From: Douglas Gilbert <dgilbert@interlog.com>
To: linux-scsi@vger.kernel.org
Cc: martin.petersen@oracle.com, jejb@linux.vnet.ibm.com, hare@suse.de
Subject: [PATCH v6 34/37] sg: protect multiple receivers
Date: Mon, 13 Jan 2020 00:57:52 +0100 [thread overview]
Message-ID: <20200112235755.14197-35-dgilbert@interlog.com> (raw)
In-Reply-To: <20200112235755.14197-1-dgilbert@interlog.com>
If two threads call ioctl(SG_IORECEIVE) [or read()] on the same
file descriptor there is a potential race on the same request
response. Use atomic bit operations to make sure only one thread
gets each request response. [The other thread will either get
another request response or nothing.]
Signed-off-by: Douglas Gilbert <dgilbert@interlog.com>
---
drivers/scsi/sg.c | 18 +++++++++++++++++-
1 file changed, 17 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index 73802c7ffea5..51ed55f97bca 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -111,6 +111,7 @@ enum sg_rq_state { /* N.B. sg_rq_state_arr assumes SG_RS_AWAIT_RCV==2 */
#define SG_FRQ_DIO_IN_USE 3 /* false->indirect_IO,mmap; 1->dio */
#define SG_FRQ_NO_US_XFER 4 /* no user space transfer of data */
#define SG_FRQ_DEACT_ORPHAN 7 /* not keeping orphan so de-activate */
+#define SG_FRQ_RECEIVING 8 /* guard against multiple receivers */
#define SG_FRQ_BLK_PUT_REQ 9 /* set when blk_put_request() called */
/* Bit positions (flags) for sg_fd::ffd_bm bitmask follow */
@@ -1325,6 +1326,7 @@ sg_ctl_ioreceive(struct file *filp, struct sg_fd *sfp, void __user *p)
SG_LOG(3, sfp, "%s: non_block(+IMMED)=%d\n", __func__, non_block);
/* read in part of v3 or v4 header for pack_id or tag based find */
id = pack_id;
+try_again:
srp = sg_find_srp_by_id(sfp, id);
if (!srp) { /* nothing available so wait on packet or */
if (unlikely(SG_IS_DETACHING(sdp)))
@@ -1339,6 +1341,10 @@ sg_ctl_ioreceive(struct file *filp, struct sg_fd *sfp, void __user *p)
if (res)
return res; /* signal --> -ERESTARTSYS */
} /* now srp should be valid */
+ if (test_and_set_bit(SG_FRQ_RECEIVING, srp->frq_bm)) {
+ cpu_relax();
+ goto try_again;
+ }
return sg_receive_v4(sfp, srp, p, h4p);
}
@@ -1375,7 +1381,7 @@ sg_ctl_ioreceive_v3(struct file *filp, struct sg_fd *sfp, void __user *p)
if (test_bit(SG_FFD_FORCE_PACKID, sfp->ffd_bm))
pack_id = h3p->pack_id;
-
+try_again:
srp = sg_find_srp_by_id(sfp, pack_id);
if (!srp) { /* nothing available so wait on packet or */
if (unlikely(SG_IS_DETACHING(sdp)))
@@ -1390,6 +1396,10 @@ sg_ctl_ioreceive_v3(struct file *filp, struct sg_fd *sfp, void __user *p)
if (unlikely(res))
return res; /* signal --> -ERESTARTSYS */
} /* now srp should be valid */
+ if (test_and_set_bit(SG_FRQ_RECEIVING, srp->frq_bm)) {
+ cpu_relax();
+ goto try_again;
+ }
return sg_receive_v3(sfp, srp, p);
}
@@ -1541,6 +1551,7 @@ sg_read(struct file *filp, char __user *p, size_t count, loff_t *ppos)
want_id = h2p->pack_id;
}
}
+try_again:
srp = sg_find_srp_by_id(sfp, want_id);
if (!srp) { /* nothing available so wait on packet to arrive or */
if (unlikely(SG_IS_DETACHING(sdp)))
@@ -1556,6 +1567,10 @@ sg_read(struct file *filp, char __user *p, size_t count, loff_t *ppos)
return ret;
/* otherwise srp should be valid */
}
+ if (test_and_set_bit(SG_FRQ_RECEIVING, srp->frq_bm)) {
+ cpu_relax();
+ goto try_again;
+ }
if (srp->s_hdr3.interface_id == '\0') {
ret = sg_read_v1v2(p, (int)count, sfp, srp);
} else {
@@ -3549,6 +3564,7 @@ sg_deact_request(struct sg_fd *sfp, struct sg_request *srp)
return;
sbp = srp->sense_bp;
srp->sense_bp = NULL;
+ srp->frq_bm[0] = 0;
sg_rq_state_chg(srp, 0, SG_RS_INACTIVE, true /* force */, __func__);
/* maybe orphaned req, thus never read */
if (sbp)
--
2.24.1
next prev parent reply other threads:[~2020-01-12 23:58 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-12 23:57 [PATCH v6 00/37] sg: add v4 interface Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 01/37] sg: move functions around Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 02/37] sg: remove typedefs, type+formatting cleanup Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 03/37] sg: sg_log and is_enabled Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 04/37] sg: rework sg_poll(), minor changes Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 05/37] sg: bitops in sg_device Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 06/37] sg: make open count an atomic Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 07/37] sg: move header to uapi section Douglas Gilbert
2020-01-13 5:34 ` kbuild test robot
2020-01-14 9:16 ` Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 08/37] sg: speed sg_poll and sg_get_num_waiting Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 09/37] sg: sg_allow_if_err_recovery and renames Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 10/37] sg: improve naming Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 11/37] sg: change rwlock to spinlock Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 12/37] sg: ioctl handling Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 13/37] sg: split sg_read Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 14/37] sg: sg_common_write add structure for arguments Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 15/37] sg: rework sg_vma_fault Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 16/37] sg: rework sg_mmap Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 17/37] sg: replace sg_allow_access Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 18/37] sg: rework scatter gather handling Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 19/37] sg: introduce request state machine Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 20/37] sg: sg_find_srp_by_id Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 21/37] sg: sg_fill_request_element Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 22/37] sg: printk change %p to %pK Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 23/37] sg: xarray for fds in device Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 24/37] sg: xarray for reqs in fd Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 25/37] sg: replace rq array with lists Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 26/37] sg: sense buffer rework Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 27/37] sg: add sg v4 interface support Douglas Gilbert
2020-01-13 8:28 ` kbuild test robot
2020-01-14 10:21 ` Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 28/37] sg: rework debug info Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 29/37] sg: add 8 byte SCSI LUN to sg_scsi_id Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 30/37] sg: expand sg_comm_wr_t Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 31/37] sg: add sg_iosubmit_v3 and sg_ioreceive_v3 ioctls Douglas Gilbert
2020-01-13 0:50 ` Bart Van Assche
2020-01-13 10:39 ` Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 32/37] sg: add some __must_hold macros Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 33/37] sg: move procfs objects to avoid forward decls Douglas Gilbert
2020-01-12 23:57 ` Douglas Gilbert [this message]
2020-01-12 23:57 ` [PATCH v6 35/37] sg: first debugfs support Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 36/37] sg: warn v3 write system call users Douglas Gilbert
2020-01-12 23:57 ` [PATCH v6 37/37] sg: bump version to 4.0.08 Douglas Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200112235755.14197-35-dgilbert@interlog.com \
--to=dgilbert@interlog.com \
--cc=hare@suse.de \
--cc=jejb@linux.vnet.ibm.com \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox