• Ye Bin's avatar
    scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() · bc546c0c
    Ye Bin authored
    The following BUG_ON() was observed during RDAC scan:
    
    [595952.944297] kernel BUG at drivers/scsi/device_handler/scsi_dh_rdac.c:427!
    [595952.951143] Internal error: Oops - BUG: 0 [#1] SMP
    ......
    [595953.251065] Call trace:
    [595953.259054]  check_ownership+0xb0/0x118
    [595953.269794]  rdac_bus_attach+0x1f0/0x4b0
    [595953.273787]  scsi_dh_handler_attach+0x3c/0xe8
    [595953.278211]  scsi_dh_add_device+0xc4/0xe8
    [595953.282291]  scsi_sysfs_add_sdev+0x8c/0x2a8
    [595953.286544]  scsi_probe_and_add_lun+0x9fc/0xd00
    [595953.291142]  __scsi_scan_target+0x598/0x630
    [595953.295395]  scsi_scan_target+0x120/0x130
    [595953.299481]  fc_user_scan+0x1a0/0x1c0 [scsi_transport_fc]
    [595953.304944]  store_scan+0xb0/0x108
    [595953.308420]  dev_attr_store+0x44/0x60
    [595953.312160]  sysfs_kf_write+0x58/0x80
    [595953.315893]  kernfs_fop_write+0xe8/0x1f0
    [595953.319888]  __vfs_write+0x60/0x190
    [595953.323448]  vfs_write+0xac/0x1c0
    [595953.326836]  ksys_write+0x74/0xf0
    [595953.330221]  __arm64_sys_write+0x24/0x30
    
    Code is in check_ownership:
    
    	list_for_each_entry_rcu(tmp, &h->ctlr->dh_list, node) {
    		/* h->sdev should always be valid */
    		BUG_ON(!tmp->sdev);
    		tmp->sdev->access_state = access_state;
    	}
    
    	rdac_bus_attach
    		initialize_controller
    			list_add_rcu(&h->node, &h->ctlr->dh_list);
    			h->sdev = sdev;
    
    	rdac_bus_detach
    		list_del_rcu(&h->node);
    		h->sdev = NULL;
    
    Fix the race between rdac_bus_attach() and rdac_bus_detach() where h->sdev
    is NULL when processing the RDAC attach.
    
    Link: https://lore.kernel.org/r/20210113063103.2698953-1-yebin10@huawei.comReviewed-by: default avatarBart Van Assche <bvanassche@acm.org>
    Signed-off-by: default avatarYe Bin <yebin10@huawei.com>
    Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
    bc546c0c
scsi_dh_rdac.c 19.7 KB