From patchwork Wed Nov 28 14:47:43 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 152302 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp1178638ljp; Wed, 28 Nov 2018 06:47:56 -0800 (PST) X-Google-Smtp-Source: AJdET5dB87ivGhZrK4hg8u/43vucz8U79d7FGIOW/4Qt72cI55mkcqw+tzIM7KLvE7763RoYvdGb X-Received: by 2002:a62:5793:: with SMTP id i19mr38063746pfj.49.1543416475869; Wed, 28 Nov 2018 06:47:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543416475; cv=none; d=google.com; s=arc-20160816; b=q/J+GzPWW4f9y5jgW5BkiM0AjLuRpAe3Fq2XVdwaGKoGEviWlWbj/F8QOukazBi8JX M5SvuRLZN+GEeGW0pApCNeSVf+Fck1ePvk+NC5gTTBwHh0ZxHQu4QBwDLTeBoenWMV/B mNKCQ/M//9tfoQcrZZYAoZ6TguWU12on3CMFMXFC/hKx+nSLE89QaJejtNrVCTlSr6w9 YPlmsDUW3yv3auq85WmIYo1BQybcnEbPXAf06Fbr0veuivcjKtw8nunvIR1CI5DMlK+p IGvt4MvDjrW8If+rSx+i9nXRFgf8VHQvq9iF35j8fyp5EiwE50bD7+cz4flvKGDbz9ND D+Dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=ib1Nmyqy8Jha56jVRFJjrt2Cum5nfJrkxYUj2wvKm48=; b=XrasmdvQ+OofDHy6Ey26FALZlOeGQM8ywnJrhs/yDyGo7EBAcH7Y/SE00eRNbcssBP MwGJBKOyrwKzTo4sUySoyLHZVjTm4RPcx/2a3gFuPQvEFCQuyLGuOLf3boeI0bTkMd/u M7XxYPIsYQ0XIe1oytOj4wA03RxsyAJTd201U8XLUq0KTc72qWBWc2BjWIfIgLWZGa+2 3h+O8yg+690690lZ1B4aHvtcONBuhTH705ZMb5rrS2kztom7jdd+NbS2Ga+Nic0lbLtF drpD2rjJHwXnSGoqR10gaIPhcJPu7xgNgbmEdFYwA/l/mDl+bWbMK6AxmZX2HGRmua8E b7BA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=b6tQYIG9; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p64si7857277pfa.94.2018.11.28.06.47.55; Wed, 28 Nov 2018 06:47:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=b6tQYIG9; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728163AbeK2Btt (ORCPT + 15 others); Wed, 28 Nov 2018 20:49:49 -0500 Received: from mail-pf1-f194.google.com ([209.85.210.194]:40253 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727872AbeK2Btt (ORCPT ); Wed, 28 Nov 2018 20:49:49 -0500 Received: by mail-pf1-f194.google.com with SMTP id i12so10265251pfo.7 for ; Wed, 28 Nov 2018 06:47:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ib1Nmyqy8Jha56jVRFJjrt2Cum5nfJrkxYUj2wvKm48=; b=b6tQYIG9rXTS8aBIIKyyzhfsGdKRKQMC04HJ8+3sTKId652EEjV6iUK7GYxInUljPT 6oncV5qGJlZxpX8rmh3zBBMdwztOqjkaFnTV+b4SKgwdqnEpgSI0KOA81E869kkRUjHI cCcqdDg2i3IievtdYKHTRjiLs2cpqOb2NpFEA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ib1Nmyqy8Jha56jVRFJjrt2Cum5nfJrkxYUj2wvKm48=; b=ETvqOP9sHKJWaRR9g3jBC1ANJnDwmtre3ihPtkkmq7GMoOtWaDP0SDKaiCdpGLNPhz FA0kozNef7ALD55eLR/H9ekDndqaSVcvE/4ljx22wzbYYBq0j5hk6AW0I3nYoY898Qfu GFyfE1aTVIvPuiupjCC2s62t83+d6/9VilHsiZrkHL0JejFmRnwvhUXquLe2ApkF0n4z giK4X2Y9F4aoRcFm/cfd/1pCylUJon5AfMyY7gaFMA4CLW4IcGTguNI+Z4WxZsbh0CC0 1x+GcjaSUZT/DfTN/18ZHW1PNuER1KWzfR7W8hg/1itIJfAsSUFgti3kmcDbnYCZ6XXa ju5A== X-Gm-Message-State: AA+aEWb+XZJysSbTjTtn2tTnp+t/xbkc3oFgyqp76IkWzCOm8r6bMnYG LkAaCtSG1hiPuIwF59WcHoOy8w== X-Received: by 2002:a63:1f4e:: with SMTP id q14mr32179026pgm.88.1543416473946; Wed, 28 Nov 2018 06:47:53 -0800 (PST) Received: from localhost.localdomain ([49.207.53.6]) by smtp.gmail.com with ESMTPSA id r80sm14295109pfa.111.2018.11.28.06.47.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 28 Nov 2018 06:47:52 -0800 (PST) From: Amit Pundir To: Greg KH Cc: Stable , Johannes Thumshirn , Johannes Berg , Kalle Valo Subject: [PATCH for-3.18.y 1/5] cw1200: Don't leak memory if krealloc failes Date: Wed, 28 Nov 2018 20:17:43 +0530 Message-Id: <1543416467-2081-2-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1543416467-2081-1-git-send-email-amit.pundir@linaro.org> References: <1543416467-2081-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Johannes Thumshirn commit 9afdd6128c39f42398041bb2e017d8df0dcebcd1 upstream. The call to krealloc() in wsm_buf_reserve() directly assigns the newly returned memory to buf->begin. This is all fine except when krealloc() failes we loose the ability to free the old memory pointed to by buf->begin. If we just create a temporary variable to assign memory to and assign the memory to it we can mitigate the memory leak. Signed-off-by: Johannes Thumshirn Cc: Johannes Berg Signed-off-by: Kalle Valo [AmitP: Refactored to fix driver file path in linux-3.18.y] Signed-off-by: Amit Pundir --- drivers/net/wireless/cw1200/wsm.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) -- 2.7.4 diff --git a/drivers/net/wireless/cw1200/wsm.c b/drivers/net/wireless/cw1200/wsm.c index 9e0ca3048657..a5ac992670e8 100644 --- a/drivers/net/wireless/cw1200/wsm.c +++ b/drivers/net/wireless/cw1200/wsm.c @@ -1807,16 +1807,18 @@ static int wsm_buf_reserve(struct wsm_buf *buf, size_t extra_size) { size_t pos = buf->data - buf->begin; size_t size = pos + extra_size; + u8 *tmp; size = round_up(size, FWLOAD_BLOCK_SIZE); - buf->begin = krealloc(buf->begin, size, GFP_KERNEL | GFP_DMA); - if (buf->begin) { - buf->data = &buf->begin[pos]; - buf->end = &buf->begin[size]; - return 0; - } else { - buf->end = buf->data = buf->begin; + tmp = krealloc(buf->begin, size, GFP_KERNEL | GFP_DMA); + if (!tmp) { + wsm_buf_deinit(buf); return -ENOMEM; } + + buf->begin = tmp; + buf->data = &buf->begin[pos]; + buf->end = &buf->begin[size]; + return 0; } From patchwork Wed Nov 28 14:47:44 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 152301 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp1178678ljp; Wed, 28 Nov 2018 06:47:58 -0800 (PST) X-Google-Smtp-Source: AJdET5cCThv0KkCs7K8EqpJXs66E55hk4G47fK4qmWG8j0EO6MZ3FZQ54i+ea9btLM+dIOXK0EGt X-Received: by 2002:a63:e247:: with SMTP id y7mr31982781pgj.84.1543416478245; Wed, 28 Nov 2018 06:47:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543416478; cv=none; d=google.com; s=arc-20160816; b=wQjBD6SOabHw6ITMOqXxDLZU9gbmlLbCXZfisiiAA/PlXA1iwBSrQlclSsw179/p2K ZqXsBgW7Pil6Eycc7yWW8NUNl+Q2dXRWwwp0B2G5Sa4+PdNtUCEWkRTHHg6lrPZmMRJu p1G+FDl3AcZ5vNClfn1687QjbPFu4le2SE4Lrqh7ov6fWOfrbHLB0Z9cLQUkxlwoQ6dl vQ64DKARdnmOZlY4krzvUkIcqHoqMDPn9yS8ZzugNGvxj5/Y9Eve1LoR74/ia+GB8PLD WNrUzWnqXv73WjhGOX2wFtUUensDjDylCHz8PRSdEnXoSitBIOQMyB7C5hAVBCO/sre6 5igw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=L2Ql2glawLImkKLxM4s+Y5yxHJGenrZp2mwk5CueTRs=; b=oIkwxKkVZAaBH718HFvH4R2zU4gT2oLgLoKBy77zcMbf4L6WF3PY+Ov2iPiezMtdHd rUEwXGOUxSd3v5poXR/P3qbidjyHHFcsCmOpxV7NcHhdmFowZ90ninMKHruCbIb6WEcX pWAlK2H6MaDSo1Fehafq1uwG3Pduq7QQhOPFKK/kujsDX7bH2XPBbTeFTjuh00BPldwg tbNpVpfXi2/fu2kKgMub/+UdkAaQ0Q7zHK5g/9+x6fNexCidHElpmsCfMkzG0/81YTQJ HKObMUz7wMFCu/4t6tPnOk0SoVWhi8qOUNZfxO/4b2mNJgnDy88A42tTPqw+jVjU1Dbd wiuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=UXAZAkzj; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p64si7857277pfa.94.2018.11.28.06.47.58; Wed, 28 Nov 2018 06:47:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=UXAZAkzj; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727872AbeK2Btw (ORCPT + 15 others); Wed, 28 Nov 2018 20:49:52 -0500 Received: from mail-pl1-f194.google.com ([209.85.214.194]:42906 "EHLO mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727726AbeK2Btv (ORCPT ); Wed, 28 Nov 2018 20:49:51 -0500 Received: by mail-pl1-f194.google.com with SMTP id x21-v6so17470728pln.9 for ; Wed, 28 Nov 2018 06:47:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=L2Ql2glawLImkKLxM4s+Y5yxHJGenrZp2mwk5CueTRs=; b=UXAZAkzj62easljbstkEtJqTaNQ2IbY1goHkJjf4/o/2jLNfzGw/VvC7i5JBxGOGal vwZYfDVdEyQmgNdESogfp3gl56cDdmIyX3cDgsVRM8X2nNCegYe/e8P6zchsC+JlWuV5 l8C0eDjDeKiClC5jHv5E/6o0A2b0m3Xs4+IXw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=L2Ql2glawLImkKLxM4s+Y5yxHJGenrZp2mwk5CueTRs=; b=IyFWnevCvk6ff4vIPtKTT9CnFnfqBqJykOTRW2/3NLahkEnILYvwqKbg6ABLQRSc6/ inrC1P347AUfuuyUeqBtUoSuBcr3BZCAZlCCknjCvfczilDlRmI2rr+SMTmbuid6Z1wC 6KuaLY3mDiLLde07q3JMVXjeCDuLYsYOSPe8MA2O50yENwRIS5M0b077dMhsolieXYPG yys9NSzesb08P90nhADO6Kn1aj9XEgHlZkcGCRawXgNcmfJQUa6h5VyiTjnoIybG3ysy vZs8RyeJTulaMiu9BoEyIZAdRcHDbTHLN2xmUq2O97qskZHEGlwTp3uFdnaupXLIoeEX Zdog== X-Gm-Message-State: AA+aEWbz6Q7XeBWach9RZVt/GULzUDU+mQ1uqolhKVEzZ0IkdZdmRSA4 EtKcMktUNJIVGAnJEJox+ruA0Q== X-Received: by 2002:a17:902:6502:: with SMTP id b2mr36682533plk.44.1543416476751; Wed, 28 Nov 2018 06:47:56 -0800 (PST) Received: from localhost.localdomain ([49.207.53.6]) by smtp.gmail.com with ESMTPSA id r80sm14295109pfa.111.2018.11.28.06.47.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 28 Nov 2018 06:47:55 -0800 (PST) From: Amit Pundir To: Greg KH Cc: Stable , Yaniv Gardi , Subhash Jadavani , "Martin K . Petersen" Subject: [PATCH for-3.18.y 2/5] scsi: ufs: fix bugs related to null pointer access and array size Date: Wed, 28 Nov 2018 20:17:44 +0530 Message-Id: <1543416467-2081-3-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1543416467-2081-1-git-send-email-amit.pundir@linaro.org> References: <1543416467-2081-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Yaniv Gardi commit e3ce73d69aff44421d7899b235fec5ac2c306ff4 upstream. In this change there are a few fixes of possible NULL pointer access and possible access to index that exceeds array boundaries. Signed-off-by: Yaniv Gardi Signed-off-by: Subhash Jadavani Signed-off-by: Martin K. Petersen [AmitP: Rebased for linux-3.18.y] Signed-off-by: Amit Pundir --- drivers/scsi/ufs/ufs.h | 3 ++- drivers/scsi/ufs/ufshcd.c | 25 +++++++++++++++++++------ 2 files changed, 21 insertions(+), 7 deletions(-) -- 2.7.4 diff --git a/drivers/scsi/ufs/ufs.h b/drivers/scsi/ufs/ufs.h index 42c459a9d3fe..ce5234555cc9 100644 --- a/drivers/scsi/ufs/ufs.h +++ b/drivers/scsi/ufs/ufs.h @@ -45,6 +45,7 @@ #define QUERY_DESC_MIN_SIZE 2 #define QUERY_OSF_SIZE (GENERAL_UPIU_REQUEST_SIZE - \ (sizeof(struct utp_upiu_header))) +#define RESPONSE_UPIU_SENSE_DATA_LENGTH 18 #define UPIU_HEADER_DWORD(byte3, byte2, byte1, byte0)\ cpu_to_be32((byte3 << 24) | (byte2 << 16) |\ @@ -383,7 +384,7 @@ struct utp_cmd_rsp { __be32 residual_transfer_count; __be32 reserved[4]; __be16 sense_data_len; - u8 sense_data[18]; + u8 sense_data[RESPONSE_UPIU_SENSE_DATA_LENGTH]; }; /** diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index 39a4e61bf8d2..3ff98821bec5 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -796,10 +796,14 @@ static inline void ufshcd_copy_sense_data(struct ufshcd_lrb *lrbp) int len; if (lrbp->sense_buffer && ufshcd_get_rsp_upiu_data_seg_len(lrbp->ucd_rsp_ptr)) { + int len_to_copy; + len = be16_to_cpu(lrbp->ucd_rsp_ptr->sr.sense_data_len); + len_to_copy = min_t(int, RESPONSE_UPIU_SENSE_DATA_LENGTH, len); + memcpy(lrbp->sense_buffer, lrbp->ucd_rsp_ptr->sr.sense_data, - min_t(int, len, SCSI_SENSE_BUFFERSIZE)); + min_t(int, len_to_copy, SCSI_SENSE_BUFFERSIZE)); } } @@ -5161,7 +5165,10 @@ EXPORT_SYMBOL(ufshcd_system_suspend); int ufshcd_system_resume(struct ufs_hba *hba) { - if (!hba || !hba->is_powered || pm_runtime_suspended(hba->dev)) + if (!hba) + return -EINVAL; + + if (!hba->is_powered || pm_runtime_suspended(hba->dev)) /* * Let the runtime resume take care of resuming * if runtime suspended. @@ -5182,7 +5189,10 @@ EXPORT_SYMBOL(ufshcd_system_resume); */ int ufshcd_runtime_suspend(struct ufs_hba *hba) { - if (!hba || !hba->is_powered) + if (!hba) + return -EINVAL; + + if (!hba->is_powered) return 0; return ufshcd_suspend(hba, UFS_RUNTIME_PM); @@ -5212,10 +5222,13 @@ EXPORT_SYMBOL(ufshcd_runtime_suspend); */ int ufshcd_runtime_resume(struct ufs_hba *hba) { - if (!hba || !hba->is_powered) + if (!hba) + return -EINVAL; + + if (!hba->is_powered) return 0; - else - return ufshcd_resume(hba, UFS_RUNTIME_PM); + + return ufshcd_resume(hba, UFS_RUNTIME_PM); } EXPORT_SYMBOL(ufshcd_runtime_resume); From patchwork Wed Nov 28 14:47:45 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 152303 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp1178736ljp; Wed, 28 Nov 2018 06:48:01 -0800 (PST) X-Google-Smtp-Source: AFSGD/VU0bgBfM+oegVSjEqdkVzrVzrmytn656J/J/7IOApxX/yrNYJsF/JpBMSBSfL4oOqk/+hJ X-Received: by 2002:a63:6984:: with SMTP id e126mr34027479pgc.143.1543416481094; Wed, 28 Nov 2018 06:48:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543416481; cv=none; d=google.com; s=arc-20160816; b=eXz9JGEw8zz4bfvpUmLjC0jWCV40TvZTvMGvd6vDdZEbGtFQY6VxVy0e4NbjHKNV2t 0wFon/0tScwnLBEdp+kNWttr3OyCy9bMlM83ZFMeS9ajfwFaRVmfksvU7P+HE0ReRnh6 PLAmtAr4LUMNa9IpoS3xq1gzdPlyQSiOvs1liCSkWqh+x9vfuiPYsHn5aJONz4rbNMj4 9++iM4MuqshlYxZqPnABXVAJB8+3nU0Z65wWxTVjrWecXtmgEk3ZvhjAeZNGtNSeRIkI UNSVCdLtIEUvjzEkpbwxxspEXQcraqxnfh9f+Ri6pqJM7COr6an6PcOinlv1wmyJjG2T fBCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=TDDGyomON/FPYi4I2pk0axstI7l2r0BwcxyPWcYBV8s=; b=rqUMWwBG6r1V9rTt60A8d05p1lbIcg6EY8Ie8bsDrJ39+tMs5HHPBLncGnkzpx4gNj rOsUu/CfxGAvDnCo/Am4FhA1MmsqdW4rk4snA8eus+CSIDlLIQ/kO4aa6o0IN66NkLgO wopB1xLFDH9u852T1POPiEyQ2LZK4kSqIuBzb5/MQx7VjnGvpJT+cVbUGPIwslz5qkQn SsnvH09ds7aApQDmjIAv6So4oI+wmblqZgAJImaE7gUNsE6KO98aQMom9KUZEyexwrI3 WEdMs1nm3XSgafyRt9qUdo98pNJRU3omNUJV8OVipJw9eSlAfmfNx7DQIKokfJfa2AGC QEHQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bkMWozUV; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p64si7857277pfa.94.2018.11.28.06.48.00; Wed, 28 Nov 2018 06:48:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=bkMWozUV; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728154AbeK2Bty (ORCPT + 15 others); Wed, 28 Nov 2018 20:49:54 -0500 Received: from mail-pg1-f196.google.com ([209.85.215.196]:33241 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727726AbeK2Bty (ORCPT ); Wed, 28 Nov 2018 20:49:54 -0500 Received: by mail-pg1-f196.google.com with SMTP id z11so9607715pgu.0 for ; Wed, 28 Nov 2018 06:47:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=TDDGyomON/FPYi4I2pk0axstI7l2r0BwcxyPWcYBV8s=; b=bkMWozUV++Sbn/lBLcVoiMKrFE8oyfrok9ZGzZBPFj+u/IlmPtqhe2s+leFBxfnIw0 U5M8VG83/SLc7X4OYzXj+AaN4c2cce5kKRI9IhOXkbFLjbE0T2hZqq/ZWSVgUpo1wjH9 vyd7tEXCv6hCBseZs9N6s5jik5SikP2UZtzs4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=TDDGyomON/FPYi4I2pk0axstI7l2r0BwcxyPWcYBV8s=; b=U7h/qtWvATVqUfYeAgqH1EcZqu2qFj5DAjOozcWz8BlzRKRraZAlGrnRklim04dx0m LDfulkCM2l4aBHPkv4R8vLAfODTSDYoqoPZQnObz0CYqtitBa1dSwb+5QAFb4wgaqnXU FTdHE73hKqfqrZlMKpDe8+pXmHWf/Ja9yj1ewPRpMDGbPf8xpA5xYu/6zysOGHaGLO3f 3/S8m/hkI17y0y9iXl7fJq0hygh9uXULy9QHURCD8B2vX1z9j5H1kLOSYVdCcRJVCYgM 46QPUzvXm8LczONMqtGUCIvrxg18lT8p1G+2DTEyXPKvL3iJw0kx3MxOMqOi422sPASX zaGA== X-Gm-Message-State: AA+aEWYbX80zIuVYKkkuTd/JvjOlSYc7whKEobD4E6aUjUgCRjIWt57M pETPx+Bi56P3TMFYzO+zQGikwg== X-Received: by 2002:a63:ac1a:: with SMTP id v26mr33970861pge.293.1543416479463; Wed, 28 Nov 2018 06:47:59 -0800 (PST) Received: from localhost.localdomain ([49.207.53.6]) by smtp.gmail.com with ESMTPSA id r80sm14295109pfa.111.2018.11.28.06.47.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 28 Nov 2018 06:47:58 -0800 (PST) From: Amit Pundir To: Greg KH Cc: Stable , Venkat Gopalakrishnan , Subhash Jadavani , "Martin K . Petersen" Subject: [PATCH for-3.18.y 3/5] scsi: ufshcd: Fix race between clk scaling and ungate work Date: Wed, 28 Nov 2018 20:17:45 +0530 Message-Id: <1543416467-2081-4-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1543416467-2081-1-git-send-email-amit.pundir@linaro.org> References: <1543416467-2081-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Venkat Gopalakrishnan commit f2a785ac23125fa0774327d39e837e45cf28fe92 upstream. The ungate work turns on the clock before it exits hibern8, if the link was put in hibern8 during clock gating work. There occurs a race condition when clock scaling work calls ufshcd_hold() to make sure low power states cannot be entered, but that returns by checking only whether the clocks are on. This causes the clock scaling work to issue UIC commands when the link is in hibern8 causing failures. Make sure we exit hibern8 state before returning from ufshcd_hold(). Callstacks for race condition: ufshcd_scale_gear ufshcd_devfreq_scale ufshcd_devfreq_target update_devfreq devfreq_monitor process_one_work worker_thread kthread ret_from_fork ufshcd_uic_hibern8_exit ufshcd_ungate_work process_one_work worker_thread kthread ret_from_fork Signed-off-by: Venkat Gopalakrishnan Signed-off-by: Subhash Jadavani Signed-off-by: Martin K. Petersen Signed-off-by: Amit Pundir --- drivers/scsi/ufs/ufshcd.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) -- 2.7.4 diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index 3ff98821bec5..7b48fb84a900 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -570,6 +570,21 @@ int ufshcd_hold(struct ufs_hba *hba, bool async) start: switch (hba->clk_gating.state) { case CLKS_ON: + /* + * Wait for the ungate work to complete if in progress. + * Though the clocks may be in ON state, the link could + * still be in hibner8 state if hibern8 is allowed + * during clock gating. + * Make sure we exit hibern8 state also in addition to + * clocks being ON. + */ + if (ufshcd_can_hibern8_during_gating(hba) && + ufshcd_is_link_hibern8(hba)) { + spin_unlock_irqrestore(hba->host->host_lock, flags); + flush_work(&hba->clk_gating.ungate_work); + spin_lock_irqsave(hba->host->host_lock, flags); + goto start; + } break; case REQ_CLKS_OFF: if (cancel_delayed_work(&hba->clk_gating.gate_work)) { From patchwork Wed Nov 28 14:47:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 152304 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp1178789ljp; Wed, 28 Nov 2018 06:48:04 -0800 (PST) X-Google-Smtp-Source: AFSGD/UCwDveJaqbh2p0OP7OtrS2e+kph3iOaMDZErcrS5hR/zDrag4Vhsn3WhvA9tScTwDzpJg7 X-Received: by 2002:a63:4c6:: with SMTP id 189mr33786078pge.391.1543416484163; Wed, 28 Nov 2018 06:48:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543416484; cv=none; d=google.com; s=arc-20160816; b=CGK2ymNOEvyqUvgeYUoWK1jbnhYiss3mRbxNXWTNcyT5xVU5T0RpIkMU6aLJnHduD1 b1/RcssMYDc3TyyvtZNiNCnwYin40AQ0q3vcMnftf++QFjbZ/f3ihi1uakCKzwJN+5e5 Pt3VVSn8R1yTy1X3Wt34GRZa0gb1NVccFfy48u6m9zUV8FhTyC/sbV9EecA7RKXws3rY XQCUgFYVxiDHx+97lBrnLJzW/2Nt/tPk/ZcpJSQiybOaY17Pn2JtKcvXnHuI+hTrV2uo XZCBvLzOlhuoVcR9JgD+8QZzF2ao/9szSIR9906DH3MC0oi7tnCNoK95s16bTjkbBcmk oEGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=lxamVIGZQyzrxr1JKNYKzdRpNVab/atrFVKUVUteCrA=; b=qkpE8TsTlQV/agYGH8NWEnvIBAN3TwB+6QanqUjFfv4ooTXO2V4idcItUwjfpstWSk MuM85qm18FFtEmL6qegeRVg8YTsAkaN8yffMAeHTwOI9yFzFvEMpCuH1TngGdDeOjwla Hl2gJMvvropwgOXrIIE/eYWt3FxaS5U2zoI8rZ3Q1RYNbSC9bjNnDXR7IraycFtnaMtc y2CywVX9mK56Ixf6j9t/hG53GdLqUbYQUnugnlN9N023k021/BhaWFRrKNXrFu0SWvOA w9iJ+T5dKjVvWmZ+nvB3+snfp2dtOFTpYaho+iwJztNc4lm2paJF6VvZ5iQRrfST06uL A3fQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="N/w4v5+H"; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p64si7857277pfa.94.2018.11.28.06.48.03; Wed, 28 Nov 2018 06:48:04 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="N/w4v5+H"; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728526AbeK2Bt5 (ORCPT + 15 others); Wed, 28 Nov 2018 20:49:57 -0500 Received: from mail-pg1-f196.google.com ([209.85.215.196]:43664 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727726AbeK2Bt5 (ORCPT ); Wed, 28 Nov 2018 20:49:57 -0500 Received: by mail-pg1-f196.google.com with SMTP id v28so9588760pgk.10 for ; Wed, 28 Nov 2018 06:48:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lxamVIGZQyzrxr1JKNYKzdRpNVab/atrFVKUVUteCrA=; b=N/w4v5+H8Dbc+5oBLpuwk7ARl+KcGXO3qI4ecFWcKtrJK76pMDrdl84OYPnDQmyOhw jhvUmb1O3QWDX+vk4GqjQGC+VbKuqibx+ggBBQ646OAkeZNN2gnCBM13f46NIXVYnHI2 wu6fFs9TCTaJfFSoA8NYKcP8hSLT4UNW9GRaI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lxamVIGZQyzrxr1JKNYKzdRpNVab/atrFVKUVUteCrA=; b=l8ZY28kMiUJmVXegbe5VuS6z+T4MCyf+vVUJcTsxmHrKnSAF4SpxVrjjVEow9+ZeZv YDfqgHYU5lOflq60ZmqHpsmUrOqRiXt4HiUmkhhMlDDo00Gb8fS5Yml59taS5Cl7+5mj kitj/PenJAX2FWbV5NG5Yl8swRKVoN33LLaR6OqxPfj4H1BJF3s0yjx/fSoMpMHYOONu L71Flbegy+ifYC4sfFUhfWuimTfdfRBjVXhdIIfOLI10Ti666m7SQ8c8gxR9wQP+jOgc VdvGxxgz/+7NpkamAMzH/O4tji1rfhyBRhW48gvZfMY+DDLg42epwi+fwtxcggYXyYzb jQAw== X-Gm-Message-State: AA+aEWaQ1l4g0wkaPLjEJuslaqd8Tuu3lEQB3k23ZLc2tgcrwSyNWGdY bWutu0XLincgQQVAP5Q0Jp8mfQ== X-Received: by 2002:a63:741:: with SMTP id 62mr32624352pgh.352.1543416481997; Wed, 28 Nov 2018 06:48:01 -0800 (PST) Received: from localhost.localdomain ([49.207.53.6]) by smtp.gmail.com with ESMTPSA id r80sm14295109pfa.111.2018.11.28.06.47.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 28 Nov 2018 06:48:01 -0800 (PST) From: Amit Pundir To: Greg KH Cc: Stable , Subhash Jadavani , "Martin K . Petersen" Subject: [PATCH for-3.18.y 4/5] scsi: ufs: fix race between clock gating and devfreq scaling work Date: Wed, 28 Nov 2018 20:17:46 +0530 Message-Id: <1543416467-2081-5-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1543416467-2081-1-git-send-email-amit.pundir@linaro.org> References: <1543416467-2081-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Subhash Jadavani commit 30fc33f1ef475480dc5bea4fe1bda84b003b992c upstream. UFS devfreq clock scaling work may require clocks to be ON if it need to execute some UFS commands hence it may request for clock hold before issuing the command. But if UFS clock gating work is already running in parallel, ungate work would end up waiting for the clock gating work to finish and as clock gating work would also wait for the clock scaling work to finish, we would enter in deadlock state. Here is the call trace during this deadlock state: Workqueue: devfreq_wq devfreq_monitor __switch_to __schedule schedule schedule_timeout wait_for_common wait_for_completion flush_work ufshcd_hold ufshcd_send_uic_cmd ufshcd_dme_get_attr ufs_qcom_set_dme_vs_core_clk_ctrl_clear_div ufs_qcom_clk_scale_notify ufshcd_scale_clks ufshcd_devfreq_target update_devfreq devfreq_monitor process_one_work worker_thread kthread ret_from_fork Workqueue: events ufshcd_gate_work __switch_to __schedule schedule schedule_preempt_disabled __mutex_lock_slowpath mutex_lock devfreq_monitor_suspend devfreq_simple_ondemand_handler devfreq_suspend_device ufshcd_gate_work process_one_work worker_thread kthread ret_from_fork Workqueue: events ufshcd_ungate_work __switch_to __schedule schedule schedule_timeout wait_for_common wait_for_completion flush_work __cancel_work_timer cancel_delayed_work_sync ufshcd_ungate_work process_one_work worker_thread kthread ret_from_fork This change fixes this deadlock by doing this in devfreq work (devfreq_wq): Try cancelling clock gating work. If we are able to cancel gating work or it wasn't scheduled, hold the clock reference count until scaling is in progress. If gate work is already running in parallel, let's skip the frequecy scaling at this time and it will be retried once next scaling window expires. Reviewed-by: Sahitya Tummala Signed-off-by: Subhash Jadavani Signed-off-by: Martin K. Petersen Signed-off-by: Amit Pundir --- drivers/scsi/ufs/ufshcd.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) -- 2.7.4 diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c index 7b48fb84a900..e8f3033d991b 100644 --- a/drivers/scsi/ufs/ufshcd.c +++ b/drivers/scsi/ufs/ufshcd.c @@ -5406,15 +5406,47 @@ static int ufshcd_devfreq_target(struct device *dev, { int err = 0; struct ufs_hba *hba = dev_get_drvdata(dev); + bool release_clk_hold = false; + unsigned long irq_flags; if (!ufshcd_is_clkscaling_enabled(hba)) return -EINVAL; + spin_lock_irqsave(hba->host->host_lock, irq_flags); + if (ufshcd_eh_in_progress(hba)) { + spin_unlock_irqrestore(hba->host->host_lock, irq_flags); + return 0; + } + + if (ufshcd_is_clkgating_allowed(hba) && + (hba->clk_gating.state != CLKS_ON)) { + if (cancel_delayed_work(&hba->clk_gating.gate_work)) { + /* hold the vote until the scaling work is completed */ + hba->clk_gating.active_reqs++; + release_clk_hold = true; + hba->clk_gating.state = CLKS_ON; + } else { + /* + * Clock gating work seems to be running in parallel + * hence skip scaling work to avoid deadlock between + * current scaling work and gating work. + */ + spin_unlock_irqrestore(hba->host->host_lock, irq_flags); + return 0; + } + } + spin_unlock_irqrestore(hba->host->host_lock, irq_flags); + if (*freq == UINT_MAX) err = ufshcd_scale_clks(hba, true); else if (*freq == 0) err = ufshcd_scale_clks(hba, false); + spin_lock_irqsave(hba->host->host_lock, irq_flags); + if (release_clk_hold) + __ufshcd_release(hba); + spin_unlock_irqrestore(hba->host->host_lock, irq_flags); + return err; } From patchwork Wed Nov 28 14:47:47 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 152305 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp1178825ljp; Wed, 28 Nov 2018 06:48:06 -0800 (PST) X-Google-Smtp-Source: AFSGD/UdksPNaC+TIBdnWboIFXPdXFzOIlmv70LMnPxet2n+gV6CVnqCL+tluxZ0UUEU9bO4J4Wg X-Received: by 2002:a62:56c7:: with SMTP id h68mr10817055pfj.134.1543416486205; Wed, 28 Nov 2018 06:48:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543416486; cv=none; d=google.com; s=arc-20160816; b=CpzQ1/s/nfVS3J2AZwMWHt5UFhA90S2cvo2/sMejepY9uC9okUfM0x4bpBAYMFindL RpsILr4sKBQEMAfW3rZWZs3AgJcOfWIBzq8RWOOrnhB3wTWhPRV7UzcgAziM9ARRIGzK GobcR4qhL4wzRP1JJQ/mLvaBa7NwE7kZhWlrZ0kMqJN6Ti8QqiCRDwOirwdpAlqbragk 5In4mHSRhh6AU0lVleVm6UQCez8mrmg5G3v4kOfAy7s7RHOlwjAxte8QXbR8RQF0KJYm VcgFua7fsOwkdarHKbZ+QD2KTovvFk4fjaeIZMDYYXT13d9kjRntKZ8a7Z+oakdvnKdN 1rCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=visxGZMJguF0unhrb4VxL6DKUbvBzWjgQrcEmeTNHMg=; b=baCN8HD7iCI6AUYcjzn/WMV2mdYRy2sshkpyzCz08Zcc3uB794eqoCJPzGV4PqJDs9 ADxubWBWHWpRbrchKArgncWNoiJTP+WW4DJTL8/xFglJM1TV5t0XJKd9bs2jIbVMow0j KntNJdkvs7WZQdQI7Tgf0SbWA3eEgnWd+uzf4S7aq/4FoEzZFCj0CRl8jg/9zQaNUAe/ Atzb48BxhpBfxhgue9cug7uyufXfBmjYzaeSPiFqRTMmAni4n/J7zhoLXrd7rCO4BAGx Tjgy1kV3x8ba3cjvIrk1dfCklZw9PjyOo495tdO1BA13cfDgRKc2rUygLzdipHvlvIlE k2CA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=AOO7c2Pr; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p64si7857277pfa.94.2018.11.28.06.48.05; Wed, 28 Nov 2018 06:48:06 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=AOO7c2Pr; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727726AbeK2Bt7 (ORCPT + 15 others); Wed, 28 Nov 2018 20:49:59 -0500 Received: from mail-pl1-f194.google.com ([209.85.214.194]:44647 "EHLO mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728240AbeK2Bt7 (ORCPT ); Wed, 28 Nov 2018 20:49:59 -0500 Received: by mail-pl1-f194.google.com with SMTP id k8so6837534pls.11 for ; Wed, 28 Nov 2018 06:48:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=visxGZMJguF0unhrb4VxL6DKUbvBzWjgQrcEmeTNHMg=; b=AOO7c2PrfXD/h1fW+RKnPr+2r4UyYA7L0Ig4h3AdAN125cgIkQLBsU6FKlV8aV4ohh 4I+1v0jQrQvTKtbWBZ8oNkgYuUimjEXCi0moh0KPX/ytiREDFGw+eWxWh5fAezsb4DLq rDrJ8yPphfql3JNsPY9gFtFKJ+ODYm4aQPDH8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=visxGZMJguF0unhrb4VxL6DKUbvBzWjgQrcEmeTNHMg=; b=by2q0ENYhkB7HKkS1Y01arz76NbrWOB1H71KAeSz0ed4pcVVr7ECI3EPtMhRWXwSbh OjxXYyhR/wAI3GMBc0/H30Z5Fjs6H/QlOjwtWIFhStqpCYDNyk/wnIqUKgTWIoJCsBVp CTqwAzkZm+FFApY0Mg8FYu1NUFQ6owwnFW9vvHw7Wdgy2ZxfQEaUCnHYxqywP6u3z4lp bhRIfE/y/7SvW1F8BpbeZgWjpCyDbPPhHAVHmzA2Aq5C2ublk7XMl2M1EtE+mFRjHYAZ vbQjampnXgYMH/oeKzbmadxCKCdW1fv+2cH4uR7eYIUIznKiposna0hsB76ks8CdnTub /ZqA== X-Gm-Message-State: AA+aEWYCubLDKwZ7LZU9M24qeXa4pnyimMvawVpXOT+iTvU9FjFmH8x2 psqeTg6XirHBbp/isjGe4gmmnw== X-Received: by 2002:a17:902:5a0b:: with SMTP id q11mr37575088pli.186.1543416484607; Wed, 28 Nov 2018 06:48:04 -0800 (PST) Received: from localhost.localdomain ([49.207.53.6]) by smtp.gmail.com with ESMTPSA id r80sm14295109pfa.111.2018.11.28.06.48.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 28 Nov 2018 06:48:03 -0800 (PST) From: Amit Pundir To: Greg KH Cc: Stable , Mauricio Faria de Oliveira , "Martin K . Petersen" Subject: [PATCH for-3.18.y 5/5] scsi: qla2xxx: do not queue commands when unloading Date: Wed, 28 Nov 2018 20:17:47 +0530 Message-Id: <1543416467-2081-6-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1543416467-2081-1-git-send-email-amit.pundir@linaro.org> References: <1543416467-2081-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Mauricio Faria de Oliveira commit 04dfaa53a0b6e66b328a5bc549e3af8f8b6eac02 upstream. When the driver is unloading, in qla2x00_remove_one(), there is a single call/point in time to abort ongoing commands, qla2x00_abort_all_cmds(), which is still several steps away from the call to scsi_remove_host(). If more commands continue to arrive and be processed during that interval, when the driver is tearing down and releasing its structures, it might potentially hit an oops due to invalid memory access: Unable to handle kernel paging request for data at address 0x00000138 <...> NIP [d000000004700a40] qla2xxx_queuecommand+0x80/0x3f0 [qla2xxx] LR [d000000004700a10] qla2xxx_queuecommand+0x50/0x3f0 [qla2xxx] So, fail commands in qla2xxx_queuecommand() if the UNLOADING bit is set. Signed-off-by: Mauricio Faria de Oliveira Acked-by: Himanshu Madhani Signed-off-by: Martin K. Petersen Signed-off-by: Amit Pundir --- drivers/scsi/qla2xxx/qla_os.c | 5 +++++ 1 file changed, 5 insertions(+) -- 2.7.4 diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c index 7bc28c8d2832..4bd4f185102e 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c @@ -687,6 +687,11 @@ qla2xxx_queuecommand(struct Scsi_Host *host, struct scsi_cmnd *cmd) srb_t *sp; int rval; + if (unlikely(test_bit(UNLOADING, &base_vha->dpc_flags))) { + cmd->result = DID_NO_CONNECT << 16; + goto qc24_fail_command; + } + if (ha->flags.eeh_busy) { if (ha->flags.pci_channel_io_perm_failure) { ql_dbg(ql_dbg_aer, vha, 0x9010,