Message ID | af25163257796b50bb99d4ede4025cea55787b8f.1605847196.git.fthain@telegraphics.com.au |
---|---|
State | New |
Headers | show |
Series | scsi/atari_scsi: Fix race condition between .queuecommand and EH | expand |
Finn, > It is possible that bus_reset_cleanup() or .eh_abort_handler could be > invoked during NCR5380_queuecommand(). If that takes place before the > new command is enqueued and after the ST-DMA "lock" has been acquired, > the ST-DMA "lock" will be released again. This will result in a lost > DMA interrupt and a command timeout. Fix this by excluding EH and > interrupt handlers while the new command is enqueued. Applied to 5.11/scsi-staging, thanks! -- Martin K. Petersen Oracle Linux Engineering
On Fri, 20 Nov 2020 15:39:56 +1100, Finn Thain wrote: > It is possible that bus_reset_cleanup() or .eh_abort_handler could > be invoked during NCR5380_queuecommand(). If that takes place before > the new command is enqueued and after the ST-DMA "lock" has been > acquired, the ST-DMA "lock" will be released again. This will result > in a lost DMA interrupt and a command timeout. Fix this by excluding > EH and interrupt handlers while the new command is enqueued. Applied to 5.11/scsi-queue, thanks! [1/1] scsi: atari_scsi: Fix race condition between .queuecommand and EH https://git.kernel.org/mkp/scsi/c/03fe6a640a05 -- Martin K. Petersen Oracle Linux Engineering
diff --git a/drivers/scsi/NCR5380.c b/drivers/scsi/NCR5380.c index d654a6cc4162..ea4b5749e7da 100644 --- a/drivers/scsi/NCR5380.c +++ b/drivers/scsi/NCR5380.c @@ -580,11 +580,14 @@ static int NCR5380_queue_command(struct Scsi_Host *instance, cmd->result = 0; - if (!NCR5380_acquire_dma_irq(instance)) - return SCSI_MLQUEUE_HOST_BUSY; - spin_lock_irqsave(&hostdata->lock, flags); + if (!NCR5380_acquire_dma_irq(instance)) { + spin_unlock_irqrestore(&hostdata->lock, flags); + + return SCSI_MLQUEUE_HOST_BUSY; + } + /* * Insert the cmd into the issue queue. Note that REQUEST SENSE * commands are added to the head of the queue since any command will diff --git a/drivers/scsi/atari_scsi.c b/drivers/scsi/atari_scsi.c index a82b63a66635..95d7a3586083 100644 --- a/drivers/scsi/atari_scsi.c +++ b/drivers/scsi/atari_scsi.c @@ -376,15 +376,11 @@ static int falcon_get_lock(struct Scsi_Host *instance) if (IS_A_TT()) return 1; - if (stdma_is_locked_by(scsi_falcon_intr) && - instance->hostt->can_queue > 1) + if (stdma_is_locked_by(scsi_falcon_intr)) return 1; - if (in_interrupt()) - return stdma_try_lock(scsi_falcon_intr, instance); - - stdma_lock(scsi_falcon_intr, instance); - return 1; + /* stdma_lock() may sleep which means it can't be used here */ + return stdma_try_lock(scsi_falcon_intr, instance); } #ifndef MODULE
It is possible that bus_reset_cleanup() or .eh_abort_handler could be invoked during NCR5380_queuecommand(). If that takes place before the new command is enqueued and after the ST-DMA "lock" has been acquired, the ST-DMA "lock" will be released again. This will result in a lost DMA interrupt and a command timeout. Fix this by excluding EH and interrupt handlers while the new command is enqueued. Signed-off-by: Finn Thain <fthain@telegraphics.com.au> --- Michael, would you please send your Acked-by or Reviewed-and-tested-by? These two patches taken together should be equivalent to the one you tested recently. I've split it into two as that seemed to make more sense. --- drivers/scsi/NCR5380.c | 9 ++++++--- drivers/scsi/atari_scsi.c | 10 +++------- 2 files changed, 9 insertions(+), 10 deletions(-)