Re: [PATCH 2/4] scsi: ufs: Fix handling of lrbp->cmd

Bean Huo <huobean@xxxxxxxxx> · Wed, 26 Apr 2023 14:48:07 +0200

On Tue, 2023-04-25 at 16:29 -0700, Bart Van Assche wrote:
> ufshcd_queuecommand() may be called two times in a row for a SCSI
> command before it is completed. Hence make the following changes:
> - In the functions that submit a command, do not check the old value
> of
>   lrbp->cmd nor clear lrbp->cmd in error paths.
> - In ufshcd_release_scsi_cmd(), do not clear lrbp->cmd.
> 
> See also scsi_send_eh_cmnd().
> 
> This patch prevents that the following appears if a command times
> out:
> 

Bart, 

lrbp->cmd will always be non-NULL after this slot in the queue has been
used once?

> WARNING: at drivers/ufs/core/ufshcd.c:2965
> ufshcd_queuecommand+0x6f8/0x9a8
> Call trace:
>  ufshcd_queuecommand+0x6f8/0x9a8
>  scsi_send_eh_cmnd+0x2c0/0x960
>  scsi_eh_test_devices+0x100/0x314
>  scsi_eh_ready_devs+0xd90/0x114c
>  scsi_error_handler+0x2b4/0xb70
>  kthread+0x16c/0x1e0
> 
> Fixes: 5a0b0cb9bee7 ("[SCSI] ufs: Add support for sending NOP OUT
> UPIU")
> Signed-off-by: Bart Van Assche <bvanassche@xxxxxxx>
> ---
>  drivers/ufs/core/ufshcd.c | 5 -----
>  1 file changed, 5 deletions(-)
> 
> diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c
> index 0e2a0656858a..c691ddf09698 100644
> --- a/drivers/ufs/core/ufshcd.c
> +++ b/drivers/ufs/core/ufshcd.c
> @@ -2952,7 +2952,6 @@ static int ufshcd_queuecommand(struct Scsi_Host
> *host, struct scsi_cmnd *cmd)
>                 (hba->clk_gating.state != CLKS_ON));
>  
>         lrbp = &hba->lrb[tag];
> -       WARN_ON(lrbp->cmd);
>         lrbp->cmd = cmd;
>         lrbp->task_tag = tag;
>         lrbp->lun = ufshcd_scsi_to_upiu_lun(cmd->device->lun);
> @@ -2968,7 +2967,6 @@ static int ufshcd_queuecommand(struct Scsi_Host
> *host, struct scsi_cmnd *cmd)
>  
>         err = ufshcd_map_sg(hba, lrbp);
>         if (err) {
> -               lrbp->cmd = NULL;
>                 ufshcd_release(hba);
>                 goto out;
>         }
> @@ -5429,7 +5427,6 @@ static void ufshcd_release_scsi_cmd(struct
> ufs_hba *hba,
>         struct scsi_cmnd *cmd = lrbp->cmd;
>  
>         scsi_dma_unmap(cmd);
> -       lrbp->cmd = NULL;       /* Mark the command as completed. */
>         ufshcd_release(hba);
>         ufshcd_clk_scaling_update_busy(hba);
>  }
> @@ -7044,7 +7041,6 @@ static int ufshcd_issue_devman_upiu_cmd(struct
> ufs_hba *hba,
>         down_read(&hba->clk_scaling_lock);
>  
>         lrbp = &hba->lrb[tag];
> -       WARN_ON(lrbp->cmd);
>         lrbp->cmd = NULL;
>         lrbp->task_tag = tag;
>         lrbp->lun = 0;
> @@ -7216,7 +7212,6 @@ int ufshcd_advanced_rpmb_req_handler(struct
> ufs_hba *hba, struct utp_upiu_req *r
>         down_read(&hba->clk_scaling_lock);
>  
>         lrbp = &hba->lrb[tag];
> -       WARN_ON(lrbp->cmd);
>         lrbp->cmd = NULL;
>         lrbp->task_tag = tag;
>         lrbp->lun = UFS_UPIU_RPMB_WLUN;