Re: [PATCH] qla2xxx: Fix dpc_thread race on the module unload

public inbox for linux-scsi@vger.kernel.org
 help / color / mirror / Atom feed

From: Vladislav Bolkhovitin <vst@vlnb.net>
To: Andrew Vasquez <andrew.vasquez@qlogic.com>
Cc: linux-driver@qlogic.com, linux-scsi@vger.kernel.org,
	scst-devel@lists.sourceforge.net
Subject: Re: [PATCH] qla2xxx: Fix dpc_thread race on the module unload
Date: Tue, 29 Jul 2008 13:32:25 +0400	[thread overview]
Message-ID: <488EE3A9.8030207@vlnb.net> (raw)
In-Reply-To: <20080728180745.GE12762@plap4-2.qlogic.org>

Andrew Vasquez wrote:
> On Mon, 28 Jul 2008, Vladislav Bolkhovitin wrote:
> 
>> This patch fixes race on dpc_thread field of struct scsi_qla_host,
>> which can lead to crash on the module unload.
>>
>> This patch is against 2.6.26
>>
>> Signed-off-by: Vladislav Bolkhovitin <vst@vlnb.net>
>>
>>  qla_def.h |    1 +
>>  qla_mbx.c |    2 +-
>>  qla_os.c  |   36 ++++++++++++++++++++++++++----------
>>  3 files changed, 28 insertions(+), 11 deletions(-)
>>
>> diff -upr linux-2.6.26/drivers/scsi/qla2xxx/qla_def.h linux-2.6.26/drivers/scsi/qla2xxx/qla_def.h
>> --- linux-2.6.26/drivers/scsi/qla2xxx/qla_def.h	2008-07-14 01:51:29.000000000 +0400
>> +++ linux-2.6.26/drivers/scsi/qla2xxx/qla_def.h	2008-07-24 10:07:39.000000000 +0400
>> @@ -2425,6 +2436,7 @@ typedef struct scsi_qla_host {
>>  	void			*sfp_data;
>>  	dma_addr_t		sfp_data_dma;
>>  
>> +	spinlock_t		dpc_lock;
> 
> As James mentioned in another email, there's something else going on
> with qla2xxx shutdown process which should be addressed...
> 
>>  	struct task_struct	*dpc_thread;
>>  	uint8_t dpc_active;                  /* DPC routine is active */
>>  
>> diff -upr linux-2.6.26/drivers/scsi/qla2xxx/qla_mbx.c linux-2.6.26/drivers/scsi/qla2xxx/qla_mbx.c
>> --- linux-2.6.26/drivers/scsi/qla2xxx/qla_mbx.c	2008-07-14 01:51:29.000000000 +0400
>> +++ linux-2.6.26/drivers/scsi/qla2xxx/qla_mbx.c	2008-07-23 19:27:20.000000000 +0400
>> @@ -2683,7 +2687,7 @@ qla24xx_report_id_acquisition(scsi_qla_h
>>  		set_bit(VP_IDX_ACQUIRED, &vha->vp_flags);
>>  		set_bit(VP_DPC_NEEDED, &ha->dpc_flags);
>>  
>> -		wake_up_process(ha->dpc_thread);
>> +		qla2xxx_wake_dpc(ha);
> 
> Ok, your change looks correct here...  This is defintely the correct
> way the qla24xx_report_id_acquisition() routine should be triggering
> the DPC thread.
> 
> I'm guessing the backtrace in "Gal Rosen's" report pointed to
> qla24xx_report_id_acquisition()?  If, so, I'm not entirely sure we
> need anything more to 'protect' tear-down...

Nope, taking only one that hunk from this patch isn't sufficient. Around 
dpc_thread there is pretty simple and classical race. You can't do

if (x != NULL)
	y = *x;

without any protection, if x can be set to NULL by another thread. It 
can happen exactly between "if" and "*x" and hence lead to a crash, correct?

What this patch does is adding such protection.

Vlad

next prev parent reply	other threads:[~2008-07-29  9:32 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-07-28 17:33 [PATCH] qla2xxx: Fix dpc_thread race on the module unload Vladislav Bolkhovitin
2008-07-28 17:41 ` Andrew Vasquez
2008-07-28 17:49   ` Vladislav Bolkhovitin
2008-07-28 17:56 ` James Bottomley
2008-07-28 18:14   ` Vladislav Bolkhovitin
2008-07-29  7:30     ` Gal Rosen
2008-07-30  7:10     ` Gal Rosen
2008-07-31  6:12     ` Gal Rosen
2008-07-31  9:11       ` Vladislav Bolkhovitin
2008-07-31 16:02         ` Andrew Vasquez
2008-07-31 17:41           ` Vladislav Bolkhovitin
2008-07-31 17:55             ` Andrew Vasquez
2008-08-01 12:28               ` Vladislav Bolkhovitin
2008-07-29  4:27   ` Christoph Hellwig
2008-07-29  9:32     ` Vladislav Bolkhovitin
2008-07-28 18:07 ` Andrew Vasquez
2008-07-29  9:32   ` Vladislav Bolkhovitin [this message]
2008-07-29 14:40     ` James Bottomley
2008-07-29 15:13       ` Vladislav Bolkhovitin
2008-07-29 15:28         ` James Bottomley
2008-07-29 15:36           ` Vladislav Bolkhovitin
2008-07-30 10:30     ` Andrew Vasquez

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=488EE3A9.8030207@vlnb.net \
    --to=vst@vlnb.net \
    --cc=andrew.vasquez@qlogic.com \
    --cc=linux-driver@qlogic.com \
    --cc=linux-scsi@vger.kernel.org \
    --cc=scst-devel@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox