| Message ID | af25163257796b50bb99d4ede4025cea55787b8f.1605847196.git.fthain@telegraphics.com.au (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | scsi/atari_scsi: Fix race condition between .queuecommand and EH | expand |
Hi Finn, thanks for your patch! Tested on Atari Falcon (with falconide, and pata_falcon modules). Reviewed-by: Michael Schmitz <schmitzmic@gmail.com> Tested-by: Michael Schmitz <schmitzmic@gmail.com> Am 20.11.2020 um 17:39 schrieb Finn Thain: > It is possible that bus_reset_cleanup() or .eh_abort_handler could > be invoked during NCR5380_queuecommand(). If that takes place before > the new command is enqueued and after the ST-DMA "lock" has been > acquired, the ST-DMA "lock" will be released again. This will result > in a lost DMA interrupt and a command timeout. Fix this by excluding > EH and interrupt handlers while the new command is enqueued. > > Signed-off-by: Finn Thain <fthain@telegraphics.com.au> > --- > Michael, would you please send your Acked-by or Reviewed-and-tested-by? > These two patches taken together should be equivalent to the one you tested > recently. I've split it into two as that seemed to make more sense. > --- > drivers/scsi/NCR5380.c | 9 ++++++--- > drivers/scsi/atari_scsi.c | 10 +++------- > 2 files changed, 9 insertions(+), 10 deletions(-) > > diff --git a/drivers/scsi/NCR5380.c b/drivers/scsi/NCR5380.c > index d654a6cc4162..ea4b5749e7da 100644 > --- a/drivers/scsi/NCR5380.c > +++ b/drivers/scsi/NCR5380.c > @@ -580,11 +580,14 @@ static int NCR5380_queue_command(struct Scsi_Host *instance, > > cmd->result = 0; > > - if (!NCR5380_acquire_dma_irq(instance)) > - return SCSI_MLQUEUE_HOST_BUSY; > - > spin_lock_irqsave(&hostdata->lock, flags); > > + if (!NCR5380_acquire_dma_irq(instance)) { > + spin_unlock_irqrestore(&hostdata->lock, flags); > + > + return SCSI_MLQUEUE_HOST_BUSY; > + } > + > /* > * Insert the cmd into the issue queue. Note that REQUEST SENSE > * commands are added to the head of the queue since any command will > diff --git a/drivers/scsi/atari_scsi.c b/drivers/scsi/atari_scsi.c > index a82b63a66635..95d7a3586083 100644 > --- a/drivers/scsi/atari_scsi.c > +++ b/drivers/scsi/atari_scsi.c > @@ -376,15 +376,11 @@ static int falcon_get_lock(struct Scsi_Host *instance) > if (IS_A_TT()) > return 1; > > - if (stdma_is_locked_by(scsi_falcon_intr) && > - instance->hostt->can_queue > 1) > + if (stdma_is_locked_by(scsi_falcon_intr)) > return 1; > > - if (in_interrupt()) > - return stdma_try_lock(scsi_falcon_intr, instance); > - > - stdma_lock(scsi_falcon_intr, instance); > - return 1; > + /* stdma_lock() may sleep which means it can't be used here */ > + return stdma_try_lock(scsi_falcon_intr, instance); > } > > #ifndef MODULE >
Finn, > It is possible that bus_reset_cleanup() or .eh_abort_handler could be > invoked during NCR5380_queuecommand(). If that takes place before the > new command is enqueued and after the ST-DMA "lock" has been acquired, > the ST-DMA "lock" will be released again. This will result in a lost > DMA interrupt and a command timeout. Fix this by excluding EH and > interrupt handlers while the new command is enqueued. Applied to 5.11/scsi-staging, thanks!
On Fri, 20 Nov 2020 15:39:56 +1100, Finn Thain wrote: > It is possible that bus_reset_cleanup() or .eh_abort_handler could > be invoked during NCR5380_queuecommand(). If that takes place before > the new command is enqueued and after the ST-DMA "lock" has been > acquired, the ST-DMA "lock" will be released again. This will result > in a lost DMA interrupt and a command timeout. Fix this by excluding > EH and interrupt handlers while the new command is enqueued. Applied to 5.11/scsi-queue, thanks! [1/1] scsi: atari_scsi: Fix race condition between .queuecommand and EH https://git.kernel.org/mkp/scsi/c/03fe6a640a05
diff --git a/drivers/scsi/NCR5380.c b/drivers/scsi/NCR5380.c index d654a6cc4162..ea4b5749e7da 100644 --- a/drivers/scsi/NCR5380.c +++ b/drivers/scsi/NCR5380.c @@ -580,11 +580,14 @@ static int NCR5380_queue_command(struct Scsi_Host *instance, cmd->result = 0; - if (!NCR5380_acquire_dma_irq(instance)) - return SCSI_MLQUEUE_HOST_BUSY; - spin_lock_irqsave(&hostdata->lock, flags); + if (!NCR5380_acquire_dma_irq(instance)) { + spin_unlock_irqrestore(&hostdata->lock, flags); + + return SCSI_MLQUEUE_HOST_BUSY; + } + /* * Insert the cmd into the issue queue. Note that REQUEST SENSE * commands are added to the head of the queue since any command will diff --git a/drivers/scsi/atari_scsi.c b/drivers/scsi/atari_scsi.c index a82b63a66635..95d7a3586083 100644 --- a/drivers/scsi/atari_scsi.c +++ b/drivers/scsi/atari_scsi.c @@ -376,15 +376,11 @@ static int falcon_get_lock(struct Scsi_Host *instance) if (IS_A_TT()) return 1; - if (stdma_is_locked_by(scsi_falcon_intr) && - instance->hostt->can_queue > 1) + if (stdma_is_locked_by(scsi_falcon_intr)) return 1; - if (in_interrupt()) - return stdma_try_lock(scsi_falcon_intr, instance); - - stdma_lock(scsi_falcon_intr, instance); - return 1; + /* stdma_lock() may sleep which means it can't be used here */ + return stdma_try_lock(scsi_falcon_intr, instance); } #ifndef MODULE
It is possible that bus_reset_cleanup() or .eh_abort_handler could be invoked during NCR5380_queuecommand(). If that takes place before the new command is enqueued and after the ST-DMA "lock" has been acquired, the ST-DMA "lock" will be released again. This will result in a lost DMA interrupt and a command timeout. Fix this by excluding EH and interrupt handlers while the new command is enqueued. Signed-off-by: Finn Thain <fthain@telegraphics.com.au> --- Michael, would you please send your Acked-by or Reviewed-and-tested-by? These two patches taken together should be equivalent to the one you tested recently. I've split it into two as that seemed to make more sense. --- drivers/scsi/NCR5380.c | 9 ++++++--- drivers/scsi/atari_scsi.c | 10 +++------- 2 files changed, 9 insertions(+), 10 deletions(-)