231386AbjGaPTf (ORCPT + 99 others); Mon, 31 Jul 2023 11:19:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40416 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229459AbjGaPTd (ORCPT ); Mon, 31 Jul 2023 11:19:33 -0400 Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4623210E3; Mon, 31 Jul 2023 08:19:29 -0700 (PDT) Received: from pps.filterd (m0279863.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 36VE1ZVK022849; Mon, 31 Jul 2023 15:19:19 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=qcppdkim1; bh=SSJT7kcV4Rhk+b8oB624C63i7adQDSXb+42Vq0rGPV4=; b=lZyo/dBOJSIUuLNjlX2KKBG0COPHpB9jJhXUlJF8EDZypGuwwS5Ky8d3ReWN6tfVFeHN TEJMzZawdDZRkO+Hn/hwqqvP1EbZF4hSC4nGVzIXn6fxGoEPt+5hG2PFRYCv5j/7xr6r kAS49aZs0pF8IFU2MepZ9v8xlsSbQ4wNEUZ5Sy+4StKMHasuAwppbt3mFwnVcDLQKnJA oqtFQuDI3MgKsHtbwWmwZbknzggzY7BqRJjjnReAwZQYWEJGWG3OFPdOeLGPlLIhxPFB KpwiYMihKrY0+MGS3FTDloCsW8iijOLudP6RhsSSdwyGK8QYM2ThhSEOMXZ97oB3FXXd vA== Received: from nalasppmta03.qualcomm.com (Global_NAT1.qualcomm.com [129.46.96.20]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 3s4ueumej5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 31 Jul 2023 15:19:19 +0000 Received: from nalasex01a.na.qualcomm.com (nalasex01a.na.qualcomm.com [10.47.209.196]) by NALASPPMTA03.qualcomm.com (8.17.1.5/8.17.1.5) with ESMTPS id 36VFJHaI006207 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 31 Jul 2023 15:19:17 GMT Received: from hu-pkondeti-hyd.qualcomm.com (10.80.80.8) by nalasex01a.na.qualcomm.com (10.47.209.196) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.30; Mon, 31 Jul 2023 08:19:14 -0700 Date: Mon, 31 Jul 2023 20:49:09 +0530 From: Pavan Kondeti To: Praveenkumar I CC: , , , , , , , Subject: Re: [PATCH] soc: qcom: qmi: Signal the txn completion after releasing the mutex Message-ID: References: <20230731130755.2674029-1-quic_ipkumar@quicinc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <20230731130755.2674029-1-quic_ipkumar@quicinc.com> X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01a.na.qualcomm.com (10.52.223.231) To nalasex01a.na.qualcomm.com (10.47.209.196) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: ceaKZoqUrcyNOngtoWhI0poymE5SYdV0 X-Proofpoint-ORIG-GUID: ceaKZoqUrcyNOngtoWhI0poymE5SYdV0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-07-31_07,2023-07-31_02,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 bulkscore=0 phishscore=0 suspectscore=0 spamscore=0 lowpriorityscore=0 mlxlogscore=837 malwarescore=0 mlxscore=0 adultscore=0 impostorscore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2306200000 definitions=main-2307310137 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE, T_SCC_BODY_TEXT_LINE,T_SPF_TEMPERROR autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 31, 2023 at 06:37:55PM +0530, Praveenkumar I wrote: > txn is in #1 stack > > Worker #1 Worker #2 > ******** ********* > > qmi_txn_wait(txn) qmi_handle_message > | | > | | > wait_for_complete(txn->complete) .... > | mutex_lock(txn->lock) > | | > mutex_lock(txn->lock) | > ..... complete(txn->lock) > | mutex_unlock(txn->lock) > | > mutex_unlock(txn->lock) > > In this case above, while #2 is doing the mutex_unlock(txn->lock), > in between releasing lock and doing other lock related wakeup, #2 gets > scheduled out. As a result #1, acquires the lock, unlocks, also > frees the txn also (where the lock resides) > > Now #2, gets scheduled again and tries to do the rest of the lock > related wakeup, but lock itself is invalid because txn itself is gone. > > Fixing this, by doing the mutex_unlock(txn->lock) first and then > complete(txn->lock) in #2 > > Fixes: 3830d0771ef6 ("soc: qcom: Introduce QMI helpers") > Cc: stable@vger.kernel.org > Signed-off-by: Sricharan Ramabadhran > Signed-off-by: Praveenkumar I > --- > drivers/soc/qcom/qmi_interface.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/soc/qcom/qmi_interface.c b/drivers/soc/qcom/qmi_interface.c > index 78d7361fdcf2..92e29db97359 100644 > --- a/drivers/soc/qcom/qmi_interface.c > +++ b/drivers/soc/qcom/qmi_interface.c > @@ -505,12 +505,13 @@ static void qmi_handle_message(struct qmi_handle *qmi, > pr_err("failed to decode incoming message\n"); > > txn->result = ret; > - complete(&txn->completion); > } else { > qmi_invoke_handler(qmi, sq, txn, buf, len); > } > > mutex_unlock(&txn->lock); > + if (txn->dest && txn->ei) > + complete(&txn->completion); > } else { > /* Create a txn based on the txn_id of the incoming message */ > memset(&tmp_txn, 0, sizeof(tmp_txn)); What happens in a remote scenario where the waiter gets timed out at the very same time you are releasing the mutex but before calling complete()? The caller might end up freeing txn structure and it results in the same issue you are currently facing. Thanks, Pavan