From: Adrian Hunter <adrian.hunter@intel.com>
To: Bart Van Assche <bvanassche@acm.org>,
"Martin K . Petersen" <martin.petersen@oracle.com>
Cc: linux-scsi@vger.kernel.org, Jaegeuk Kim <jaegeuk@kernel.org>,
"James E.J. Bottomley" <jejb@linux.ibm.com>,
Bean Huo <beanhuo@micron.com>, Can Guo <cang@codeaurora.org>,
Stanley Chu <stanley.chu@mediatek.com>,
Asutosh Das <asutoshd@codeaurora.org>,
James Bottomley <James.Bottomley@HansenPartnership.com>,
Santosh Yaraganavi <santoshsy@gmail.com>,
Arnd Bergmann <arnd@arndb.de>, Vishak G <vishak.g@samsung.com>
Subject: Re: [PATCH 08/11] scsi: ufs: Improve SCSI abort handling further
Date: Fri, 12 Nov 2021 12:56:40 +0200 [thread overview]
Message-ID: <985b86c5-e45f-8d07-31e3-7eed1c7c894c@intel.com> (raw)
In-Reply-To: <aac7b8c8-7474-4317-c342-1714cc61a331@acm.org>
On 10/11/2021 20:56, Bart Van Assche wrote:
> On 11/10/21 12:57 AM, Adrian Hunter wrote:
>> On 10/11/2021 02:44, Bart Van Assche wrote:
>>> Make sure that aborted commands are completed once by clearing the
>>> corresponding tag bit from hba->outstanding_reqs. This patch is a
>>> follow-up for commit cd892096c940 ("scsi: ufs: core: Improve SCSI
>>> abort handling").
>>>
>>> Fixes: 7a3e97b0dc4b ("[SCSI] ufshcd: UFS Host controller driver")
>>> Signed-off-by: Bart Van Assche <bvanassche@acm.org>
>>> ---
>>> drivers/scsi/ufs/ufshcd.c | 9 +++++++++
>>> 1 file changed, 9 insertions(+)
>>>
>>> diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
>>> index 8f5640647054..1e15ed1f639f 100644
>>> --- a/drivers/scsi/ufs/ufshcd.c
>>> +++ b/drivers/scsi/ufs/ufshcd.c
>>> @@ -7090,6 +7090,15 @@ static int ufshcd_abort(struct scsi_cmnd *cmd)
>>> goto release;
>>> }
>>> + /*
>>> + * ufshcd_try_to_abort_task() cleared the 'tag' bit in the doorbell
>>> + * register. Clear the corresponding bit from outstanding_reqs to
>>> + * prevent early completion.
>>> + */
>>> + spin_lock_irqsave(&hba->outstanding_lock, flags);
>>> + __clear_bit(tag, &hba->outstanding_reqs);
>>> + spin_unlock_irqrestore(&hba->outstanding_lock, flags);
>>
>> Seems like something ufshcd_clear_cmd() should be doing instead?
>
> Hi Adrian,
>
> I'm concerned that would break ufshcd_eh_device_reset_handler() since that reset handler retries SCSI commands by calling __ufshcd_transfer_req_compl() after having called ufshcd_clear_cmd().
Whenever an outstanding_reqs bit transitions 1 -> 0, then
__ufshcd_transfer_req_compl() must be called.
In all cases, the correct logic must have the effect of:
spin_lock_irqsave(&hba->outstanding_lock, flags);
bit = __test_and_clear_bit(tag, &hba->outstanding_reqs);
spin_unlock_irqrestore(&hba->outstanding_lock, flags);
if (bit)
__ufshcd_transfer_req_compl(hba, 1UL << tag);
To put it another way, how else does the driver know whether or
not __ufshcd_transfer_req_compl() has been called already.
As a separate issue, in ufshcd_abort() there is:
/* If command is already aborted/completed, return FAILED. */
if (!(test_bit(tag, &hba->outstanding_reqs))) {
dev_err(hba->dev,
"%s: cmd at tag %d already completed, outstanding=0x%lx, doorbell=0x%x\n",
__func__, tag, hba->outstanding_reqs, reg);
goto release;
}
which seems wrong. FAILED should only be returned to escalate the
error handling, so if the slot has already successfully been
cleared, that is SUCCESS. scsi_times_out() has already blocked
the scsi_done() path (by setting SCMD_STATE_COMPLETE), so any use
after free must be being caused by SCSI not the ufs driver.
path
next prev parent reply other threads:[~2021-11-12 10:56 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-10 0:44 [PATCH 00/11] UFS patches for kernel v5.17 Bart Van Assche
2021-11-10 0:44 ` [PATCH 01/11] scsi: ufs: Rename a function argument Bart Van Assche
2021-11-10 1:28 ` Chanho Park
2021-11-10 9:48 ` Keoseong Park
2021-11-11 16:59 ` Alim Akhtar
2021-11-10 0:44 ` [PATCH 02/11] scsi: ufs: Remove is_rpmb_wlun() Bart Van Assche
2021-11-10 17:47 ` Asutosh Das (asd)
2021-11-11 16:52 ` Alim Akhtar
2021-11-10 0:44 ` [PATCH 03/11] scsi: ufs: Remove the sdev_rpmb member Bart Van Assche
2021-11-10 17:50 ` Asutosh Das (asd)
2021-11-11 16:47 ` Alim Akhtar
2021-11-10 0:44 ` [PATCH 04/11] scsi: ufs: Remove dead code Bart Van Assche
2021-11-11 7:06 ` Avri Altman
2021-11-15 15:58 ` Bean Huo
2021-11-15 16:01 ` Bean Huo
2021-11-10 0:44 ` [PATCH 05/11] scsi: core: Add support for reserved tags Bart Van Assche
2021-11-10 0:44 ` [PATCH 06/11] scsi: ufs: Rework ufshcd_change_queue_depth() Bart Van Assche
2021-11-11 7:22 ` Avri Altman
2021-11-15 18:27 ` Bart Van Assche
2021-11-10 0:44 ` [PATCH 07/11] scsi: ufs: Fix a deadlock in the error handler Bart Van Assche
2021-11-10 6:42 ` Christoph Hellwig
2021-11-15 18:28 ` Bart Van Assche
2021-11-11 7:33 ` Avri Altman
2021-11-15 18:29 ` Bart Van Assche
2021-11-10 0:44 ` [PATCH 08/11] scsi: ufs: Improve SCSI abort handling further Bart Van Assche
2021-11-10 8:57 ` Adrian Hunter
2021-11-10 18:56 ` Bart Van Assche
2021-11-12 10:56 ` Adrian Hunter [this message]
2021-11-15 23:09 ` Bart Van Assche
2021-11-16 9:03 ` Adrian Hunter
2021-11-16 16:07 ` Bart Van Assche
2021-11-11 9:17 ` Peter Wang
2021-11-16 9:07 ` Peter Wang
2021-11-16 16:08 ` Bart Van Assche
2021-11-16 20:16 ` Adrian Hunter
2021-11-16 21:53 ` Bart Van Assche
2021-11-17 7:37 ` Adrian Hunter
2021-11-10 0:44 ` [PATCH 09/11] scsi: ufs: Fix a kernel crash during shutdown Bart Van Assche
2021-11-11 7:48 ` Avri Altman
2021-11-15 18:45 ` Bart Van Assche
2021-11-10 0:44 ` [PATCH 10/11] scsi: ufs: Optimize the command queueing code Bart Van Assche
2021-11-10 8:04 ` Adrian Hunter
2021-11-10 18:57 ` Bart Van Assche
2021-11-11 7:51 ` Avri Altman
2021-11-12 23:40 ` Asutosh Das (asd)
2021-11-10 0:44 ` [PATCH 11/11] scsi: ufs: Implement polling support Bart Van Assche
2021-11-10 1:36 ` Douglas Gilbert
2021-11-19 19:39 ` Bart Van Assche
2021-11-11 8:11 ` Avri Altman
2021-11-19 19:01 ` Bart Van Assche
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=985b86c5-e45f-8d07-31e3-7eed1c7c894c@intel.com \
--to=adrian.hunter@intel.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=arnd@arndb.de \
--cc=asutoshd@codeaurora.org \
--cc=beanhuo@micron.com \
--cc=bvanassche@acm.org \
--cc=cang@codeaurora.org \
--cc=jaegeuk@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=santoshsy@gmail.com \
--cc=stanley.chu@mediatek.com \
--cc=vishak.g@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox