| Message ID | 1600286999-22059-1-git-send-email-brking@linux.vnet.ibm.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | ibmvfc: Protect vhost->task_set increment by the host lock | expand |
| Context | Check | Description |
|---|---|---|
| snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch powerpc/merge (27e2fbcd815a088d7d83c7158f76b6e95ab07c50) |
| snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch powerpc/next (b5c8a2934eecbba3d688a911b98e92f8670ff462) |
| snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch linus/master (5925fa68fe8244651b3f78a88c4af99190a88f0d) |
| snowpatch_ozlabs/apply_patch | warning | Failed to apply on branch powerpc/fixes (0460534b532e5518c657c7d6492b9337d975eaa3) |
| snowpatch_ozlabs/apply_patch | success | Successfully applied on branch linux-next (5fa35f247b563a7893f3f68f19d00ace2ccf3dff) |
| snowpatch_ozlabs/build-ppc64le | warning | Upstream build failed, couldn't test patch |
| snowpatch_ozlabs/build-ppc64be | warning | Upstream build failed, couldn't test patch |
| snowpatch_ozlabs/build-ppc64e | warning | Upstream build failed, couldn't test patch |
| snowpatch_ozlabs/build-pmac32 | warning | Upstream build failed, couldn't test patch |
| snowpatch_ozlabs/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 12 lines checked |
| snowpatch_ozlabs/needsstable | success | Patch has no Fixes tags |
Brian, > In the discovery thread, ibmvfc does a vhost->task_set++ without any > lock held. This could result in two targets getting the same cancel > key, which could have strange effects in error recovery. The actual > probability of this occurring should be extremely small, since this > should all be done in a single threaded loop from the discovery > thread, but let's fix it up anyway to be safe. Applied to 5.10/scsi-staging, thanks!
On Wed, 16 Sep 2020 15:09:59 -0500, Brian King wrote: > In the discovery thread, ibmvfc does a vhost->task_set++ without > any lock held. This could result in two targets getting the same > cancel key, which could have strange effects in error recovery. > The actual probability of this occurring should be extremely > small, since this should all be done in a single threaded loop > from the discovery thread, but let's fix it up anyway to be safe. Applied to 5.10/scsi-queue, thanks! [1/1] scsi: ibmvfc: Protect vhost->task_set increment by the host lock https://git.kernel.org/mkp/scsi/c/2584e5aef87a
diff --git a/drivers/scsi/ibmvscsi/ibmvfc.c b/drivers/scsi/ibmvscsi/ibmvfc.c index 322bb30..b393587 100644 --- a/drivers/scsi/ibmvscsi/ibmvfc.c +++ b/drivers/scsi/ibmvscsi/ibmvfc.c @@ -4169,11 +4169,11 @@ static int ibmvfc_alloc_target(struct ibmvfc_host *vhost,struct ibmvfc_discover_ tgt->wwpn = wwpn; tgt->vhost = vhost; tgt->need_login = 1; - tgt->cancel_key = vhost->task_set++; timer_setup(&tgt->timer, ibmvfc_adisc_timeout, 0); kref_init(&tgt->kref); ibmvfc_init_tgt(tgt, ibmvfc_tgt_implicit_logout); spin_lock_irqsave(vhost->host->host_lock, flags); + tgt->cancel_key = vhost->task_set++; list_add_tail(&tgt->queue, &vhost->targets); unlock_out:
In the discovery thread, ibmvfc does a vhost->task_set++ without any lock held. This could result in two targets getting the same cancel key, which could have strange effects in error recovery. The actual probability of this occurring should be extremely small, since this should all be done in a single threaded loop from the discovery thread, but let's fix it up anyway to be safe. Signed-off-by: Brian King <brking@linux.vnet.ibm.com> --- drivers/scsi/ibmvscsi/ibmvfc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)