From: Douglas Gilbert <dougg@torque.net>
To: tonyb@cybernetics.com
Cc: linux-scsi@vger.kernel.org
Subject: Re: [PATCH] 2.4.21 fix race condition in sg.c
Date: Fri, 27 Jun 2003 08:15:22 +1000 [thread overview]
Message-ID: <3EFB707A.2060604@torque.net> (raw)
In-Reply-To: <002801c33bf6$24672940$e0019d89@cybernetics.com>
Tony Battersby wrote:
> The function sg_cmd_done_bh() sets srp->done = 1 before setting other fields
> to be returned to userspace (such as srp->header.resid). This is a race
> condition since other code assumes that done == 1 means that all fields to
> be returned to userspace (via read()) have already been set. I am seeing
> this race condition manifest in a program that uses poll() to wait for any
> one of several outstanding commands to complete. The symptom is that every
> once in a while the resid value returned for the command is 0 rather than
> the correct value, since poll() showed that the command was complete and
> read() returned the completion status for it before sg_cmd_done_bh() had
> gotten to the line "srp->header.resid = SCpnt->resid".
>
> This patch against 2.4.21 fixes the problem.
>
> --- drivers/scsi/sg.c.orig Fri Jun 13 10:51:36 2003
> +++ drivers/scsi/sg.c Thu Jun 26 11:07:28 2003
> @@ -1241,7 +1241,6 @@
> SRpnt->sr_request.rq_dev = MKDEV(0, 0); /* "sg" _disowns_ request blk
> */
>
> srp->my_cmdp = NULL;
> - srp->done = 1;
> read_unlock(&sg_dev_arr_lock);
>
> SCSI_LOG_TIMEOUT(4, printk("sg...bh: dev=%d, pack_id=%d, res=0x%x\n",
> @@ -1274,6 +1273,8 @@
> }
> /* Rely on write phase to clean out srp status values, so no "else" */
>
> + srp->done = 1;
> +
> scsi_release_request(SRpnt);
> SRpnt = NULL;
> if (sfp->closed) { /* whoops this fd already released, cleanup */
>
> ---------------
Tony,
Yes, that is a problem and the same fix is needed in
the lk 2.5 series. Could you forward this match onto
Marcelo and Alan for inclusion.
Doug Gilbert
next prev parent reply other threads:[~2003-06-26 22:01 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-26 15:18 [PATCH] 2.4.21 fix race condition in sg.c Tony Battersby
2003-06-26 22:15 ` Douglas Gilbert [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-06-27 13:52 Tony Battersby
2003-06-27 14:10 ` James Bottomley
2003-06-27 14:31 ` Alan Cox
2003-06-27 14:47 ` James Bottomley
2003-06-27 14:57 ` Tony Battersby
2003-06-27 15:00 ` Jeff Garzik
2003-06-27 15:11 ` James Bottomley
2003-06-27 15:38 ` Tony Battersby
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3EFB707A.2060604@torque.net \
--to=dougg@torque.net \
--cc=linux-scsi@vger.kernel.org \
--cc=tonyb@cybernetics.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox