From mboxrd@z Thu Jan  1 00:00:00 1970
From: vaughan <vaughan.cao@oracle.com>
Subject: Re: [PATCH v5 0/4] [SCSI] sg: fix race condition in sg_open
Date: Mon, 05 Aug 2013 10:19:44 +0800
Message-ID: <51FF0BC0.5020702@oracle.com>
References: <1374075246-22923-1-git-send-email-vaughan.cao@oracle.com> <1374468033-8947-1-git-send-email-vaughan.cao@oracle.com> <20130722170338.GA15824@logfs.org> <51F9EB97.7070305@interlog.com> <51FC9449.4060906@interlog.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <51FC9449.4060906@interlog.com>
Sender: linux-kernel-owner@vger.kernel.org
To: dgilbert@interlog.com
Cc: =?UTF-8?B?SsO2cm4gRW5nZWw=?= <joern@logfs.org>, JBottomley@parallels.com, linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org
List-Id: linux-scsi@vger.kernel.org

On 08/03/2013 01:25 PM, Douglas Gilbert wrote:
> On 13-08-01 01:01 AM, Douglas Gilbert wrote:
>> On 13-07-22 01:03 PM, J=C3=B6rn Engel wrote:
>>> On Mon, 22 July 2013 12:40:29 +0800, Vaughan Cao wrote:
>>>>
>>>> There is a race when open sg with O_EXCL flag. Also a race may
>>>> happen between
>>>> sg_open and sg_remove.
>>>>
>>>> Changes from v4:
>>>>   * [3/4] use ERR_PTR series instead of adding another parameter i=
n
>>>> sg_add_sfp
>>>>   * [4/4] fix conflict for cherry-pick from v3.
>>>>
>>>> Changes from v3:
>>>>   * release o_sem in sg_release(), not in sg_remove_sfp().
>>>>   * not set exclude with sfd_lock held.
>>>>
>>>> Vaughan Cao (4):
>>>>    [SCSI] sg: use rwsem to solve race during exclusive open
>>>>    [SCSI] sg: no need sg_open_exclusive_lock
>>>>    [SCSI] sg: checking sdp->detached isn't protected when open
>>>>    [SCSI] sg: push file descriptor list locking down to per-device
>>>>      locking
>>>>
>>>>   drivers/scsi/sg.c | 178
>>>> +++++++++++++++++++++++++-----------------------------
>>>>   1 file changed, 83 insertions(+), 95 deletions(-)
>>>
>>> Patchset looks good to me, although I didn't test it on hardware ye=
t.
>>> Signed-off-by: Joern Engel <joern@logfs.org>
>>>
>>> James, care to pick this up?
>>
>> Acked-by: Douglas Gilbert <dgilbert@interlog.com>
>>
>> Tested O_EXCL with multiple processes and threads; passed.
>> sg driver prior to this patch had "leaky" O_EXCL logic
>> according to the same test. Block device passed.
>>
>> James, could you clean this up:
>>    drivers/scsi/sg.c:242:6: warning: unused variable =E2=80=98res=E2=
=80=99
>> [-Wunused-variable]
>
> Further testing suggests this patch on the sg driver is
> broken, so I'll rescind my ack.
>
> The case it is broken for is when a device is opened
> without O_EXCL. Now if, while it is open, a second
> thread/process tries to open the same device O_EXCL
> then IMO the second open should fail with EBUSY.
>
> My testing shows that O_EXCL opens properly deflect
> other O_EXCL opens.
Hi  Doug,

My test don't have this issue. The routine is something as below:

I start three opens without O_EXCL, wait 30s each, and open with
O_EXCL|O_NONBLOCK, it failed with EBUSY.
And I also call myopen with/without O_EXCL many times in background at
the same time, and the test is passed. I don't know why it failed in
your test.

Usage: myopen [-e][-n][-d delay] -f file
      -e: exclude
      -n: nonblock
      -d: delay N seconds and then close.

[root@vacaowol5 16835013]# ./myopen  -f /dev/sg5 -d 30 &
[1] 3417
[root@vacaowol5 16835013]# ./myopen  -f /dev/sg5 -d 30 &
[2] 3418
[root@vacaowol5 16835013]# ./myopen  -f /dev/sg5 -d 30 &
[3] 3419
[root@vacaowol5 16835013]# cat /proc/scsi/sg/debug
max_active_device=3D6(origin 1)
 def_reserved_size=3D32768
 >>> device=3Dsg5 scsi5 chan=3D0 id=3D1 lun=3D0   em=3D0 sg_tablesize=3D=
55 excl=3D0
   FD(1): timeout=3D60000ms bufflen=3D32768 (res)sgat=3D1 low_dma=3D0
   cmd_q=3D0 f_packid=3D0 k_orphan=3D0 closed=3D0
     No requests active
   FD(2): timeout=3D60000ms bufflen=3D32768 (res)sgat=3D1 low_dma=3D0
   cmd_q=3D0 f_packid=3D0 k_orphan=3D0 closed=3D0
     No requests active
   FD(3): timeout=3D60000ms bufflen=3D32768 (res)sgat=3D1 low_dma=3D0
   cmd_q=3D0 f_packid=3D0 k_orphan=3D0 closed=3D0
     No requests active

[root@vacaowol5 16835013]# ./myopen -e -n  -f /dev/sg5 -d 30 &
[4] 3422
[3422:3351] /dev/sg5:exclude: Device or resource busy

[4]+  Exit 1                  ./myopen -e -n -f /dev/sg5 -d 30

[root@vacaowol5 16835013]# cat /proc/scsi/sg/debug
max_active_device=3D6(origin 1)
 def_reserved_size=3D32768
 >>> device=3Dsg5 scsi5 chan=3D0 id=3D1 lun=3D0   em=3D0 sg_tablesize=3D=
55 excl=3D0
   FD(1): timeout=3D60000ms bufflen=3D32768 (res)sgat=3D1 low_dma=3D0
   cmd_q=3D0 f_packid=3D0 k_orphan=3D0 closed=3D0
     No requests active
   FD(2): timeout=3D60000ms bufflen=3D32768 (res)sgat=3D1 low_dma=3D0
   cmd_q=3D0 f_packid=3D0 k_orphan=3D0 closed=3D0
     No requests active
   FD(3): timeout=3D60000ms bufflen=3D32768 (res)sgat=3D1 low_dma=3D0
   cmd_q=3D0 f_packid=3D0 k_orphan=3D0 closed=3D0
     No requests active
[root@vacaowol5 16835013]# cat /proc/scsi/sg/debug
[1]   Done                    ./myopen -f /dev/sg5 -d 30
[2]-  Done                    ./myopen -f /dev/sg5 -d 30
[3]+  Done                    ./myopen -f /dev/sg5 -d 30


>
> BTW the standard block driver (e.g. /dev/sdc) is broken
> in exactly the same way, according to my tests.
>
> Doug Gilbert
>
>