On Thu, 2017-08-31 at 08:20 +0200, gregkh@xxxxxxxxxxxxxxxxxxx wrote: [...] > > Subject: scsi: sg: reset 'res_in_use' after unlinking reserved array > > From: Hannes Reinecke <hare@xxxxxxx> > > commit e791ce27c3f6a1d3c746fd6a8f8e36c9540ec6f9 upstream. > > Once the reserved page array is unused we can reset the 'res_in_use' > state; here we can do a lazy update without holding the mutex as we only > need to check against concurrent access, not concurrent release. [...] This description makes no sense. A simple write to a variable cannot be used to synchronise anything as it can be reordered with other memory operations, including those that write to the buffer you're trying to protect. This write needs to be combined with a release barrier or preceded by an smp_wmb(). Every read of res_in_use needs to be combined with an acquire barrier or followed by an smp_rmb(). Ben. > --- a/drivers/scsi/sg.c > +++ b/drivers/scsi/sg.c > @@ -2052,6 +2052,8 @@ sg_unlink_reserve(Sg_fd * sfp, Sg_reques > req_schp->sglist_len = 0; > sfp->save_scat_len = 0; > srp->res_used = 0; > + /* Called without mutex lock to avoid deadlock */ > + sfp->res_in_use = 0; > } > > static Sg_request * -- Ben Hutchings Software Developer, Codethink Ltd.