| Message ID | 20220208185448.6206-1-michael.christie@oracle.com |
|---|---|
| State | New |
| Headers | show |
| Series | [1/1] scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() | expand |
On Tue, 8 Feb 2022 12:54:48 -0600, Mike Christie wrote: > This fixes a deadlock added with: > commit b40f3894e39e ("scsi: qedi: Complete TMF works before disconnect") > > Bug description from Jia-Ju Bai <baijiaju1990@gmail.com> > > qedi_process_tmf_resp() > spin_lock(&session->back_lock); --> Line 201 (Lock A) > spin_lock(&qedi_conn->tmf_work_lock); --> Line 230 (Lock B) > > [...] Applied to 5.17/scsi-fixes, thanks! [1/1] scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() https://git.kernel.org/mkp/scsi/c/f10f582d2822
diff --git a/drivers/scsi/qedi/qedi_fw.c b/drivers/scsi/qedi/qedi_fw.c index 5916ed7662d5..4eb89aa4a39d 100644 --- a/drivers/scsi/qedi/qedi_fw.c +++ b/drivers/scsi/qedi/qedi_fw.c @@ -771,11 +771,10 @@ static void qedi_process_cmd_cleanup_resp(struct qedi_ctx *qedi, qedi_cmd->list_tmf_work = NULL; } } + spin_unlock_bh(&qedi_conn->tmf_work_lock); - if (!found) { - spin_unlock_bh(&qedi_conn->tmf_work_lock); + if (!found) goto check_cleanup_reqs; - } QEDI_INFO(&qedi->dbg_ctx, QEDI_LOG_SCSI_TM, "TMF work, cqe->tid=0x%x, tmf flags=0x%x, cid=0x%x\n", @@ -806,7 +805,6 @@ static void qedi_process_cmd_cleanup_resp(struct qedi_ctx *qedi, qedi_cmd->state = CLEANUP_RECV; unlock: spin_unlock_bh(&conn->session->back_lock); - spin_unlock_bh(&qedi_conn->tmf_work_lock); wake_up_interruptible(&qedi_conn->wait_queue); return;
This fixes a deadlock added with: commit b40f3894e39e ("scsi: qedi: Complete TMF works before disconnect") Bug description from Jia-Ju Bai <baijiaju1990@gmail.com> qedi_process_tmf_resp() spin_lock(&session->back_lock); --> Line 201 (Lock A) spin_lock(&qedi_conn->tmf_work_lock); --> Line 230 (Lock B) qedi_process_cmd_cleanup_resp() spin_lock_bh(&qedi_conn->tmf_work_lock); --> Line 752 (Lock B) spin_lock_bh(&conn->session->back_lock); --> Line 784 (Lock A) When qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() are concurrently executed, the deadlock can occur. This patch fixes the deadlock by not holding the tmf_work_lock in qedi_process_cmd_cleanup_resp while holding the back_lock. The tmf_work_lock is only needed while we remove the tmf_work from the work_list. Fixes: b40f3894e39e ("scsi: qedi: Complete TMF works before disconnect") Reported-by: TOTE Robot <oslab@tsinghua.edu.cn> Reported-by: Jia-Ju Bai <baijiaju1990@gmail.com> Cc: Manish Rangankar <mrangankar@marvell.com> Cc: Nilesh Javali <njavali@marvell.com> Signed-off-by: Mike Christie <michael.christie@oracle.com> --- drivers/scsi/qedi/qedi_fw.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)