AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
505f76b306
kernel_optimize_test/drivers/scsi
History
Tony Battersby 505f76b306 [SCSI] iscsi_tcp: fix potential lockup with write commands 
There is a race condition in iscsi_tcp.c that may cause it to forget
that it received a R2T from the target.  This race may cause a data-out
command (such as a write) to lock up.  The race occurs here:

static int
iscsi_send_unsol_pdu(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask)
{
	struct iscsi_tcp_cmd_task *tcp_ctask = ctask->dd_data;
	int rc;

	if (tcp_ctask->xmstate & XMSTATE_UNS_HDR) {
		BUG_ON(!ctask->unsol_count);
		tcp_ctask->xmstate &= ~XMSTATE_UNS_HDR; <---- RACE
		...

static int
iscsi_r2t_rsp(struct iscsi_conn *conn, struct iscsi_cmd_task *ctask)
{
	...
	tcp_ctask->xmstate |= XMSTATE_SOL_HDR_INIT; <---- RACE
	...

While iscsi_xmitworker() (called from scsi_queue_work()) is preparing to
send unsolicited data, iscsi_tcp_data_recv() (called from
tcp_read_sock()) interrupts it upon receipt of a R2T from the target.
Both contexts do read-modify-write of tcp_ctask->xmstate.  Usually, gcc
on x86 will make &= and |= atomic on UP (not guaranteed of course), but
in this case iscsi_send_unsol_pdu() reads the value of xmstate before
clearing the bit, which causes gcc to read xmstate into a CPU register,
test it, clear the bit, and then store it back to memory.  If the recv
interrupt happens during this sequence, then the XMSTATE_SOL_HDR_INIT
bit set by the recv interrupt will be lost, and the R2T will be
forgotten.

The patch below (against 2.6.24-rc1) converts accesses of xmstate to use
set_bit, clear_bit, and test_bit instead of |= and &=.  I have tested
this patch and verified that it fixes the problem.  Another possible
approach would be to hold a lock during most of the rx/tx setup and
post-processing, and drop the lock only for the actual rx/tx.

Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
2007-11-14 14:51:58 -06:00
..
aacraid [SCSI] aacraid: fix security weakness 2007-11-11 17:35:48 -06:00
aic7xxx Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2007-10-23 16:37:29 -07:00
aic7xxx_old
aic94xx
arcmsr deal with resource allocation bugs in arcmsr 2007-10-29 07:41:33 -07:00
arm [ARM] Fix an rpc_defconfig regression 2007-10-31 15:21:35 +00:00
dpt
ibmvscsi [SCSI] ibmvscsi: Prevent IO during partner login 2007-11-03 12:10:36 -05:00
libsas Use helpers to obtain task pid in printks 2007-10-19 11:53:43 -07:00
lpfc [SCSI] lpfc : Correct queue tag handling 2007-11-03 12:09:29 -05:00
megaraid [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
pcmcia [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
qla2xxx [SCSI] qla2xxx: Update version number to 8.02.00-k5. 2007-10-23 15:55:16 -04:00
qla4xxx Fix misspellings of "system", "controller", "interrupt" and "necessary". 2007-10-19 23:10:43 +02:00
sym53c8xx_2 Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2007-10-23 16:37:29 -07:00
.gitignore
3w-9xxx.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
3w-9xxx.h
3w-xxxx.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
3w-xxxx.h
53c700_d.h_shipped
53c700.c
53c700.h
53c700.scr
a100u2w.c
a100u2w.h
a2091.c
a2091.h
a3000.c
a3000.h
a4000t.c
advansys.c
aha152x.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
aha152x.h
aha1542.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
aha1542.h
aha1740.c
aha1740.h
aic7xxx_old.c [SCSI] aic7xxx_old: fix accidental logic reversal 2007-10-18 08:40:42 -04:00
atari_dma_emul.c
atari_NCR5380.c m68k: sg fallout 2007-10-24 08:55:40 +02:00
atari_scsi.c
atari_scsi.h
atp870u.c
atp870u.h
blz1230.c
blz2060.c
BusLogic.c
BusLogic.h
bvme6000_scsi.c
ch.c
constants.c
cyberstorm.c
cyberstormII.c
dc395x.c Fix misspellings of "system", "controller", "interrupt" and "necessary". 2007-10-19 23:10:43 +02:00
dc395x.h
dec_esp.c
dmx3191d.c
dpt_i2o.c
dpti.h
dtc.c
dtc.h
eata_generic.h
eata_pio.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
eata_pio.h
eata.c
esp_scsi.c
esp_scsi.h
fastlane.c
fd_mcs.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
fdomain.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
fdomain.h
FlashPoint.c FlashPoint, use BIT instead of BITW 2007-10-19 11:53:42 -07:00
g_NCR5380_mmio.c
g_NCR5380.c
g_NCR5380.h
gdth_ioctl.h
gdth_proc.c
gdth_proc.h
gdth.c Merge master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2007-10-23 16:37:29 -07:00
gdth.h
gvp11.c
gvp11.h
hosts.c [SCSI] make supported_mode default to initiator. 2007-10-17 21:56:12 -04:00
hptiop.c [SCSI] hptiop: avoid buffer overflow when returning sense data 2007-10-17 21:56:13 -04:00
hptiop.h
ibmmca.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
ide-scsi.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
imm.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
imm.h
in2000.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
in2000.h
initio.c [SCSI] initio: Fix merge fallout 2007-10-17 21:56:14 -04:00
initio.h
ipr.c SG: Change sg_set_page() to take length and offset argument 2007-10-24 11:20:47 +02:00
ipr.h
ips.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
ips.h
iscsi_tcp.c [SCSI] iscsi_tcp: fix potential lockup with write commands 2007-11-14 14:51:58 -06:00
iscsi_tcp.h [SCSI] iscsi_tcp: fix potential lockup with write commands 2007-11-14 14:51:58 -06:00
jazz_esp.c
Kconfig PCI: Add Kconfig option to disable deprecated pci_find_* API 2007-11-05 13:35:17 -08:00
lasi700.c
libiscsi.c
libsrp.c
mac_esp.c
mac_scsi.c
mac_scsi.h
mac53c94.c
mac53c94.h
Makefile [SCSI] fc4: remove this and all associated drivers 2007-10-17 21:53:55 -04:00
mca_53c9x.c
megaraid.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
megaraid.h
mesh.c
mesh.h
mvme16x_scsi.c
mvme147.c
mvme147.h
NCR_D700.c
NCR_D700.h
NCR_Q720.c
NCR_Q720.h
ncr53c8xx.c
ncr53c8xx.h
NCR53C9x.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
NCR53C9x.h
NCR53c406a.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
NCR5380.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
NCR5380.h
nsp32_debug.c
nsp32_io.h
nsp32.c
nsp32.h define global BIT macro 2007-10-19 11:53:42 -07:00
oktagon_esp.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
oktagon_io.S
osst_detect.h
osst_options.h
osst.c [SCSI] osst: fix if (...) \n #if... cases missing semicolons when false 2007-10-27 14:31:06 -05:00
osst.h
pas16.c
pas16.h
ppa.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
ppa.h
ps3rom.c powerpc: Fix fallout from sg_page() changes 2007-10-23 09:13:14 +02:00
psi_chip.h
psi240i.c
psi240i.h
ql1040_fw.h
ql1280_fw.h
ql12160_fw.h
qla1280.c [SCSI] qla1280: uses wrong failure path after failed pci_set_dma_mask 2007-10-21 10:53:02 -05:00
qla1280.h [SCSI] qla1280: eliminate wasted space in request and response ring 2007-10-23 12:35:35 -04:00
qlogicfas.c
qlogicfas408.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
qlogicfas408.h
qlogicpti_asm.c
qlogicpti.c
qlogicpti.h
raid_class.c
script_asm.pl
scsi_debug.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
scsi_debug.h
scsi_devinfo.c
scsi_error.c [SCSI] include linux/scatterlist.h in scsi_eh.h 2007-10-17 21:53:56 -04:00
scsi_ioctl.c
scsi_lib_dma.c
scsi_lib.c SCSI: add asynchronous event notification API 2007-11-03 22:23:02 -04:00
scsi_logging.h
scsi_module.c
scsi_netlink.c
scsi_priv.h
scsi_proc.c
scsi_sas_internal.h
scsi_scan.c SCSI: add asynchronous event notification API 2007-11-03 22:23:02 -04:00
scsi_sysctl.c
scsi_sysfs.c SCSI: add asynchronous event notification API 2007-11-03 22:23:02 -04:00
scsi_tgt_if.c
scsi_tgt_lib.c
scsi_tgt_priv.h
scsi_transport_api.h
scsi_transport_fc_internal.h
scsi_transport_fc.c
scsi_transport_iscsi.c
scsi_transport_sas.c
scsi_transport_spi.c
scsi_transport_srp_internal.h
scsi_transport_srp.c
scsi_typedefs.h
scsi_wait_scan.c
scsi.c
scsi.h
scsicam.c
sd.c Fix misspellings of "system", "controller", "interrupt" and "necessary". 2007-10-19 23:10:43 +02:00
seagate.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
sg.c Initialise scatter/gather list in sg driver 2007-10-29 09:18:03 +01:00
sgiwd93.c
sim710.c
sni_53c710.c
sr_ioctl.c
sr_vendor.c
sr.c
sr.h
st_options.h
st.c SG: Change sg_set_page() to take length and offset argument 2007-10-24 11:20:47 +02:00
st.h
stex.c
sun_esp.c
sun3_NCR5380.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
sun3_scsi_vme.c
sun3_scsi.c
sun3_scsi.h
sun3x_esp.c m68k: sg fallout 2007-10-24 08:55:40 +02:00
sym53c416.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
sym53c416.h
t128.c
t128.h
tmscsim.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
tmscsim.h
u14-34f.c
ultrastor.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
ultrastor.h
wd33c93.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
wd33c93.h Spelling fix: explicitly 2007-10-19 23:22:55 +02:00
wd7000.c [SG] Update drivers to use sg helpers 2007-10-22 21:19:53 +02:00
zalon.c
zorro7xx.c