[thirdparty/kernel/stable-queue.git] /

From f10f582d28220f50099d3f561116256267821429 Mon Sep 17 00:00:00 2001
From: Mike Christie <michael.christie@oracle.com>
Date: Tue, 8 Feb 2022 12:54:48 -0600
Subject: scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp()

From: Mike Christie <michael.christie@oracle.com>

commit f10f582d28220f50099d3f561116256267821429 upstream.

This fixes a deadlock added with commit b40f3894e39e ("scsi: qedi: Complete
TMF works before disconnect")

Bug description from Jia-Ju Bai:

qedi_process_tmf_resp()
  spin_lock(&session->back_lock); --> Line 201 (Lock A)
  spin_lock(&qedi_conn->tmf_work_lock); --> Line 230 (Lock B)

qedi_process_cmd_cleanup_resp()
  spin_lock_bh(&qedi_conn->tmf_work_lock); --> Line 752 (Lock B)
  spin_lock_bh(&conn->session->back_lock); --> Line 784 (Lock A)

When qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() are
concurrently executed, the deadlock can occur.

This patch fixes the deadlock by not holding the tmf_work_lock in
qedi_process_cmd_cleanup_resp while holding the back_lock. The
tmf_work_lock is only needed while we remove the tmf_work from the
work_list.

Link: https://lore.kernel.org/r/20220208185448.6206-1-michael.christie@oracle.com
Fixes: b40f3894e39e ("scsi: qedi: Complete TMF works before disconnect")
Cc: Manish Rangankar <mrangankar@marvell.com>
Cc: Nilesh Javali <njavali@marvell.com>
Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>
Reported-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/scsi/qedi/qedi_fw.c |    6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

--- a/drivers/scsi/qedi/qedi_fw.c
+++ b/drivers/scsi/qedi/qedi_fw.c
@@ -772,11 +772,10 @@ static void qedi_process_cmd_cleanup_res
                        qedi_cmd->list_tmf_work = NULL;
                }
        }
+       spin_unlock_bh(&qedi_conn->tmf_work_lock);
 
-       if (!found) {
-               spin_unlock_bh(&qedi_conn->tmf_work_lock);
+       if (!found)
                goto check_cleanup_reqs;
-       }
 
        QEDI_INFO(&qedi->dbg_ctx, QEDI_LOG_SCSI_TM,
                  "TMF work, cqe->tid=0x%x, tmf flags=0x%x, cid=0x%x\n",
@@ -807,7 +806,6 @@ static void qedi_process_cmd_cleanup_res
        qedi_cmd->state = CLEANUP_RECV;
 unlock:
        spin_unlock_bh(&conn->session->back_lock);
-       spin_unlock_bh(&qedi_conn->tmf_work_lock);
        wake_up_interruptible(&qedi_conn->wait_queue);
        return;