| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20231024084324.12197-1-alice.chao@mediatek.com>
Date: Tue, 24 Oct 2023 16:43:21 +0800
From: <alice.chao@...iatek.com>
To: Alim Akhtar <alim.akhtar@...sung.com>,
Avri Altman <avri.altman@....com>,
Bart Van Assche <bvanassche@....org>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
Matthias Brugger <matthias.bgg@...il.com>,
AngeloGioacchino Del Regno
<angelogioacchino.delregno@...labora.com>
CC: <wsd_upstream@...iatek.com>, <stanley.chu@...iatek.com>,
<peter.wang@...iatek.com>, <powen.kao@...iatek.com>,
<naomi.chu@...iatek.com>, <cc.chou@...iatek.com>,
<tun-yu.yu@...iatek.com>, <chun-hung.wu@...iatek.com>,
<casper.li@...iatek.com>, Alice Chao <alice.chao@...iatek.com>,
<linux-scsi@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<linux-arm-kernel@...ts.infradead.org>,
<linux-mediatek@...ts.infradead.org>
Subject: [PATCH 1/1] core: ufs: fix racing issue between force complete and isr
From: Alice Chao <alice.chao@...iatek.com>
While error handler force complete command (Thread A) and completion irq
raising (Thread B) of the same command, it may cause race condition.
Below is racing step (from 1 to 6):
ufshcd_mcq_compl_pending_transfer (Thread A)
1 if (cmd && !test_bit(SCMD_STATE_COMPLETE, &cmd->state)) {
5 spin_lock_irqsave(&hwq->cq_lock, flags); // wait lock release
set_host_byte(cmd, DID_REQUEUE);
6 ufshcd_release_scsi_cmd(hba, lrbp); // access null pointer
scsi_done(cmd);
spin_unlock_irqrestore(&hwq->cq_lock, flags);
}
ufshcd_mcq_poll_cqe_lock (Thread B)
2 spin_lock_irqsave(&hwq->cq_lock, flags);
ufshcd_mcq_poll_cqe_nolock()
ufshcd_compl_one_cqe()
3 ufshcd_release_scsi_cmd() // lrbp->cmd = NULL;
4 spin_unlock_irqrestore(&hwq->cq_lock, flags);
Signed-off-by: Alice Chao <alice.chao@...iatek.com>
---
drivers/ufs/core/ufshcd.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c
index 8382e8cfa414..ef6bd146a767 100644
--- a/drivers/ufs/core/ufshcd.c
+++ b/drivers/ufs/core/ufshcd.c
@@ -5518,13 +5518,13 @@ static void ufshcd_mcq_compl_pending_transfer(struct ufs_hba *hba,
* For those cmds of which the cqes are not present
* in the cq, complete them explicitly.
*/
+ spin_lock_irqsave(&hwq->cq_lock, flags);
if (cmd && !test_bit(SCMD_STATE_COMPLETE, &cmd->state)) {
- spin_lock_irqsave(&hwq->cq_lock, flags);
set_host_byte(cmd, DID_REQUEUE);
ufshcd_release_scsi_cmd(hba, lrbp);
scsi_done(cmd);
- spin_unlock_irqrestore(&hwq->cq_lock, flags);
}
+ spin_unlock_irqrestore(&hwq->cq_lock, flags);
} else {
ufshcd_mcq_poll_cqe_lock(hba, hwq);
}
--
2.18.0
Powered by blists - more mailing lists