| Message ID | 20211008084048.257498-1-adrian.hunter@intel.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [V2] scsi: ufs: core: Fix synchronization between scsi_unjam_host() and ufshcd_queuecommand() | expand |
On 10/8/2021 1:40 AM, Adrian Hunter wrote: > The SCSI error handler calls scsi_unjam_host() which can call the queue > function ufshcd_queuecommand() indirectly. The error handler changes the > state to UFSHCD_STATE_RESET while running, but error interrupts that > happen while the error handler is running could change the state to > UFSHCD_STATE_EH_SCHEDULED_NON_FATAL which would allow requests to go > through ufshcd_queuecommand() even though the error handler is running. > Block that hole by checking whether the error handler is in progress. > > Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> > --- LGTM. Reviewed-by: Asutosh Das <asutoshd@codeaurora.org> > > Changes in V2: > > Add comment > > drivers/scsi/ufs/ufshcd.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c > index f34227add27d..29d202207b18 100644 > --- a/drivers/scsi/ufs/ufshcd.c > +++ b/drivers/scsi/ufs/ufshcd.c > @@ -2688,7 +2688,19 @@ static int ufshcd_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd) > > switch (hba->ufshcd_state) { > case UFSHCD_STATE_OPERATIONAL: > + break; > case UFSHCD_STATE_EH_SCHEDULED_NON_FATAL: > + /* > + * SCSI error handler can call ->queuecommand() while UFS error > + * handler is in progress. Error interrupts could change the > + * state from UFSHCD_STATE_RESET to > + * UFSHCD_STATE_EH_SCHEDULED_NON_FATAL. Prevent requests > + * being issued in that case. > + */ > + if (ufshcd_eh_in_progress(hba)) { > + err = SCSI_MLQUEUE_HOST_BUSY; > + goto out; > + } > break; > case UFSHCD_STATE_EH_SCHEDULED_FATAL: > /* >
Adrian, > The SCSI error handler calls scsi_unjam_host() which can call the queue > function ufshcd_queuecommand() indirectly. The error handler changes the > state to UFSHCD_STATE_RESET while running, but error interrupts that > happen while the error handler is running could change the state to > UFSHCD_STATE_EH_SCHEDULED_NON_FATAL which would allow requests to go > through ufshcd_queuecommand() even though the error handler is running. > Block that hole by checking whether the error handler is in progress. Applied to 5.16/scsi-staging, thanks!
On Fri, 8 Oct 2021 11:40:48 +0300, Adrian Hunter wrote: > The SCSI error handler calls scsi_unjam_host() which can call the queue > function ufshcd_queuecommand() indirectly. The error handler changes the > state to UFSHCD_STATE_RESET while running, but error interrupts that > happen while the error handler is running could change the state to > UFSHCD_STATE_EH_SCHEDULED_NON_FATAL which would allow requests to go > through ufshcd_queuecommand() even though the error handler is running. > Block that hole by checking whether the error handler is in progress. > > [...] Applied to 5.16/scsi-queue, thanks! [1/1] scsi: ufs: core: Fix synchronization between scsi_unjam_host() and ufshcd_queuecommand() https://git.kernel.org/mkp/scsi/c/d489f18ad1fc
diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index f34227add27d..29d202207b18 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -2688,7 +2688,19 @@ static int ufshcd_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd) switch (hba->ufshcd_state) { case UFSHCD_STATE_OPERATIONAL: + break; case UFSHCD_STATE_EH_SCHEDULED_NON_FATAL: + /* + * SCSI error handler can call ->queuecommand() while UFS error + * handler is in progress. Error interrupts could change the + * state from UFSHCD_STATE_RESET to + * UFSHCD_STATE_EH_SCHEDULED_NON_FATAL. Prevent requests + * being issued in that case. + */ + if (ufshcd_eh_in_progress(hba)) { + err = SCSI_MLQUEUE_HOST_BUSY; + goto out; + } break; case UFSHCD_STATE_EH_SCHEDULED_FATAL: /*
The SCSI error handler calls scsi_unjam_host() which can call the queue function ufshcd_queuecommand() indirectly. The error handler changes the state to UFSHCD_STATE_RESET while running, but error interrupts that happen while the error handler is running could change the state to UFSHCD_STATE_EH_SCHEDULED_NON_FATAL which would allow requests to go through ufshcd_queuecommand() even though the error handler is running. Block that hole by checking whether the error handler is in progress. Signed-off-by: Adrian Hunter <adrian.hunter@intel.com> --- Changes in V2: Add comment drivers/scsi/ufs/ufshcd.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)