* [PATCH] scsi/atari_scsi: Fix race condition between .queuecommand and EH
@ 2020-11-20 4:39 Finn Thain
2020-11-20 7:33 ` Michael Schmitz
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Finn Thain @ 2020-11-20 4:39 UTC (permalink / raw)
To: Michael Schmitz, James E.J. Bottomley, Martin K. Petersen
Cc: linux-scsi, linux-kernel
It is possible that bus_reset_cleanup() or .eh_abort_handler could
be invoked during NCR5380_queuecommand(). If that takes place before
the new command is enqueued and after the ST-DMA "lock" has been
acquired, the ST-DMA "lock" will be released again. This will result
in a lost DMA interrupt and a command timeout. Fix this by excluding
EH and interrupt handlers while the new command is enqueued.
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
---
Michael, would you please send your Acked-by or Reviewed-and-tested-by?
These two patches taken together should be equivalent to the one you tested
recently. I've split it into two as that seemed to make more sense.
---
drivers/scsi/NCR5380.c | 9 ++++++---
drivers/scsi/atari_scsi.c | 10 +++-------
2 files changed, 9 insertions(+), 10 deletions(-)
diff --git a/drivers/scsi/NCR5380.c b/drivers/scsi/NCR5380.c
index d654a6cc4162..ea4b5749e7da 100644
--- a/drivers/scsi/NCR5380.c
+++ b/drivers/scsi/NCR5380.c
@@ -580,11 +580,14 @@ static int NCR5380_queue_command(struct Scsi_Host *instance,
cmd->result = 0;
- if (!NCR5380_acquire_dma_irq(instance))
- return SCSI_MLQUEUE_HOST_BUSY;
-
spin_lock_irqsave(&hostdata->lock, flags);
+ if (!NCR5380_acquire_dma_irq(instance)) {
+ spin_unlock_irqrestore(&hostdata->lock, flags);
+
+ return SCSI_MLQUEUE_HOST_BUSY;
+ }
+
/*
* Insert the cmd into the issue queue. Note that REQUEST SENSE
* commands are added to the head of the queue since any command will
diff --git a/drivers/scsi/atari_scsi.c b/drivers/scsi/atari_scsi.c
index a82b63a66635..95d7a3586083 100644
--- a/drivers/scsi/atari_scsi.c
+++ b/drivers/scsi/atari_scsi.c
@@ -376,15 +376,11 @@ static int falcon_get_lock(struct Scsi_Host *instance)
if (IS_A_TT())
return 1;
- if (stdma_is_locked_by(scsi_falcon_intr) &&
- instance->hostt->can_queue > 1)
+ if (stdma_is_locked_by(scsi_falcon_intr))
return 1;
- if (in_interrupt())
- return stdma_try_lock(scsi_falcon_intr, instance);
-
- stdma_lock(scsi_falcon_intr, instance);
- return 1;
+ /* stdma_lock() may sleep which means it can't be used here */
+ return stdma_try_lock(scsi_falcon_intr, instance);
}
#ifndef MODULE
--
2.26.2
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH] scsi/atari_scsi: Fix race condition between .queuecommand and EH
2020-11-20 4:39 [PATCH] scsi/atari_scsi: Fix race condition between .queuecommand and EH Finn Thain
@ 2020-11-20 7:33 ` Michael Schmitz
2020-11-24 3:14 ` Martin K. Petersen
2020-12-01 5:04 ` Martin K. Petersen
2 siblings, 0 replies; 4+ messages in thread
From: Michael Schmitz @ 2020-11-20 7:33 UTC (permalink / raw)
To: Finn Thain, James E.J. Bottomley, Martin K. Petersen
Cc: linux-scsi, linux-kernel
Hi Finn,
thanks for your patch!
Tested on Atari Falcon (with falconide, and pata_falcon modules).
Reviewed-by: Michael Schmitz <schmitzmic@gmail.com>
Tested-by: Michael Schmitz <schmitzmic@gmail.com>
Am 20.11.2020 um 17:39 schrieb Finn Thain:
> It is possible that bus_reset_cleanup() or .eh_abort_handler could
> be invoked during NCR5380_queuecommand(). If that takes place before
> the new command is enqueued and after the ST-DMA "lock" has been
> acquired, the ST-DMA "lock" will be released again. This will result
> in a lost DMA interrupt and a command timeout. Fix this by excluding
> EH and interrupt handlers while the new command is enqueued.
>
> Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
> ---
> Michael, would you please send your Acked-by or Reviewed-and-tested-by?
> These two patches taken together should be equivalent to the one you tested
> recently. I've split it into two as that seemed to make more sense.
