| Message ID | 20240411234731.810968-1-dlemoal@kernel.org (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | ata: libata-scsi: Fix ata_scsi_port_error_handler() error path | expand |
On Fri, Apr 12, 2024 at 08:47:31AM +0900, Damien Le Moal wrote: > Commit 0c76106cb975 ("scsi: sd: Fix TCG OPAL unlock on system resume") > incorrectly handles scsi_resume_device() errors, leading to a double > call to spin_unlock_irqrestore() to unlock a device port. Fix this by > redefining the goto labels used in case of error and only unlock the > port scsi_scan_mutex when scsi_resume_device() fails. > > Bug found with the Smatch static checker warning: > > drivers/ata/libata-scsi.c:4774 ata_scsi_dev_rescan() > error: double unlocked 'ap->lock' (orig line 4757) > > Reported-by: Dan Carpenter <dan.carpenter@linaro.org> > Fixes: 0c76106cb975 ("scsi: sd: Fix TCG OPAL unlock on system resume") > Cc: stable@vger.kernel.org > Signed-off-by: Damien Le Moal <dlemoal@kernel.org> > --- > drivers/ata/libata-scsi.c | 9 +++++---- > 1 file changed, 5 insertions(+), 4 deletions(-) > > diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c > index 2f4c58837641..e954976891a9 100644 > --- a/drivers/ata/libata-scsi.c > +++ b/drivers/ata/libata-scsi.c > @@ -4745,7 +4745,7 @@ void ata_scsi_dev_rescan(struct work_struct *work) > * bail out. > */ > if (ap->pflags & ATA_PFLAG_SUSPENDED) > - goto unlock; > + goto unlock_ap; > > if (!sdev) > continue; > @@ -4758,7 +4758,7 @@ void ata_scsi_dev_rescan(struct work_struct *work) > if (do_resume) { > ret = scsi_resume_device(sdev); > if (ret == -EWOULDBLOCK) > - goto unlock; > + goto unlock_scan; > dev->flags &= ~ATA_DFLAG_RESUMING; > } > ret = scsi_rescan_device(sdev); > @@ -4766,12 +4766,13 @@ void ata_scsi_dev_rescan(struct work_struct *work) > spin_lock_irqsave(ap->lock, flags); > > if (ret) > - goto unlock; > + goto unlock_ap; > } > } > > -unlock: > +unlock_ap: > spin_unlock_irqrestore(ap->lock, flags); > +unlock_scan: > mutex_unlock(&ap->scsi_scan_mutex); > > /* Reschedule with a delay if scsi_rescan_device() returned an error */ > -- > 2.44.0 > Subject: [PATCH] ata: libata-scsi: Fix ata_scsi_port_error_handler() error path ata_scsi_port_error_handler() ? How did you come up with that? :) Wrong copy paste? s/ata_scsi_port_error_handler()/ata_scsi_dev_rescan()/ With that: Reviewed-by: Niklas Cassel <cassel@kernel.org>
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index 2f4c58837641..e954976891a9 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -4745,7 +4745,7 @@ void ata_scsi_dev_rescan(struct work_struct *work) * bail out. */ if (ap->pflags & ATA_PFLAG_SUSPENDED) - goto unlock; + goto unlock_ap; if (!sdev) continue; @@ -4758,7 +4758,7 @@ void ata_scsi_dev_rescan(struct work_struct *work) if (do_resume) { ret = scsi_resume_device(sdev); if (ret == -EWOULDBLOCK) - goto unlock; + goto unlock_scan; dev->flags &= ~ATA_DFLAG_RESUMING; } ret = scsi_rescan_device(sdev); @@ -4766,12 +4766,13 @@ void ata_scsi_dev_rescan(struct work_struct *work) spin_lock_irqsave(ap->lock, flags); if (ret) - goto unlock; + goto unlock_ap; } } -unlock: +unlock_ap: spin_unlock_irqrestore(ap->lock, flags); +unlock_scan: mutex_unlock(&ap->scsi_scan_mutex); /* Reschedule with a delay if scsi_rescan_device() returned an error */
Commit 0c76106cb975 ("scsi: sd: Fix TCG OPAL unlock on system resume") incorrectly handles scsi_resume_device() errors, leading to a double call to spin_unlock_irqrestore() to unlock a device port. Fix this by redefining the goto labels used in case of error and only unlock the port scsi_scan_mutex when scsi_resume_device() fails. Bug found with the Smatch static checker warning: drivers/ata/libata-scsi.c:4774 ata_scsi_dev_rescan() error: double unlocked 'ap->lock' (orig line 4757) Reported-by: Dan Carpenter <dan.carpenter@linaro.org> Fixes: 0c76106cb975 ("scsi: sd: Fix TCG OPAL unlock on system resume") Cc: stable@vger.kernel.org Signed-off-by: Damien Le Moal <dlemoal@kernel.org> --- drivers/ata/libata-scsi.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)