Re: [PATCH v3] scsi: ufs: core: fix racing issue during ufshcd_mcq_abort

From: Dan Carpenter
Date: Wed Nov 22 2023 - 04:23:22 EST

Next message: Mark Brown: "Re: [PATCH] regmap: fix regmap_noinc_write() description"
Previous message: Alexandru Elisei: "Re: [PATCH RFC v2 20/27] mm: hugepage: Handle huge page fault on access"
In reply to: Bart Van Assche: "Re: [PATCH v3] scsi: ufs: core: fix racing issue during ufshcd_mcq_abort"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi SEO,

kernel test robot noticed the following build warnings:

https://git-scm.com/docs/git-format-patch#_base_tree_information]

url: https://github.com/intel-lab-lkp/linux/commits/SEO-HOYOUNG/scsi-ufs-core-fix-racing-issue-during-ufshcd_mcq_abort/20231121-151923
base: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git for-next
patch link: https://lore.kernel.org/r/20231121071128.7743-1-hy50.seo%40samsung.com
patch subject: [PATCH v3] scsi: ufs: core: fix racing issue during ufshcd_mcq_abort
config: powerpc-randconfig-r071-20231122 (https://download.01.org/0day-ci/archive/20231122/202311220618.OnEhSic6-lkp@xxxxxxxxx/config)
compiler: powerpc-linux-gcc (GCC) 13.2.0
reproduce: (https://download.01.org/0day-ci/archive/20231122/202311220618.OnEhSic6-lkp@xxxxxxxxx/reproduce)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@xxxxxxxxx>
| Reported-by: Dan Carpenter <error27@xxxxxxxxx>
| Closes: https://lore.kernel.org/r/202311220618.OnEhSic6-lkp@xxxxxxxxx/

smatch warnings:
drivers/ufs/core/ufs-mcq.c:515 ufshcd_mcq_sq_cleanup() warn: variable dereferenced before check 'cmd' (see line 511)

vim +/cmd +515 drivers/ufs/core/ufs-mcq.c

8d7290348992f2 Bao D. Nguyen 2023-05-29 498 int ufshcd_mcq_sq_cleanup(struct ufs_hba *hba, int task_tag)
8d7290348992f2 Bao D. Nguyen 2023-05-29 499 {
8d7290348992f2 Bao D. Nguyen 2023-05-29 500 struct ufshcd_lrb *lrbp = &hba->lrb[task_tag];
8d7290348992f2 Bao D. Nguyen 2023-05-29 501 struct scsi_cmnd *cmd = lrbp->cmd;
8d7290348992f2 Bao D. Nguyen 2023-05-29 502 struct ufs_hw_queue *hwq;
8d7290348992f2 Bao D. Nguyen 2023-05-29 503 void __iomem *reg, *opr_sqd_base;
8d7290348992f2 Bao D. Nguyen 2023-05-29 504 u32 nexus, id, val;
8d7290348992f2 Bao D. Nguyen 2023-05-29 505 int err;
8d7290348992f2 Bao D. Nguyen 2023-05-29 506
aa9d5d0015a8b7 Po-Wen Kao 2023-06-12 507 if (hba->quirks & UFSHCD_QUIRK_MCQ_BROKEN_RTC)
aa9d5d0015a8b7 Po-Wen Kao 2023-06-12 508 return -ETIMEDOUT;
aa9d5d0015a8b7 Po-Wen Kao 2023-06-12 509
5363c9d813101c SEO HOYOUNG 2023-11-21 510 if (!ufshcd_cmd_inflight(cmd) ||
5363c9d813101c SEO HOYOUNG 2023-11-21 @511 test_bit(SCMD_STATE_COMPLETE, &cmd->state))
^^^^^^^^^^^
The patch adds a new unchecked dereference

5363c9d813101c SEO HOYOUNG 2023-11-21 512 return 0;
5363c9d813101c SEO HOYOUNG 2023-11-21 513
8d7290348992f2 Bao D. Nguyen 2023-05-29 514 if (task_tag != hba->nutrs - UFSHCD_NUM_RESERVED) {
8d7290348992f2 Bao D. Nguyen 2023-05-29 @515 if (!cmd)
^^^
But the old code assumed "cmd" could be NULL

8d7290348992f2 Bao D. Nguyen 2023-05-29 516 return -EINVAL;
8d7290348992f2 Bao D. Nguyen 2023-05-29 517 hwq = ufshcd_mcq_req_to_hwq(hba, scsi_cmd_to_rq(cmd));
8d7290348992f2 Bao D. Nguyen 2023-05-29 518 } else {
8d7290348992f2 Bao D. Nguyen 2023-05-29 519 hwq = hba->dev_cmd_queue;
8d7290348992f2 Bao D. Nguyen 2023-05-29 520 }

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Next message: Mark Brown: "Re: [PATCH] regmap: fix regmap_noinc_write() description"
Previous message: Alexandru Elisei: "Re: [PATCH RFC v2 20/27] mm: hugepage: Handle huge page fault on access"
In reply to: Bart Van Assche: "Re: [PATCH v3] scsi: ufs: core: fix racing issue during ufshcd_mcq_abort"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]