Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On Tue, 2021-01-12 at 08:45 +0800, Can Guo wrote: > > > > > to > > > > > talk to UFS, OCP can happen on VCCQ/VCCQ2. This leads to > > > > > system > > > > > CRASH > > > > > too. > > > > > > > > the same as above, share the crash log. > > > > > > > > > > If you have hand-on experiences on NoC and/or OCP issues, you > > > won't > > > ask > > > for the crash log. The tricky parts about critial NoC and OCP > > > issues > > > is > > > > OK, interesting. would you tell me which register access node in > > ufs- > > sysfs.c can trigger this crash? let me verify your statement. > > > > > > I believe I have explained enough to prove we need this change. > > If you are really interested in NoC and OCP, feel free to ping me > on teams, I will show you how to trigger one and what is it like > on my setup. > > Can Guo. Ok, I no meant to stop or slow down your patch merging, meant to avoid redundant instruction cycles. Avri and Stanley have been convinced. let it go at that and merge. Thanks, Bean
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: > User layer may access sysfs nodes when system PM ops or error handling > is running, which can cause various problems. Rename eh_sem to host_sem > and use it to protect PM ops and error handling from user layer intervene. > > Signed-off-by: Can Guo > Looks good to me. Feel free to add Reviewed-by: Stanley Chu
RE: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
> > On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: > > + * @shutting_down: flag to check if shutdown has been invoked > > + * @host_sem: semaphore used to serialize concurrent contexts > > * @eh_wq: Workqueue that eh_work works on > > * @eh_work: Worker to handle UFS errors that require s/w attention > > * @eeh_work: Worker to handle exception events > > @@ -751,7 +753,8 @@ struct ufs_hba { > > u32 intr_mask; > > u16 ee_ctrl_mask; > > bool is_powered; > > - struct semaphore eh_sem; > > + bool shutting_down; > > + struct semaphore host_sem; > > > > /* Work Queues */ > > struct workqueue_struct *eh_wq; > > @@ -875,6 +878,11 @@ static inline bool ufshcd_is_wb_allowed(struct > > ufs_hba *hba) > > return hba->caps & UFSHCD_CAP_WB_EN; > > } > > > > +static inline bool ufshcd_is_sysfs_allowed(struct ufs_hba *hba) > > +{ > > + return !hba->shutting_down; > > +} > > + > > > Can, > > Instead adding new shutting_down flag, can we use availible variable > system_state? > Like Can, I am too, don't think that using system state here, e.g. UFS_SHUTDOWN_PM suffices. The use of the new flag, jointly with the semaphore, provides a tighter control. Acked-by: Avri Altman
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On 2021-01-11 18:04, Bean Huo wrote: On Mon, 2021-01-11 at 17:22 +0800, Can Guo wrote: > > meaning you are tring to access a register when clocks are > > disabled. > > This > > leads to system CRASH. > > > > OK, let it simple, share this kind of crash log becuase of access > sysfs > node in the shutdown flow. > > > > [2] OCP is over current protection. While UFS shutting down, you > > may > > have put UFS regulators to LPM. After that, if you are still > > trying > > to > > talk to UFS, OCP can happen on VCCQ/VCCQ2. This leads to system > > CRASH > > too. > > the same as above, share the crash log. > If you have hand-on experiences on NoC and/or OCP issues, you won't ask for the crash log. The tricky parts about critial NoC and OCP issues is OK, interesting. would you tell me which register access node in ufs- sysfs.c can trigger this crash? let me verify your statement. I believe I have explained enough to prove we need this change. If you are really interested in NoC and OCP, feel free to ping me on teams, I will show you how to trigger one and what is it like on my setup. Can Guo. Bean
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On Mon, 2021-01-11 at 17:22 +0800, Can Guo wrote: > > > meaning you are tring to access a register when clocks are > > > disabled. > > > This > > > leads to system CRASH. > > > > > > > OK, let it simple, share this kind of crash log becuase of access > > sysfs > > node in the shutdown flow. > > > > > > > [2] OCP is over current protection. While UFS shutting down, you > > > may > > > have put UFS regulators to LPM. After that, if you are still > > > trying > > > to > > > talk to UFS, OCP can happen on VCCQ/VCCQ2. This leads to system > > > CRASH > > > too. > > > > the same as above, share the crash log. > > > > If you have hand-on experiences on NoC and/or OCP issues, you won't > ask > for the crash log. The tricky parts about critial NoC and OCP issues > is OK, interesting. would you tell me which register access node in ufs- sysfs.c can trigger this crash? let me verify your statement. Bean >
