Re: [PATCH v3] scsi: ufs: core: fix racing issue during ufshcd_mcq_abort

[Bart Van Assche]

On 11/20/23 23:11, SEO HOYOUNG wrote:
> Bart said that lrbp->cmd could be changed before ufshcd_clear_cmd() was
> called, so lrbp->cmd check was moved to ufshcd_clear_cmd().
> In the case of legacy mode, spin_lock is used to protect before clear cmd,
> but spin_lock cannot be used due to mcq mode, so it is necessary to check
> the status of lrbp->cmd.

Does this mean that the race that I mentioned has not been addressed at all?
ufshcd_mcq_sq_cleanup() is called by ufshcd_clear_cmd(). No locks are held by
ufshcd_eh_device_reset_handler() when it calls ufshcd_clear_cmd(). So I think
there is still a race between the code added by this patch and the completion
interrupt.

Thanks,

Bart.

> Change-Id: Id8412190e60286d00a30820591566835cefbf47e

No Change-Ids in patches that are posted on upstream mailing lists please.

> diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c
> index 2ba8ec254dce..deb6dac724c8 100644
> --- a/drivers/ufs/core/ufs-mcq.c
> +++ b/drivers/ufs/core/ufs-mcq.c
> @@ -507,6 +507,10 @@ int ufshcd_mcq_sq_cleanup(struct ufs_hba *hba, int task_tag)
>   	if (hba->quirks & UFSHCD_QUIRK_MCQ_BROKEN_RTC)
>   		return -ETIMEDOUT;
>   
> +	if (!ufshcd_cmd_inflight(cmd) ||
> +	    test_bit(SCMD_STATE_COMPLETE, &cmd->state))
> +		return 0;
> +
>   	if (task_tag != hba->nutrs - UFSHCD_NUM_RESERVED) {
>   		if (!cmd)
>   			return -EINVAL;

Thanks,

Bart.