[PATCH v4 1/2] scsi: fix race between simultaneous decrements of ->host

linux-ide.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v4 1/2] scsi: fix race between simultaneous decrements of ->host_failed
@ 2016-06-07  6:53 Wei Fang
  2016-06-07  6:53 ` [PATCH v4 2/2] Documentation/scsi: update scsi_eh.txt about ->host_failed Wei Fang
  2016-06-09  3:11 ` [PATCH v4 1/2] scsi: fix race between simultaneous decrements of ->host_failed Martin K. Petersen
  0 siblings, 2 replies; 3+ messages in thread
From: Wei Fang @ 2016-06-07  6:53 UTC (permalink / raw)
  To: tj, jejb, martin.petersen, corbet
  Cc: hch, dan.j.williams, linux-ide, linux-scsi, linux-doc, Wei Fang

sas_ata_strategy_handler() adds the works of the ata error handler
to system_unbound_wq. This workqueue asynchronously runs work items,
so the ata error handler will be performed concurrently on different
CPUs. In this case, ->host_failed will be decreased simultaneously in
scsi_eh_finish_cmd() on different CPUs, and become abnormal.

It will lead to permanently inequal between ->host_failed and
 ->host_busy, and scsi error handler thread won't become running.
IO errors after that won't be handled forever.

Since all scmds must have been handled in the strategy handle, just
remove the decrement in scsi_eh_finish_cmd() and zero ->host_busy
after the strategy handle to fix this race.

This fixes the problem introduced in
commit 50824d6c5657 ("[SCSI] libsas: async ata-eh").

Reviewed-by: James Bottomley <jejb@linux.vnet.ibm.com>
Signed-off-by: Wei Fang <fangwei1@huawei.com>
---
Changes v1->v2:
- update Documentation/scsi/scsi_eh.txt about ->host_failed
Changes v2->v3:
- don't use atomic type, just zero ->host_failed after the strategy handle
Changes v3->v4:
- add new concurrency rules of ->host_failed in scsi_eh.txt

 drivers/ata/libata-eh.c   |    2 +-
 drivers/scsi/scsi_error.c |    4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c
index 961acc7..91a9e6a 100644
--- a/drivers/ata/libata-eh.c
+++ b/drivers/ata/libata-eh.c
@@ -606,7 +606,7 @@ void ata_scsi_error(struct Scsi_Host *host)
 	ata_scsi_port_error_handler(host, ap);
 
 	/* finish or retry handled scmd's and clean up */
-	WARN_ON(host->host_failed || !list_empty(&eh_work_q));
+	WARN_ON(!list_empty(&eh_work_q));
 
 	DPRINTK("EXIT\n");
 }
diff --git a/drivers/scsi/scsi_error.c b/drivers/scsi/scsi_error.c
index 984ddcb..1b9c049 100644
--- a/drivers/scsi/scsi_error.c
+++ b/drivers/scsi/scsi_error.c
@@ -1127,7 +1127,6 @@ static int scsi_eh_action(struct scsi_cmnd *scmd, int rtn)
  */
 void scsi_eh_finish_cmd(struct scsi_cmnd *scmd, struct list_head *done_q)
 {
-	scmd->device->host->host_failed--;
 	scmd->eh_eflags = 0;
 	list_move_tail(&scmd->eh_entry, done_q);
 }
@@ -2226,6 +2225,9 @@ int scsi_error_handler(void *data)
 		else
 			scsi_unjam_host(shost);
 
+		/* All scmds have been handled */
+		shost->host_failed = 0;
+
 		/*
 		 * Note - if the above fails completely, the action is to take
 		 * individual devices offline and flush the queue of any
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [PATCH v4 2/2] Documentation/scsi: update scsi_eh.txt about ->host_failed
  2016-06-07  6:53 [PATCH v4 1/2] scsi: fix race between simultaneous decrements of ->host_failed Wei Fang
@ 2016-06-07  6:53 ` Wei Fang
  2016-06-09  3:11 ` [PATCH v4 1/2] scsi: fix race between simultaneous decrements of ->host_failed Martin K. Petersen
  1 sibling, 0 replies; 3+ messages in thread
From: Wei Fang @ 2016-06-07  6:53 UTC (permalink / raw)
  To: tj, jejb, martin.petersen, corbet
  Cc: hch, dan.j.williams, linux-ide, linux-scsi, linux-doc, Wei Fang

Update the new concurrency rules of ->host_failed.

Signed-off-by: Wei Fang <fangwei1@huawei.com>
---
 Documentation/scsi/scsi_eh.txt |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/Documentation/scsi/scsi_eh.txt b/Documentation/scsi/scsi_eh.txt
index 8638f61..37eca00 100644
--- a/Documentation/scsi/scsi_eh.txt
+++ b/Documentation/scsi/scsi_eh.txt
@@ -263,19 +263,23 @@ scmd->allowed.
 
  3. scmd recovered
     ACTION: scsi_eh_finish_cmd() is invoked to EH-finish scmd
-	- shost->host_failed--
 	- clear scmd->eh_eflags
 	- scsi_setup_cmd_retry()
 	- move from local eh_work_q to local eh_done_q
     LOCKING: none
+    CONCURRENCY: at most one thread per separate eh_work_q to
+		 keep queue manipulation lockless
 
  4. EH completes
     ACTION: scsi_eh_flush_done_q() retries scmds or notifies upper
-	    layer of failure.
+	    layer of failure. May be called concurrently but must have
+	    a no more than one thread per separate eh_work_q to
+	    manipulate the queue locklessly
 	- scmd is removed from eh_done_q and scmd->eh_entry is cleared
 	- if retry is necessary, scmd is requeued using
           scsi_queue_insert()
 	- otherwise, scsi_finish_command() is invoked for scmd
+	- zero shost->host_failed
     LOCKING: queue or finish function performs appropriate locking
 
 
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH v4 1/2] scsi: fix race between simultaneous decrements of ->host_failed
  2016-06-07  6:53 [PATCH v4 1/2] scsi: fix race between simultaneous decrements of ->host_failed Wei Fang
  2016-06-07  6:53 ` [PATCH v4 2/2] Documentation/scsi: update scsi_eh.txt about ->host_failed Wei Fang
@ 2016-06-09  3:11 ` Martin K. Petersen
  1 sibling, 0 replies; 3+ messages in thread
From: Martin K. Petersen @ 2016-06-09  3:11 UTC (permalink / raw)
  To: Wei Fang
  Cc: tj, jejb, martin.petersen, corbet, hch, dan.j.williams, linux-ide,
	linux-scsi, linux-doc

>>>>> "Wei" == Wei Fang <fangwei1@huawei.com> writes:

Wei> sas_ata_strategy_handler() adds the works of the ata error handler
Wei> to system_unbound_wq. This workqueue asynchronously runs work
Wei> items, so the ata error handler will be performed concurrently on
Wei> different CPUs. In this case, ->host_failed will be decreased
Wei> simultaneously in scsi_eh_finish_cmd() on different CPUs, and
Wei> become abnormal.

Applied to 4.7/scsi-fixes.

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-06-09  3:11 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-07  6:53 [PATCH v4 1/2] scsi: fix race between simultaneous decrements of ->host_failed Wei Fang
2016-06-07  6:53 ` [PATCH v4 2/2] Documentation/scsi: update scsi_eh.txt about ->host_failed Wei Fang
2016-06-09  3:11 ` [PATCH v4 1/2] scsi: fix race between simultaneous decrements of ->host_failed Martin K. Petersen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).