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On 2021-01-11 16:23, Bean Huo wrote: On Mon, 2021-01-11 at 09:27 +0800, Can Guo wrote: > > If accessing sysfs nodes, which triggers a UFS UPIU request to > read/write UFS device descriptors during shutdown flow, there is > only > one issue that sysfs node access failure since UFS device and LINK > has > been shutdown. Strictly speaking, the failure comes after > ufshcd_set_dev_pwr_mode(). > > __ufshcd_query_descriptor: opcode 0x01 for idn 0 failed, index > 0, > err = -11 You misunderstood it again. You are expecting a simple query cmd error. But what really matters are NoC issues[1] and OCP[2]. And while/after UFS shutting down, either of them may happen. [1] When a un-clocked register access issue happens, we call it a NoC issue, meaning you are tring to access a register when clocks are disabled. This leads to system CRASH. OK, let it simple, share this kind of crash log becuase of access sysfs node in the shutdown flow. [2] OCP is over current protection. While UFS shutting down, you may have put UFS regulators to LPM. After that, if you are still trying to talk to UFS, OCP can happen on VCCQ/VCCQ2. This leads to system CRASH too. the same as above, share the crash log. If you have hand-on experiences on NoC and/or OCP issues, you won't ask for the crash log. The tricky parts about critial NoC and OCP issues is that they don't print much logs (maybe no logs at all) in uart, which is why they are hard to debug and why I add another flag to help debug. Take OCP as an example, when OCP happens on VCCQ/VCCQ2, PMIC will do a hard reset and put the system to crash dump mode (this is a general design in our mutual customers, but it may vary platform by platform). And if you have a crash dump tool to collect the dump, after the dump is parsed, the best part which you can count on is the last callstacks and related flags, variables in hba. The callstack is pretty much same with the one I shared with my debug patch applied during the weekend. Stanley can correct me if I am wrong. Thanks, Can Guo. > > Since the shutdown is oneway process, this failure is not big > issue. If > you meant to avoid this failure for unsafe shutdown, I agree with > you, > But for the race issue, I don't know. > Easy for you to say. System crash is a big issue to any SoC vendors I belive. indeed, crash is serious issue, share the log. Thanks, Bean Can Guo.
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On Mon, 2021-01-11 at 09:30 +0800, Can Guo wrote: > > > +static inline bool ufshcd_is_sysfs_allowed(struct ufs_hba *hba) > > > +{ > > > + return !hba->shutting_down; > > > +} > > > + > > > > > > Can, > > > > Instead adding new shutting_down flag, can we use availible > > variable > > system_state? > > > > Thanks, > > Bean > > Hi Bean, > > I prefer the flag shutting_down, it tells us whether > ufshcd_shutdown() > has been invoked or not. It comes handy when debug some system crash > issues caused by UFS during reboot/shutdown tests. system_state is > too > wide in this case. > It is only a suggestion, and others LLD use system_state, you prefer adding new flags. Bean > Thanks, > Can Guo.
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On Mon, 2021-01-11 at 09:27 +0800, Can Guo wrote: > > > > If accessing sysfs nodes, which triggers a UFS UPIU request to > > read/write UFS device descriptors during shutdown flow, there is > > only > > one issue that sysfs node access failure since UFS device and LINK > > has > > been shutdown. Strictly speaking, the failure comes after > > ufshcd_set_dev_pwr_mode(). > > > > __ufshcd_query_descriptor: opcode 0x01 for idn 0 failed, index > > 0, > > err = -11 > > You misunderstood it again. You are expecting a simple query cmd > error. > But what really matters are NoC issues[1] and OCP[2]. And > while/after > UFS > shutting down, either of them may happen. > > [1] When a un-clocked register access issue happens, we call it a > NoC > issue, > meaning you are tring to access a register when clocks are disabled. > This > leads to system CRASH. > OK, let it simple, share this kind of crash log becuase of access sysfs node in the shutdown flow. > [2] OCP is over current protection. While UFS shutting down, you may > have put UFS regulators to LPM. After that, if you are still trying > to > talk to UFS, OCP can happen on VCCQ/VCCQ2. This leads to system > CRASH > too. the same as above, share the crash log. > > > > > Since the shutdown is oneway process, this failure is not big > > issue. If > > you meant to avoid this failure for unsafe shutdown, I agree with > > you, > > But for the race issue, I don't know. > > > > Easy for you to say. System crash is a big issue to any SoC vendors > I > belive. > indeed, crash is serious issue, share the log. Thanks, Bean > Can Guo.
