RE: [bug report] scsi: aacraid: Added support for hotplug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Dan,

> -----Original Message-----
> From: Dan Carpenter [mailto:dan.carpenter@xxxxxxxxxx]
> Sent: Monday, February 13, 2017 11:44 PM
> To: Raghava Aditya Renukunta
> <RaghavaAditya.Renukunta@xxxxxxxxxxxxx>
> Cc: linux-scsi@xxxxxxxxxxxxxxx
> Subject: Re: [bug report] scsi: aacraid: Added support for hotplug
> 
> EXTERNAL EMAIL
> 
> 
> On Mon, Feb 13, 2017 at 07:39:15PM +0000, Raghava Aditya Renukunta
> wrote:
> > Hi Don,
> >
> > > -----Original Message-----
> > > From: Dan Carpenter [mailto:dan.carpenter@xxxxxxxxxx]
> > > Sent: Monday, February 13, 2017 10:47 AM
> > > To: Raghava Aditya Renukunta
> > > <RaghavaAditya.Renukunta@xxxxxxxxxxxxx>
> > > Cc: linux-scsi@xxxxxxxxxxxxxxx
> > > Subject: [bug report] scsi: aacraid: Added support for hotplug
> > >
> > > EXTERNAL EMAIL
> > >
> > >
> > > Hello Raghava Aditya Renukunta,
> > >
> > > The patch 6223a39fe6fb: "scsi: aacraid: Added support for hotplug"
> > > from Feb 2, 2017, leads to the following static checker warning:
> > >
> > >         drivers/scsi/aacraid/commsup.c:2243 aac_process_events()
> > >         error: double unlock 'spin_lock:t_lock'
> > >
> > > drivers/scsi/aacraid/commsup.c
> > >   2130          spin_lock_irqsave(t_lock, flags);
> > >                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >   2131
> > >   2132          while (!list_empty(&(dev->queues-
> > > >queue[HostNormCmdQueue].cmdq))) {
> > >   2133                  struct list_head *entry;
> > >   2134                  struct aac_aifcmd *aifcmd;
> > >   2135                  unsigned int  num;
> > >   2136                  struct hw_fib **hw_fib_pool, **hw_fib_p;
> > >   2137                  struct fib **fib_pool, **fib_p;
> > >   2138
> > >   2139                  set_current_state(TASK_RUNNING);
> > >   2140
> > >   2141                  entry = dev->queues-
> > > >queue[HostNormCmdQueue].cmdq.next;
> > >   2142                  list_del(entry);
> > >   2143
> > >   2144                  t_lock = dev->queues-
> >queue[HostNormCmdQueue].lock;
> > >   2145                  spin_unlock_irqrestore(t_lock, flags);
> > >                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >   2146
> > >   2147                  fib = list_entry(entry, struct fib, fiblink);
> > >   2148                  hw_fib = fib->hw_fib_va;
> > >   2149                  if (dev->sa_firmware) {
> > >   2150                          /* Thor AIF */
> > >   2151                          aac_handle_sa_aif(dev, fib);
> > >   2152                          aac_fib_adapter_complete(fib, (u16)sizeof(u32));
> > >   2153                          continue;
> > >
> > > The locking isn't right here.  We should re-take the spinlock before
> > > continuing.
> >
> > The intention here is to protect the retrieval of entry from the queues.
> > Or do you mean that we should just protect the whole while loop with one
> spin_lock (t_lock)?
> >
> 
> This is a static checker warning that says we call
> spin_unlock_irqrestore(t_lock, flags); at the end of the loop but
> sometimes we're not holding the lock.
> 
> This is a Smatch warning and it doesn't handle loops correctly.  It
> should also warn that on line 2145 we might not be holding the lock
> either but it misses that bug.
> 
> There is no way this continue is correct with regards to locking.
> 
> regards,
> dan carpenter

I agree I will fix it shortly.

Thank you.

> > Thank you,
> > Raghava Aditya
> >
> > >   2154                  }
> > >   2155                  /*
> > >   2156                   *      We will process the FIB here or pass it to a
> > >   2157                   *      worker thread that is TBD. We Really can't
> > >   2158                   *      do anything at this point since we don't have
> > >   2159                   *      anything defined for this thread to do.
> > >   2160                   */
> > >
> > >         [ snip ]
> > >
> > >   2221  free_mem:
> > >   2222                  /* Free up the remaining resources */
> > >   2223                  hw_fib_p = hw_fib_pool;
> > >   2224                  fib_p = fib_pool;
> > >   2225                  while (hw_fib_p < &hw_fib_pool[num]) {
> > >   2226                          kfree(*hw_fib_p);
> > >   2227                          kfree(*fib_p);
> > >   2228                          ++fib_p;
> > >   2229                          ++hw_fib_p;
> > >   2230                  }
> > >   2231                  kfree(fib_pool);
> > >   2232  free_hw_fib_pool:
> > >   2233                  kfree(hw_fib_pool);
> > >   2234  free_fib:
> > >   2235                  kfree(fib);
> > >   2236                  t_lock = dev->queues-
> >queue[HostNormCmdQueue].lock;
> > >   2237                  spin_lock_irqsave(t_lock, flags);
> > >   2238          }
> > >   2239          /*
> > >   2240           *      There are no more AIF's
> > >   2241           */
> > >   2242          t_lock = dev->queues->queue[HostNormCmdQueue].lock;
> > >   2243          spin_unlock_irqrestore(t_lock, flags);
> > >
> > > Otherwise it is a double unlock bug.
> > >
> > >   2244  }
> > >
> > >
> > > regards,
> > > dan carpenter




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux