[PATCH] scsi: target: Fix data corruption under concurrent target configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This fixes data corruptions arising from concurrent enabling of a target
devices. When multiple enable calls are made concurrently then it is
possible for the target device to be set up twice which results in a
kernel BUG.
Introduces a per target device mutex for serializing enable requests.

Signed-off-by: Grzegorz Uriasz <gorbak25@xxxxxxxxx>
---
 drivers/target/target_core_device.c | 17 +++++++++++++----
 include/target/target_core_base.h   |  1 +
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
index 90f3f4926172..6d8fb962c780 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
@@ -742,6 +742,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)

     INIT_WORK(&dev->delayed_cmd_work, target_do_delayed_work);
     mutex_init(&dev->lun_reset_mutex);
+    mutex_init(&dev->configure_mutex);

     dev->t10_wwn.t10_dev = dev;
     /*
@@ -904,10 +905,15 @@ int target_configure_device(struct se_device *dev)
     struct se_hba *hba = dev->se_hba;
     int ret, id;

+    ret = mutex_lock_interruptible(&dev->configure_mutex);
+    if (ret)
+        return ret;
+
     if (target_dev_configured(dev)) {
         pr_err("se_dev->se_dev_ptr already set for storage"
                 " object\n");
-        return -EEXIST;
+        ret = -EEXIST;
+        goto out_release_mutex;
     }

     /*
@@ -923,7 +929,7 @@ int target_configure_device(struct se_device *dev)
     mutex_unlock(&device_mutex);
     if (id < 0) {
         ret = -ENOMEM;
-        goto out;
+        goto out_release_vpd;
     }
     dev->dev_index = id;

@@ -969,7 +975,8 @@ int target_configure_device(struct se_device *dev)

     dev->dev_flags |= DF_CONFIGURED;

-    return 0;
+    ret = 0;
+    goto out_release_mutex;

 out_destroy_device:
     dev->transport->destroy_device(dev);
@@ -977,8 +984,10 @@ int target_configure_device(struct se_device *dev)
     mutex_lock(&device_mutex);
     idr_remove(&devices_idr, dev->dev_index);
     mutex_unlock(&device_mutex);
-out:
+out_release_vpd:
     se_release_vpd_for_dev(dev);
+out_release_mutex:
+    mutex_unlock(&dev->configure_mutex);
     return ret;
 }

diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
index 5f8e96f1516f..b3f9bd641688 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
@@ -869,6 +869,7 @@ struct se_device {
     int            queue_cnt;
     struct se_device_queue    *queues;
     struct mutex        lun_reset_mutex;
+    struct mutex        configure_mutex;
 };

 struct target_opcode_descriptor {
--
2.40.0

[  710.831838] se_dev->se_dev_ptr already set for storage object
[  710.831841] se_dev->se_dev_ptr already set for storage object
[  710.831842] se_dev->se_dev_ptr already set for storage object
[  710.831848] se_dev->se_dev_ptr already set for storage object
[  710.831855] se_dev->se_dev_ptr already set for storage object
[  710.831856] se_dev->se_dev_ptr already set for storage object
[  710.831857] se_dev->se_dev_ptr already set for storage object
[  710.831858] se_dev->se_dev_ptr already set for storage object
[  710.831859] se_dev->se_dev_ptr already set for storage object
[  710.831860] se_dev->se_dev_ptr already set for storage object
[  710.831861] se_dev->se_dev_ptr already set for storage object
[  710.831862] se_dev->se_dev_ptr already set for storage object
[  710.831863] se_dev->se_dev_ptr already set for storage object
[  710.831864] se_dev->se_dev_ptr already set for storage object
[  710.831865] se_dev->se_dev_ptr already set for storage object
[  710.831866] se_dev->se_dev_ptr already set for storage object
[  710.832103] tcmu nl cmd 1/-2 completion could not find device with dev id 163.
[  710.832405] list_add double add: new=ffff8882dfd72000, prev=ffffffff82b8f5e0, next=ffff8882dfd72000.
[  710.832494] tcmu nl cmd 1/-2 completion could not find device with dev id 163.
[  710.832842] ------------[ cut here ]------------
[  710.833022] tcmu nl cmd 1/-2 completion could not find device with dev id 164.
[  710.833306] Kernel BUG at __list_add_valid.cold+0x23/0x5b [verbose debug info unavailable]
[  710.833503] tcmu nl cmd 1/-2 completion could not find device with dev id 164.
[  710.833789] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[  710.833987] tcmu nl cmd 1/0 completion could not find device with dev id 163.
[  710.834268] CPU: 1 PID: 368871 Comm: node Not tainted 6.2.0hocus #1
[  710.834484] tcmu nl cmd 1/-2 completion could not find device with dev id 164.
[  710.834758] RIP: 0010:__list_add_valid.cold+0x23/0x5b
[  710.834957] tcmu nl cmd 1/-2 completion could not find device with dev id 164.
[  710.835239] Code: ff ff e9 26 5a b2 ff 48 c7 c7 90 1d 1b 82 e8 f8 c4 fe ff 0f 0b 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 90 1e 1b 82 e8 e1 c4 fe ff <0f> 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 38 1e 1b 82 e8 ca c4 fe
[  710.835451] tcmu nl cmd 1/-2 completion could not find device with dev id 164.
[  710.835715] RSP: 0018:ffffc90001e3fd68 EFLAGS: 00010246
[  710.835974] tcmu nl cmd 1/-2 completion could not find device with dev id 164.
[  710.836669] tcmu nl cmd 1/0 completion could not find device with dev id 164.
[  710.836994] RAX: 0000000000000058 RBX: ffff8882dfd72018 RCX: 0000000000000000
[  710.837220] tcmu nl cmd 1/-2 completion could not find device with dev id 164.
[  710.837487] RDX: 0000000000000000 RSI: ffffffff8214e624 RDI: 00000000ffffffff
[  710.837786] tcmu daemon: command reply support 1.
[  710.838082] RBP: ffffc90001e3fd68 R08: 74705f7665645f65 R09: 733e2d7665645f65
[  710.842114] R10: 705f7665645f6573 R11: 3e2d7665645f6573 R12: 0000000000000000
[  710.842347] R13: ffff8882dfd72000 R14: ffff8882dfd72000 R15: ffff8882dfd72010
[  710.842581] FS:  00007fb5e4f7f6c0(0000) GS:ffff88841fc40000(0000) knlGS:0000000000000000
[  710.842847] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  710.843035] CR2: 00007fb5e4f7ed28 CR3: 000000027b2ba000 CR4: 00000000003506a0
[  710.843269] Call Trace:
[  710.843361]  <TASK>
[  710.843435]  tcmu_configure_device+0x29b/0x390
[  710.843594]  target_configure_device+0x7c/0x2b0
[  710.843749]  target_dev_enable_store+0x36/0x50
[  710.843897]  configfs_write_iter+0xc5/0x130
[  710.844045]  vfs_write+0x2c3/0x3f0
[  710.844163]  ksys_write+0x66/0xf0
[  710.844275]  __x64_sys_write+0x18/0x20
[  710.844400]  do_syscall_64+0x3f/0x90
[  710.844524]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
[  710.844704] RIP: 0033:0x7fb5e848711f
[  710.844824] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 39 d5 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 8c d5 f8 ff 48
[  710.845420] RSP: 002b:00007fb5e4f7ecf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  710.845666] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb5e848711f
[  710.845897] RDX: 0000000000000001 RSI: 00007fb5e5a4e578 RDI: 000000000000001f
[  710.846135] RBP: 00007fb5e4f7ee20 R08: 0000000000000000 R09: 00000000ffffffff
[  710.846368] R10: 0000000000000000 R11: 0000000000000293 R12: 00007fb5e4f7f5c0
[  710.846599] R13: 00007fb5e5880128 R14: 0000000000000001 R15: 0000000000000400
[  710.846830]  </TASK>
[  710.846947] ---[ end trace 0000000000000000 ]---
[  710.847108] RIP: 0010:__list_add_valid.cold+0x23/0x5b
[  710.847279] Code: ff ff e9 26 5a b2 ff 48 c7 c7 90 1d 1b 82 e8 f8 c4 fe ff 0f 0b 48 89 f2 4c 89 c1 48 89 fe 48 c7 c7 90 1e 1b 82 e8 e1 c4 fe ff <0f> 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 38 1e 1b 82 e8 ca c4 fe
[  710.847895] RSP: 0018:ffffc90001e3fd68 EFLAGS: 00010246
[  710.848069] RAX: 0000000000000058 RBX: ffff8882dfd72018 RCX: 0000000000000000
[  710.848301] RDX: 0000000000000000 RSI: ffffffff8214e624 RDI: 00000000ffffffff
[  710.848534] RBP: ffffc90001e3fd68 R08: 74705f7665645f65 R09: 733e2d7665645f65
[  710.848766] R10: 705f7665645f6573 R11: 3e2d7665645f6573 R12: 0000000000000000
[  710.848998] R13: ffff8882dfd72000 R14: ffff8882dfd72000 R15: ffff8882dfd72010
[  710.849230] FS:  00007fb5e4f7f6c0(0000) GS:ffff88841fc40000(0000) knlGS:0000000000000000
[  710.849498] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  710.849686] CR2: 00007fb5e4f7ed28 CR3: 000000027b2ba000 CR4: 00000000003506a0


[Index of Archives]     [Linux SCSI]     [Kernel Newbies]     [Linux SCSI Target Infrastructure]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Device Mapper]

  Powered by Linux