git: e76786909ce0 - main - Fix data race in scsi cd driver.
Alexander Motin
mav at FreeBSD.org
Mon Sep 13 13:02:31 UTC 2021
The branch main has been updated by mav:
URL: https://cgit.FreeBSD.org/src/commit/?id=e76786909ce0195855196305a04d86b40f138894
commit e76786909ce0195855196305a04d86b40f138894
Author: Alexander Motin <mav at FreeBSD.org>
AuthorDate: 2021-09-13 12:59:51 +0000
Commit: Alexander Motin <mav at FreeBSD.org>
CommitDate: 2021-09-13 12:59:51 +0000
Fix data race in scsi cd driver.
There is a data race between cdsysctlinit and cdcheckmedia. Both
functions change softc->flags without synchronization.
Submitted by: Arseny Smalyuk <smalukav at gmail.com>
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D31726
---
sys/cam/scsi/scsi_cd.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/sys/cam/scsi/scsi_cd.c b/sys/cam/scsi/scsi_cd.c
index 4babe4003050..3e8187544bff 100644
--- a/sys/cam/scsi/scsi_cd.c
+++ b/sys/cam/scsi/scsi_cd.c
@@ -371,6 +371,7 @@ cdoninvalidate(struct cam_periph *periph)
{
struct cd_softc *softc;
+ cam_periph_assert(periph, MA_OWNED);
softc = (struct cd_softc *)periph->softc;
/*
@@ -451,7 +452,7 @@ cdasync(void *callback_arg, u_int32_t code,
printf("cdasync: Unable to attach new device "
"due to status 0x%x\n", status);
- break;
+ return;
}
case AC_UNIT_ATTENTION:
{
@@ -471,10 +472,10 @@ cdasync(void *callback_arg, u_int32_t code,
if (asc == 0x28 && ascq == 0x00)
disk_media_changed(softc->disk, M_NOWAIT);
}
- cam_periph_async(periph, code, path, arg);
break;
}
case AC_SCSI_AEN:
+ cam_periph_assert(periph, MA_OWNED);
softc = (struct cd_softc *)periph->softc;
if (softc->state == CD_STATE_NORMAL && !softc->tur) {
if (cam_periph_acquire(periph) == 0) {
@@ -488,6 +489,7 @@ cdasync(void *callback_arg, u_int32_t code,
{
struct ccb_hdr *ccbh;
+ cam_periph_assert(periph, MA_OWNED);
softc = (struct cd_softc *)periph->softc;
/*
* Don't fail on the expected unit attention
@@ -496,12 +498,13 @@ cdasync(void *callback_arg, u_int32_t code,
softc->flags |= CD_FLAG_RETRY_UA;
LIST_FOREACH(ccbh, &softc->pending_ccbs, periph_links.le)
ccbh->ccb_state |= CD_CCB_RETRY_UA;
- /* FALLTHROUGH */
+ break;
}
default:
- cam_periph_async(periph, code, path, arg);
break;
}
+
+ cam_periph_async(periph, code, path, arg);
}
static void
@@ -520,7 +523,9 @@ cdsysctlinit(void *context, int pending)
snprintf(tmpstr2, sizeof(tmpstr2), "%d", periph->unit_number);
sysctl_ctx_init(&softc->sysctl_ctx);
+ cam_periph_lock(periph);
softc->flags |= CD_FLAG_SCTX_INIT;
+ cam_periph_unlock(periph);
softc->sysctl_tree = SYSCTL_ADD_NODE_WITH_LABEL(&softc->sysctl_ctx,
SYSCTL_STATIC_CHILDREN(_kern_cam_cd), OID_AUTO,
tmpstr2, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, tmpstr,
@@ -899,6 +904,7 @@ cdstart(struct cam_periph *periph, union ccb *start_ccb)
struct bio *bp;
struct ccb_scsiio *csio;
+ cam_periph_assert(periph, MA_OWNED);
softc = (struct cd_softc *)periph->softc;
CAM_DEBUG(periph->path, CAM_DEBUG_TRACE, ("entering cdstart\n"));
@@ -1143,6 +1149,7 @@ cddone(struct cam_periph *periph, union ccb *done_ccb)
CAM_DEBUG(periph->path, CAM_DEBUG_TRACE, ("entering cddone\n"));
+ cam_periph_assert(periph, MA_OWNED);
softc = (struct cd_softc *)periph->softc;
csio = &done_ccb->csio;
@@ -2624,6 +2631,7 @@ cdprevent(struct cam_periph *periph, int action)
CAM_DEBUG(periph->path, CAM_DEBUG_TRACE, ("entering cdprevent\n"));
+ cam_periph_assert(periph, MA_OWNED);
softc = (struct cd_softc *)periph->softc;
if (((action == PR_ALLOW)
@@ -2661,6 +2669,7 @@ cdmediaprobedone(struct cam_periph *periph)
{
struct cd_softc *softc;
+ cam_periph_assert(periph, MA_OWNED);
softc = (struct cd_softc *)periph->softc;
softc->flags &= ~CD_FLAG_MEDIA_SCAN_ACT;
@@ -2682,6 +2691,7 @@ cdcheckmedia(struct cam_periph *periph, int do_wait)
struct cd_softc *softc;
int error;
+ cam_periph_assert(periph, MA_OWNED);
softc = (struct cd_softc *)periph->softc;
error = 0;
@@ -3071,13 +3081,14 @@ cderror(union ccb *ccb, u_int32_t cam_flags, u_int32_t sense_flags)
periph = xpt_path_periph(ccb->ccb_h.path);
softc = (struct cd_softc *)periph->softc;
- error = 0;
+ cam_periph_assert(periph, MA_OWNED);
/*
* We use a status of CAM_REQ_INVALID as shorthand -- if a 6 byte
* CDB comes back with this particular error, try transforming it
* into the 10 byte version.
*/
+ error = 0;
if ((ccb->ccb_h.status & CAM_STATUS_MASK) == CAM_REQ_INVALID) {
error = cd6byteworkaround(ccb);
} else if (scsi_extract_sense_ccb(ccb,
More information about the dev-commits-src-all
mailing list