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On 2021-01-11 00:13, Bean Huo wrote: On Sat, 2021-01-09 at 12:51 +0800, Can Guo wrote: On 2021-01-09 12:45, Can Guo wrote: > On 2021-01-08 19:29, Bean Huo wrote: > > On Wed, 2021-01-06 at 09:20 +0800, Can Guo wrote: > > > Hi Bean, > > > > > > On 2021-01-06 02:38, Bean Huo wrote: > > > > On Tue, 2021-01-05 at 09:07 +0800, Can Guo wrote: > > > > > On 2021-01-05 04:05, Bean Huo wrote: > > > > > > On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: > > > > > > > + * @shutting_down: flag to check if shutdown has been > > > > > > > invoked > > > > > > > > > > > > I am not much sure if this flag is need, since once PM > > > > > > going in > > > > > > shutdown path, what will be returnded by > > > > > > pm_runtime_get_sync()? > > > > > > > > > > > > If pm_runtime_get_sync() will fail, just check its > > > > > > return. > > > > > > > > > > > > > > > > That depends. During/after shutdown, for UFS's case only, > > > > > pm_runtime_get_sync(hba->dev) will most likely return 0, > > > > > because it is already RUNTIME_ACTIVE, pm_runtime_get_sync() > > > > > will directly return 0... meaning you cannot count on it. > > > > > > > > > > Check Stanley's change - > > > > > https://lore.kernel.org/patchwork/patch/1341389/ > > > > > > > > > > Can Guo. > > > > > > > > Can, > > > > > > > > Thanks for pointing out that. > > > > > > > > Based on my understanding, that patch is redundent. maybe I > > > > misundestood Linux shutdown sequence. > > > > > > Sorry, do you mean Stanley's change is redundant? > > > > yes. > > > > No, it is definitely needed. As Stanley replied you in another > thread, it is not protecting I/Os from user layer, but from > other subsystems during shutdown. > > > > > > > > > > > > I checked the shutdown flow: > > > > > > > > 1. Set the "system_state" variable > > > > 2. Disable usermod to ensure that no user from userspace can > > > > start > > > > a > > > > request > > > > > > I hope it is like what you interpreted, but step #2 only stops > > > UMH(#265) > > > but not all user space activities. Whereas, UMH is for kernel > > > space > > > calling > > > user space. > > > > > > Can, > > > > I did further study and homework on the Linux shutdown in the > > last few > > days. Yes, you are right, usermodehelper_disable() is to prevent > > executing the process from the kernel space. > > > > But I didn't reproduce this "maybe" race issue while shutdown. no > > matter how I torment my system, once Linux shutdown/halt/reboot > > starts, > > nobody can access the sysfs node. I create 10 processes in the > > user > > space and constantly access UFS sysfs node, also, fio is running > > in > > the > > background for the normal data read/write. there is a shutdown > > thread > > that will randomly trigger shutdown/halt/reboot. but no race > > issue > > appears. > > > > I don't know if this is a hypothetical issue(the race between > > shutdown > > flow and sysfs node access), it may not really exist in the Linux > > envriroment. everytime, the shutdonw flow will be: > > > > e10_sync_handler()->e10_svc()->do_e10_svc()->__do_sys_reboot()- > > > kernel_poweroff/kernel_halt()->device_shutdown()- > > > >platform_shutdown()- > > > ufshcd_platform_shutdown()->ufshcd_shutdown(). > > > > I think before going into the kernel shutdown, the userspace > > cannot > > issue new requests anymore. otherwise, this would be a big issue. > > > > pm_runtime_get_sync() will return 0 or failure while shutdown? > > the > > answer is not important now, maybe as you said, it is always 0. > > But in > > my testing, it didn't get there the system has been shutdown. > > Which > > means once shutdonw starts, sysfs node access path cannot reach > > pm_runtime_get_sync(). (note, I don't know if sysfs node access > > thread > > has been disabled or not) > > > > > > Responsibly say, I didn't reproduce this issue on my system > > (ubuntu), > > maybe you are using Android. I am not an expert on this topic, if > > you > > have the best idea on how to reproduce this issue. please please > > let > > me > > try. appreciate it! > > > > When you do a reboot/shutdown/poweroff, how your system behaves > highly > depends on how the reboot cmd is implemented in C code under > /sbin/. > > On Ubuntu, reboot looks like: > $ reboot --help > reboot [OPTIONS...] [ARG] > > Reboot the system. > > --help Show this help > --halt Halt the machine >-p --poweroff Switch off the machine > --rebootReboot the machine >-f --force Force immediate halt/power-off/reboot >-w --wtmp-only Don't halt/power-off/reboot, just write wtmp > record >-d --no-wtmp Don't write wtmp record > --no-wall Don't send wall message before halt/power- > off/reboot > > > On a pure Linux with a initrd RAM FS built from busybox, reboot > looks > like: > # reboot --help > BusyBox v1.30.1 (2019-05-24 12:53:36 IST) multi-call binary. > > Usage: reboot [-d DELAY] [-n] [-f] > > Reboot the system > > -d SEC Delay interval > -n