> ---
> drivers/scsi/NCR5380.c | 9 ++++++---
> drivers/scsi/atari_scsi.c | 10 +++-------
> 2 files changed, 9 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/scsi/NCR5380.c b/drivers/scsi/NCR5380.c
> index d654a6cc4162..ea4b5749e7da 100644
> --- a/drivers/scsi/NCR5380.c
> +++ b/drivers/scsi/NCR5380.c
> @@ -580,11 +580,14 @@ static int NCR5380_queue_command(struct Scsi_Host *instance,
>
> cmd->result = 0;
>
> - if (!NCR5380_acquire_dma_irq(instance))
> - return SCSI_MLQUEUE_HOST_BUSY;
> -
> spin_lock_irqsave(&hostdata->lock, flags);
>
> + if (!NCR5380_acquire_dma_irq(instance)) {
> + spin_unlock_irqrestore(&hostdata->lock, flags);
> +
> + return SCSI_MLQUEUE_HOST_BUSY;
> + }
> +
> /*
> * Insert the cmd into the issue queue. Note that REQUEST SENSE
> * commands are added to the head of the queue since any command will
> diff --git a/drivers/scsi/atari_scsi.c b/drivers/scsi/atari_scsi.c
> index a82b63a66635..95d7a3586083 100644
> --- a/drivers/scsi/atari_scsi.c
> +++ b/drivers/scsi/atari_scsi.c
> @@ -376,15 +376,11 @@ static int falcon_get_lock(struct Scsi_Host *instance)
> if (IS_A_TT())
> return 1;
>
> - if (stdma_is_locked_by(scsi_falcon_intr) &&
> - instance->hostt->can_queue > 1)
> + if (stdma_is_locked_by(scsi_falcon_intr))
> return 1;
>
> - if (in_interrupt())
> - return stdma_try_lock(scsi_falcon_intr, instance);
> -
> - stdma_lock(scsi_falcon_intr, instance);
> - return 1;
> + /* stdma_lock() may sleep which means it can't be used here */
> + return stdma_try_lock(scsi_falcon_intr, instance);
> }
>
> #ifndef MODULE
>
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH] scsi/atari_scsi: Fix race condition between .queuecommand and EH
2020-11-20 4:39 [PATCH] scsi/atari_scsi: Fix race condition between .queuecommand and EH Finn Thain
2020-11-20 7:33 ` Michael Schmitz
@ 2020-11-24 3:14 ` Martin K. Petersen
2020-12-01 5:04 ` Martin K. Petersen
2 siblings, 0 replies; 4+ messages in thread
From: Martin K. Petersen @ 2020-11-24 3:14 UTC (permalink / raw)
To: Finn Thain
Cc: Michael Schmitz, James E.J. Bottomley, Martin K. Petersen,
linux-scsi, linux-kernel
Finn,
> It is possible that bus_reset_cleanup() or .eh_abort_handler could be
> invoked during NCR5380_queuecommand(). If that takes place before the
> new command is enqueued and after the ST-DMA "lock" has been acquired,
> the ST-DMA "lock" will be released again. This will result in a lost
> DMA interrupt and a command timeout. Fix this by excluding EH and
> interrupt handlers while the new command is enqueued.
Applied to 5.11/scsi-staging, thanks!
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] scsi/atari_scsi: Fix race condition between .queuecommand and EH
2020-11-20 4:39 [PATCH] scsi/atari_scsi: Fix race condition between .queuecommand and EH Finn Thain
2020-11-20 7:33 ` Michael Schmitz
2020-11-24 3:14 ` Martin K. Petersen
@ 2020-12-01 5:04 ` Martin K. Petersen
2 siblings, 0 replies; 4+ messages in thread
From: Martin K. Petersen @ 2020-12-01 5:04 UTC (permalink / raw)
To: Michael Schmitz, James E.J. Bottomley, Finn Thain
Cc: Martin K . Petersen, linux-scsi, linux-kernel
On Fri, 20 Nov 2020 15:39:56 +1100, Finn Thain wrote:
> It is possible that bus_reset_cleanup() or .eh_abort_handler could
> be invoked during NCR5380_queuecommand(). If that takes place before
> the new command is enqueued and after the ST-DMA "lock" has been
> acquired, the ST-DMA "lock" will be released again. This will result
> in a lost DMA interrupt and a command timeout. Fix this by excluding
> EH and interrupt handlers while the new command is enqueued.
Applied to 5.11/scsi-queue, thanks!
[1/1] scsi: atari_scsi: Fix race condition between .queuecommand and EH
https://git.kernel.org/mkp/scsi/c/03fe6a640a05
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-12-01 5:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-20 4:39 [PATCH] scsi/atari_scsi: Fix race condition between .queuecommand and EH Finn Thain
2020-11-20 7:33 ` Michael Schmitz
2020-11-24 3:14 ` Martin K. Petersen
2020-12-01 5:04 ` Martin K. Petersen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).