Re: [BUG] scsi/qla2xxx: a possible sleep-in-atomic bug in qlt_get_tag

From: Jia-Ju Bai
Date: Wed Dec 13 2017 - 02:38:38 EST

Next message: Linus Walleij: "Re: [PATCH v2 04/13] dt-bindings: pinctrl: Add bindings for Microsemi Ocelot"
Previous message: Vlastimil Babka: "Re: general protection fault in page_mapping"
In reply to: James Bottomley: "Re: [BUG] scsi/qla2xxx: a possible sleep-in-atomic bug in qlt_get_tag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2017/12/13 12:42, James Bottomley wrote:

On Wed, 2017-12-13 at 11:18 +0800, Jia-Ju Bai wrote:

The driver may sleep under a spinlock.
The function call paths are:
qlt_handle_abts_recv_work (acquire the spinlock)
qlt_response_pkt_all_vps
qlt_response_pkt
qlt_handle_cmd_for_atio
qlt_get_tag
percpu_ida_alloc --> may sleep

qla82xx_msix_rsp_q (acquire the spinlock)
qla24xx_process_response_queue
qlt_handle_abts_recv
qlt_response_pkt_all_vps
qlt_response_pkt
qlt_handle_cmd_for_atio
qlt_get_tag
percpu_ida_alloc --> may sleep-in-atomic

qla24xx_intr_handler (acquire the spinlock)
qla24xx_process_response_queue
qlt_handle_abts_recv
qlt_response_pkt
qlt_handle_cmd_for_atio
qlt_get_tag
percpu_ida_alloc --> may sleep

I do not find a good way to fix it, so I only report.
This possible bug is found by my static analysis tool (DSAC) and
checked by my code review.

The report is incorrect: percpu_ida_alloc with state==TASK_RUNNING is
atomic (and interrupt) safe which appears to be the case here.

James

Thanks for your reply :)
I have checked the definition of percpu_ida_alloc, and I think you are right.
Sorry for my incorrect bug report.

Thanks,
Jia-Ju Bai

Next message: Linus Walleij: "Re: [PATCH v2 04/13] dt-bindings: pinctrl: Add bindings for Microsemi Ocelot"
Previous message: Vlastimil Babka: "Re: general protection fault in page_mapping"
In reply to: James Bottomley: "Re: [BUG] scsi/qla2xxx: a possible sleep-in-atomic bug in qlt_get_tag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]