From: Dmitry Bogdanov <d.bogdanov@yadro.com>
To: Duoming Zhou <duoming@zju.edu.cn>
Cc: <linux-kernel@vger.kernel.org>, <martin.petersen@oracle.com>,
<kuba@kernel.org>, <davem@davemloft.net>, <andrii@kernel.org>,
<gregkh@linuxfoundation.org>, <linux-scsi@vger.kernel.org>,
<target-devel@vger.kernel.org>
Subject: Re: [PATCH] scsi: target: iscsi: cxgbit: fix sleep-in-atomic-context bug in cxgbit_abort_conn
Date: Mon, 3 Oct 2022 17:46:02 +0300 [thread overview]
Message-ID: <20221003144602.GA10901@yadro.com> (raw)
In-Reply-To: <20221002014047.23066-1-duoming@zju.edu.cn>
On Sun, Oct 02, 2022 at 09:40:47AM +0800, Duoming Zhou wrote:
>
> The function iscsit_handle_time2retain_timeout() is a timer handler that
> runs in an atomic context, but it calls "alloc_skb(0, GFP_KERNEL | ...)"
> that may sleep. As a result, the sleep-in-atomic-context bug will happen.
> The process is shown below:
>
> iscsit_handle_time2retain_timeout()
> iscsit_close_session()
> iscsit_free_connection_recovery_entries()
> iscsit_free_cmd()
> __iscsit_free_cmd()
> cxgbit_unmap_cmd()
> cxgbit_abort_conn()
> alloc_skb(0, GFP_KERNEL | ...) //may sleep
>
> This patch changes the gfp_t parameter of alloc_skb() from GFP_KERNEL to
> GFP_ATOMIC in order to mitigate the bug.
>
> Fixes: 1ae01724ae92 ("cxgbit: Abort the TCP connection in case of data out timeout")
> Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
> ---
> drivers/target/iscsi/cxgbit/cxgbit_cm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/target/iscsi/cxgbit/cxgbit_cm.c b/drivers/target/iscsi/cxgbit/cxgbit_cm.c
> index 3336d2b78bf..eb3da6d2c62 100644
> --- a/drivers/target/iscsi/cxgbit/cxgbit_cm.c
> +++ b/drivers/target/iscsi/cxgbit/cxgbit_cm.c
> @@ -697,7 +697,7 @@ __cxgbit_abort_conn(struct cxgbit_sock *csk, struct sk_buff *skb)
>
> void cxgbit_abort_conn(struct cxgbit_sock *csk)
> {
> - struct sk_buff *skb = alloc_skb(0, GFP_KERNEL | __GFP_NOFAIL);
> + struct sk_buff *skb = alloc_skb(0, GFP_ATOMIC | __GFP_NOFAIL);
>
> cxgbit_get_csk(csk);
> cxgbit_init_wr_wait(&csk->com.wr_wait);
> --
> 2.17.1
>
The last line in cxgbit_abort_conn is cxgbit_wait_for_reply() which
also should not be called in interrupt context.
Anyway this issue is not due to cxgbit, it is common for iSCSI itself:
iscsit_close_session()
iscsit_free_connection_recovery_entries()
iscsit_free_cmd()
transport_generic_free_cmd()
target_wait_free_cmd()
wait_for_completion_timeout()
IMHO, there is no reason to call iscsit_close_session in an atomic context.
I have two patches relaited Time2Retain timer. I will share them today.
BR,
Dmitry
next prev parent reply other threads:[~2022-10-03 14:46 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-02 1:40 [PATCH] scsi: target: iscsi: cxgbit: fix sleep-in-atomic-context bug in cxgbit_abort_conn Duoming Zhou
2022-10-03 14:46 ` Dmitry Bogdanov [this message]
2022-10-03 14:56 ` duoming
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221003144602.GA10901@yadro.com \
--to=d.bogdanov@yadro.com \
--cc=andrii@kernel.org \
--cc=davem@davemloft.net \
--cc=duoming@zju.edu.cn \
--cc=gregkh@linuxfoundation.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=target-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.