[PATCH v3 1/2] ufs: core: fix ufshcd_clear_cmd racing issue
Bart Van Assche
bvanassche at acm.org
Fri Jun 28 12:25:41 PDT 2024
On 6/28/24 12:00 AM, peter.wang at mediatek.com wrote:
> From: Peter Wang <peter.wang at mediatek.com>
>
> When ufshcd_clear_cmd racing with complete ISR,
> the completed tag of request's mq_hctx pointer will set NULL by ISR.
> And ufshcd_clear_cmd call ufshcd_mcq_req_to_hwq will get NULL pointer KE.
> Return success when request is completed by ISR beacuse sq dosen't
> need cleanup.
>
> The racing flow is:
>
> Thread A
> ufshcd_err_handler step 1
> ufshcd_try_to_abort_task
> ufshcd_cmd_inflight(true) step 3
> ufshcd_clear_cmd
> ...
> ufshcd_mcq_req_to_hwq
> blk_mq_unique_tag
> rq->mq_hctx->queue_num step 5
>
> Thread B
> ufs_mtk_mcq_intr(cq complete ISR) step 2
> scsi_done
> ...
> __blk_mq_free_request
> rq->mq_hctx = NULL; step 4
Reviewed-by: Bart Van Assche <bvanassche at acm.org>
More information about the Linux-mediatek
mailing list