From patchwork Tue May 12 11:15:52 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sreekanth Reddy X-Patchwork-Id: 6387321 Return-Path: X-Original-To: patchwork-linux-scsi@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 5F4A6BEEE1 for ; Tue, 12 May 2015 11:16:19 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 597A320390 for ; Tue, 12 May 2015 11:16:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 3D6E82038A for ; Tue, 12 May 2015 11:16:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932444AbbELLQQ (ORCPT ); Tue, 12 May 2015 07:16:16 -0400 Received: from mail-pd0-f173.google.com ([209.85.192.173]:36070 "EHLO mail-pd0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932339AbbELLQN (ORCPT ); Tue, 12 May 2015 07:16:13 -0400 Received: by pdea3 with SMTP id a3so6516768pde.3 for ; Tue, 12 May 2015 04:16:12 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Gq6i05jEBfH4YYsvEpyrmzG/TMBvHbNb/vudsdzEa8k=; b=NN1HWTJzxnKjbVOc9eP4oTynqRUDLbYX64+H7uxsxPrFnSnK3khEbyokgP0pW5MyI+ WfN/RXBQjcF3tvjMnJnKiD4v69LV8bNznxYaOQQhtch5ChQX4wnAuC+7F2M349aIadSQ zer384jfGlfA1pVK8X00IrdzxHBxcVnd6X8g7IH5ks2oQoSMpRou42KexRAzjMWLJBlb MqYRC/OygXFxq62JimHLy8oQHZ7HpL5W8iEFgtQBMskuN8FOIFWUuh0++3wdp9Avvrqz SdlDNnkrXmQAoswKi5QblmeDg0WHZPSV63+rA42WCA7sX4+xojwreQoQS5uHV/24yA02 FX6g== X-Gm-Message-State: ALoCoQmWIf3pFnmXHZGDdXfL+f8MoimQX1YvH45e0BZ4bhb7sdiUG3zS9V8vX/Gq0vUWtpONWIWM X-Received: by 10.66.120.176 with SMTP id ld16mr27230849pab.17.1431429372703; Tue, 12 May 2015 04:16:12 -0700 (PDT) Received: from host1.lsi.com ([192.19.239.250]) by mx.google.com with ESMTPSA id m2sm15945011pdp.4.2015.05.12.04.16.02 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 12 May 2015 04:16:06 -0700 (PDT) From: Sreekanth Reddy X-Google-Original-From: Sreekanth Reddy To: calvinowens@fb.com Cc: martin.petersen@oracle.com, linux-scsi@vger.kernel.org, jejb@kernel.org, JBottomley@Parallels.com, Sathya.Prakash@avagotech.com, chaitra.basappa@avagotech.com, linux-kernel@vger.kernel.org, hch@infradead.org, Sreekanth Reddy Subject: [PATCH v2] mpt2sas: mpt3sas: Fix memory corruption during initialization Date: Tue, 12 May 2015 16:45:52 +0530 Message-Id: <1431429352-40723-1-git-send-email-Sreekanth.Reddy@avagotech.com> X-Mailer: git-send-email 2.0.2 Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Added mutex lock 'probe_devices_in_progress_mutex' to protect from corruption of sas_device_init_list list while adding the device's saved in the sas_device_init_list list to SML. In the _scsih_device_remove_by_handle() function, firmware event handling thread will be waiting for the other thread to complete it's work of registering the sas device's saved in the sas_device_init_list list with the SML before it free's the removal device's data (if the device's data is alread freed then this thread will simple exit from this function). Signed-off-by: Sreekanth Reddy --- drivers/scsi/mpt2sas/mpt2sas_base.h | 1 + drivers/scsi/mpt2sas/mpt2sas_scsih.c | 7 +++++++ drivers/scsi/mpt3sas/mpt3sas_base.h | 1 + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 7 +++++++ 4 files changed, 16 insertions(+) diff --git a/drivers/scsi/mpt2sas/mpt2sas_base.h b/drivers/scsi/mpt2sas/mpt2sas_base.h index caff8d1..283c59f 100644 --- a/drivers/scsi/mpt2sas/mpt2sas_base.h +++ b/drivers/scsi/mpt2sas/mpt2sas_base.h @@ -835,6 +835,7 @@ struct MPT2SAS_ADAPTER { u8 shost_recovery; struct mutex reset_in_progress_mutex; + struct mutex probe_devices_in_progress_mutex; spinlock_t ioc_reset_in_progress_lock; u8 ioc_link_reset_in_progress; u8 ioc_reset_in_progress_status; diff --git a/drivers/scsi/mpt2sas/mpt2sas_scsih.c b/drivers/scsi/mpt2sas/mpt2sas_scsih.c index 3f26147..498767a 100644 --- a/drivers/scsi/mpt2sas/mpt2sas_scsih.c +++ b/drivers/scsi/mpt2sas/mpt2sas_scsih.c @@ -5362,6 +5362,8 @@ _scsih_device_remove_by_handle(struct MPT2SAS_ADAPTER *ioc, u16 handle) if (ioc->shost_recovery) return; + mutex_lock(&ioc->probe_devices_in_progress_mutex); + spin_lock_irqsave(&ioc->sas_device_lock, flags); sas_device = _scsih_sas_device_find_by_handle(ioc, handle); if (sas_device) @@ -5369,6 +5371,8 @@ _scsih_device_remove_by_handle(struct MPT2SAS_ADAPTER *ioc, u16 handle) spin_unlock_irqrestore(&ioc->sas_device_lock, flags); if (sas_device) _scsih_remove_device(ioc, sas_device); + + mutex_unlock(&ioc->probe_devices_in_progress_mutex); } /** @@ -8020,6 +8024,7 @@ _scsih_probe_devices(struct MPT2SAS_ADAPTER *ioc) if (!(ioc->facts.ProtocolFlags & MPI2_IOCFACTS_PROTOCOL_SCSI_INITIATOR)) return; /* return when IOC doesn't support initiator mode */ + mutex_lock(&ioc->probe_devices_in_progress_mutex); _scsih_probe_boot_devices(ioc); if (ioc->ir_firmware) { @@ -8036,6 +8041,7 @@ _scsih_probe_devices(struct MPT2SAS_ADAPTER *ioc) } } else _scsih_probe_sas(ioc); + mutex_unlock(&ioc->probe_devices_in_progress_mutex); } @@ -8167,6 +8173,7 @@ _scsih_probe(struct pci_dev *pdev, const struct pci_device_id *id) ioc->schedule_dead_ioc_flush_running_cmds = &_scsih_flush_running_cmds; /* misc semaphores and spin locks */ mutex_init(&ioc->reset_in_progress_mutex); + mutex_init(&ioc->probe_devices_in_progress_mutex); spin_lock_init(&ioc->ioc_reset_in_progress_lock); spin_lock_init(&ioc->scsi_lookup_lock); spin_lock_init(&ioc->sas_device_lock); diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.h b/drivers/scsi/mpt3sas/mpt3sas_base.h index afa8816..ce0090a 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_base.h +++ b/drivers/scsi/mpt3sas/mpt3sas_base.h @@ -768,6 +768,7 @@ struct MPT3SAS_ADAPTER { u8 shost_recovery; struct mutex reset_in_progress_mutex; + struct mutex probe_devices_in_progress_mutex; spinlock_t ioc_reset_in_progress_lock; u8 ioc_link_reset_in_progress; u8 ioc_reset_in_progress_status; diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c index 5a97e32..b1bec24 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c +++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c @@ -608,6 +608,8 @@ _scsih_device_remove_by_handle(struct MPT3SAS_ADAPTER *ioc, u16 handle) if (ioc->shost_recovery) return; + mutex_lock(&ioc->probe_devices_in_progress_mutex); + spin_lock_irqsave(&ioc->sas_device_lock, flags); sas_device = _scsih_sas_device_find_by_handle(ioc, handle); if (sas_device) @@ -615,6 +617,8 @@ _scsih_device_remove_by_handle(struct MPT3SAS_ADAPTER *ioc, u16 handle) spin_unlock_irqrestore(&ioc->sas_device_lock, flags); if (sas_device) _scsih_remove_device(ioc, sas_device); + + mutex_unlock(&ioc->probe_devices_in_progress_mutex); } /** @@ -7656,6 +7660,7 @@ _scsih_probe_devices(struct MPT3SAS_ADAPTER *ioc) if (!(ioc->facts.ProtocolFlags & MPI2_IOCFACTS_PROTOCOL_SCSI_INITIATOR)) return; /* return when IOC doesn't support initiator mode */ + mutex_lock(&ioc->probe_devices_in_progress_mutex); _scsih_probe_boot_devices(ioc); if (ioc->ir_firmware) { @@ -7672,6 +7677,7 @@ _scsih_probe_devices(struct MPT3SAS_ADAPTER *ioc) } } else _scsih_probe_sas(ioc); + mutex_unlock(&ioc->probe_devices_in_progress_mutex); } /** @@ -7797,6 +7803,7 @@ _scsih_probe(struct pci_dev *pdev, const struct pci_device_id *id) ioc->schedule_dead_ioc_flush_running_cmds = &_scsih_flush_running_cmds; /* misc semaphores and spin locks */ mutex_init(&ioc->reset_in_progress_mutex); + mutex_init(&ioc->probe_devices_in_progress_mutex); spin_lock_init(&ioc->ioc_reset_in_progress_lock); spin_lock_init(&ioc->scsi_lookup_lock); spin_lock_init(&ioc->sas_device_lock);