Hi
When reviewing kernel for some crash, I found a very strange function
zfcp_qdio_sbal_get - it drops a spinlock, sometimes returns without the
spinlock, sometimes retakes the spinlock and returns.
The callers of zfcp_qdio_sbal_get assume that the spinlock is still held,
but on successful return from zfcp_qdio_sbal_get it is not held.
How is this supposed to work? It seems that no one ever ran this code with
lock debugging enabled.
I am sending a patch, but I can't test it.
Mikulas
---
zfcp: Fix spinlock imbalance in zfcp_qdio_sbal_get
Signed-off-by: Mikulas Patocka <mpatocka@xxxxxxxxxx>
---
drivers/s390/scsi/zfcp_qdio.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
Index: linux-2.6/drivers/s390/scsi/zfcp_qdio.c
===================================================================
--- linux-2.6.orig/drivers/s390/scsi/zfcp_qdio.c 2013-05-14 22:15:28.000000000 +0200
+++ linux-2.6/drivers/s390/scsi/zfcp_qdio.c 2013-05-14 22:15:49.000000000 +0200
@@ -250,11 +250,15 @@ int zfcp_qdio_sbal_get(struct zfcp_qdio
ret = wait_event_interruptible_timeout(qdio->req_q_wq,
zfcp_qdio_sbal_check(qdio), 5 * HZ);
- if (!(atomic_read(&qdio->adapter->status) & ZFCP_STATUS_ADAPTER_QDIOUP))
+ if (!(atomic_read(&qdio->adapter->status) & ZFCP_STATUS_ADAPTER_QDIOUP)) {
+ spin_lock_irq(&qdio->req_q_lock);
return -EIO;
+ }
- if (ret > 0)
+ if (ret > 0) {
+ spin_lock_irq(&qdio->req_q_lock);
return 0;
+ }
if (!ret) {
atomic_inc(&qdio->req_q_full);
--
To unsubscribe from this list: send the line "unsubscribe linux-s390" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
