[PATCH v1] scsi: ufs: fix tm cmd timeout/ISR racing issue
Bart Van Assche
bvanassche at acm.org
Mon Nov 15 11:49:42 PST 2021
On 11/11/21 1:49 AM, peter.wang at mediatek.com wrote:
> From: Peter Wang <peter.wang at mediatek.com>
>
> When tmc 100 ms timeout and recevied tmc complete ISR concurrently,
> Bug happen because complete NULL poiner and KE.
> Fix this racing issue by check NULL and use host_lock protect.
>
> Signed-off-by: Peter Wang <peter.wang at mediatek.com>
> ---
> drivers/scsi/ufs/ufshcd.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
> index 5c6a58a666d2..6821ceb6783e 100644
> --- a/drivers/scsi/ufs/ufshcd.c
> +++ b/drivers/scsi/ufs/ufshcd.c
> @@ -6442,7 +6442,8 @@ static irqreturn_t ufshcd_tmc_handler(struct ufs_hba *hba)
> struct request *req = hba->tmf_rqs[tag];
> struct completion *c = req->end_io_data;
>
> - complete(c);
> + if (c)
> + complete(c);
> ret = IRQ_HANDLED;
> }
> spin_unlock_irqrestore(hba->host->host_lock, flags);
> @@ -6597,7 +6598,10 @@ static int __ufshcd_issue_tm_cmd(struct ufs_hba *hba,
> * Make sure that ufshcd_compl_tm() does not trigger a
> * use-after-free.
> */
> + spin_lock_irqsave(hba->host->host_lock, flags);
> req->end_io_data = NULL;
> + spin_unlock_irqrestore(hba->host->host_lock, flags);
> +
> ufshcd_add_tm_upiu_trace(hba, task_tag, UFS_TM_ERR);
> dev_err(hba->dev, "%s: task management cmd 0x%.2x timed-out\n",
> __func__, tm_function);
Isn't this already addressed by Adrian Hunter's patches? See also
https://lore.kernel.org/linux-scsi/20211108064815.569494-1-adrian.hunter@intel.com/
Thanks,
Bart.
More information about the Linux-mediatek
mailing list