From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Lijian Zhang <Lijian.Zhang@arm.com>,
Jia He <justin.he@arm.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 09/23] qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
Date: Fri, 6 Aug 2021 10:16:41 +0200 [thread overview]
Message-ID: <20210806081112.445135981@linuxfoundation.org> (raw)
In-Reply-To: <20210806081112.104686873@linuxfoundation.org>
From: Jia He <justin.he@arm.com>
[ Upstream commit 6206b7981a36476f4695d661ae139f7db36a802d ]
Liajian reported a bug_on hit on a ThunderX2 arm64 server with FastLinQ
QL41000 ethernet controller:
BUG: scheduling while atomic: kworker/0:4/531/0x00000200
[qed_probe:488()]hw prepare failed
kernel BUG at mm/vmalloc.c:2355!
Internal error: Oops - BUG: 0 [#1] SMP
CPU: 0 PID: 531 Comm: kworker/0:4 Tainted: G W 5.4.0-77-generic #86-Ubuntu
pstate: 00400009 (nzcv daif +PAN -UAO)
Call trace:
vunmap+0x4c/0x50
iounmap+0x48/0x58
qed_free_pci+0x60/0x80 [qed]
qed_probe+0x35c/0x688 [qed]
__qede_probe+0x88/0x5c8 [qede]
qede_probe+0x60/0xe0 [qede]
local_pci_probe+0x48/0xa0
work_for_cpu_fn+0x24/0x38
process_one_work+0x1d0/0x468
worker_thread+0x238/0x4e0
kthread+0xf0/0x118
ret_from_fork+0x10/0x18
In this case, qed_hw_prepare() returns error due to hw/fw error, but in
theory work queue should be in process context instead of interrupt.
The root cause might be the unpaired spin_{un}lock_bh() in
_qed_mcp_cmd_and_union(), which causes botton half is disabled incorrectly.
Reported-by: Lijian Zhang <Lijian.Zhang@arm.com>
Signed-off-by: Jia He <justin.he@arm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/qlogic/qed/qed_mcp.c | 23 +++++++++++++++++------
1 file changed, 17 insertions(+), 6 deletions(-)
diff --git a/drivers/net/ethernet/qlogic/qed/qed_mcp.c b/drivers/net/ethernet/qlogic/qed/qed_mcp.c
index 9401b49275f0..5d85ae59bc51 100644
--- a/drivers/net/ethernet/qlogic/qed/qed_mcp.c
+++ b/drivers/net/ethernet/qlogic/qed/qed_mcp.c
@@ -498,14 +498,18 @@ _qed_mcp_cmd_and_union(struct qed_hwfn *p_hwfn,
spin_lock_bh(&p_hwfn->mcp_info->cmd_lock);
- if (!qed_mcp_has_pending_cmd(p_hwfn))
+ if (!qed_mcp_has_pending_cmd(p_hwfn)) {
+ spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock);
break;
+ }
rc = qed_mcp_update_pending_cmd(p_hwfn, p_ptt);
- if (!rc)
+ if (!rc) {
+ spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock);
break;
- else if (rc != -EAGAIN)
+ } else if (rc != -EAGAIN) {
goto err;
+ }
spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock);
@@ -522,6 +526,8 @@ _qed_mcp_cmd_and_union(struct qed_hwfn *p_hwfn,
return -EAGAIN;
}
+ spin_lock_bh(&p_hwfn->mcp_info->cmd_lock);
+
/* Send the mailbox command */
qed_mcp_reread_offsets(p_hwfn, p_ptt);
seq_num = ++p_hwfn->mcp_info->drv_mb_seq;
@@ -548,14 +554,18 @@ _qed_mcp_cmd_and_union(struct qed_hwfn *p_hwfn,
spin_lock_bh(&p_hwfn->mcp_info->cmd_lock);
- if (p_cmd_elem->b_is_completed)
+ if (p_cmd_elem->b_is_completed) {
+ spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock);
break;
+ }
rc = qed_mcp_update_pending_cmd(p_hwfn, p_ptt);
- if (!rc)
+ if (!rc) {
+ spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock);
break;
- else if (rc != -EAGAIN)
+ } else if (rc != -EAGAIN) {
goto err;
+ }
spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock);
} while (++cnt < max_retries);
@@ -576,6 +586,7 @@ _qed_mcp_cmd_and_union(struct qed_hwfn *p_hwfn,
return -EAGAIN;
}
+ spin_lock_bh(&p_hwfn->mcp_info->cmd_lock);
qed_mcp_cmd_del_elem(p_hwfn, p_cmd_elem);
spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock);
--
2.30.2
next prev parent reply other threads:[~2021-08-06 8:21 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-06 8:16 [PATCH 5.4 00/23] 5.4.139-rc1 review Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 01/23] btrfs: delete duplicated words + other fixes in comments Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 02/23] btrfs: do not commit logs and transactions during link and rename operations Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 03/23] btrfs: fix race causing unnecessary inode logging during link and rename Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 04/23] btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 05/23] regulator: rt5033: Fix n_voltages settings for BUCK and LDO Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 06/23] spi: stm32h7: fix full duplex irq handler handling Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 07/23] ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 08/23] r8152: Fix potential PM refcount imbalance Greg Kroah-Hartman
2021-08-06 8:16 ` Greg Kroah-Hartman [this message]
2021-08-06 8:16 ` [PATCH 5.4 10/23] net: Fix zero-copy head len calculation Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 11/23] nvme: fix nvme_setup_command metadata trace event Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 12/23] ACPI: fix NULL pointer dereference Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 13/23] Revert "spi: mediatek: fix fifo rx mode" Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 14/23] Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled" Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 15/23] firmware: arm_scmi: Ensure drivers provide a probe function Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 16/23] firmware: arm_scmi: Add delayed response status check Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 17/23] Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 18/23] bpf: Inherit expanded/patched seen count from old aux data Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 19/23] bpf: Do not mark insn as seen under speculative path verification Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 20/23] bpf: Fix leakage under speculation on mispredicted branches Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 21/23] bpf: Test_verifier, add alu32 bounds tracking tests Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 22/23] bpf, selftests: Add a verifier test for assigning 32bit reg states to 64bit ones Greg Kroah-Hartman
2021-08-06 8:16 ` [PATCH 5.4 23/23] bpf, selftests: Adjust few selftest outcomes wrt unreachable code Greg Kroah-Hartman
2021-08-06 14:33 ` [PATCH 5.4 00/23] 5.4.139-rc1 review Jon Hunter
2021-08-06 18:58 ` Guenter Roeck
2021-08-07 10:41 ` Sudip Mukherjee
2021-08-07 18:40 ` Naresh Kamboju
2021-08-08 3:27 ` Aakash Hemadri
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210806081112.445135981@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=Lijian.Zhang@arm.com \
--cc=davem@davemloft.net \
--cc=justin.he@arm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.