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On 2021-01-11 00:18, Bean Huo wrote: On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: + * @shutting_down: flag to check if shutdown has been invoked + * @host_sem: semaphore used to serialize concurrent contexts * @eh_wq: Workqueue that eh_work works on * @eh_work: Worker to handle UFS errors that require s/w attention * @eeh_work: Worker to handle exception events @@ -751,7 +753,8 @@ struct ufs_hba { u32 intr_mask; u16 ee_ctrl_mask; bool is_powered; - struct semaphore eh_sem; + bool shutting_down; + struct semaphore host_sem; /* Work Queues */ struct workqueue_struct *eh_wq; @@ -875,6 +878,11 @@ static inline bool ufshcd_is_wb_allowed(struct ufs_hba *hba) return hba->caps & UFSHCD_CAP_WB_EN; } +static inline bool ufshcd_is_sysfs_allowed(struct ufs_hba *hba) +{ + return !hba->shutting_down; +} + Can, Instead adding new shutting_down flag, can we use availible variable system_state? Thanks, Bean Hi Bean, I prefer the flag shutting_down, it tells us whether ufshcd_shutdown() has been invoked or not. It comes handy when debug some system crash issues caused by UFS during reboot/shutdown tests. system_state is too wide in this case. Thanks, Can Guo.
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On 2021-01-11 00:13, Bean Huo wrote: On Sat, 2021-01-09 at 12:51 +0800, Can Guo wrote: On 2021-01-09 12:45, Can Guo wrote: > On 2021-01-08 19:29, Bean Huo wrote: > > On Wed, 2021-01-06 at 09:20 +0800, Can Guo wrote: > > > Hi Bean, > > > > > > On 2021-01-06 02:38, Bean Huo wrote: > > > > On Tue, 2021-01-05 at 09:07 +0800, Can Guo wrote: > > > > > On 2021-01-05 04:05, Bean Huo wrote: > > > > > > On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: > > > > > > > + * @shutting_down: flag to check if shutdown has been > > > > > > > invoked > > > > > > > > > > > > I am not much sure if this flag is need, since once PM > > > > > > going in > > > > > > shutdown path, what will be returnded by > > > > > > pm_runtime_get_sync()? > > > > > > > > > > > > If pm_runtime_get_sync() will fail, just check its > > > > > > return. > > > > > > > > > > > > > > > > That depends. During/after shutdown, for UFS's case only, > > > > > pm_runtime_get_sync(hba->dev) will most likely return 0, > > > > > because it is already RUNTIME_ACTIVE, pm_runtime_get_sync() > > > > > will directly return 0... meaning you cannot count on it. > > > > > > > > > > Check Stanley's change - > > > > > https://lore.kernel.org/patchwork/patch/1341389/ > > > > > > > > > > Can Guo. > > > > > > > > Can, > > > > > > > > Thanks for pointing out that. > > > > > > > > Based on my understanding, that patch is redundent. maybe I > > > > misundestood Linux shutdown sequence. > > > > > > Sorry, do you mean Stanley's change is redundant? > > > > yes. > > > > No, it is definitely needed. As Stanley replied you in another > thread, it is not protecting I/Os from user layer, but from > other subsystems during shutdown. > > > > > > > > > > > > I checked the shutdown flow: > > > > > > > > 1. Set the "system_state" variable > > > > 2. Disable usermod to ensure that no user from userspace can > > > > start > > > > a > > > > request > > > > > > I hope it is like what you interpreted, but step #2 only stops > > > UMH(#265) > > > but not all user space activities. Whereas, UMH is for kernel > > > space > > > calling > > > user space. > > > > > > Can, > > > > I did further study and homework on the Linux shutdown in the > > last few > > days. Yes, you are right, usermodehelper_disable() is to prevent > > executing the process from the kernel space. > > > > But I didn't reproduce this "maybe" race issue while shutdown. no > > matter how I torment my system, once Linux shutdown/halt/reboot > > starts, > > nobody can access the sysfs node. I create 10 processes in the > > user > > space and constantly access UFS sysfs node, also, fio is running > > in > > the > > background for the normal data read/write. there is a shutdown > > thread > > that will randomly trigger shutdown/halt/reboot. but no race > > issue > > appears. > > > > I don't know if this is a hypothetical issue(the race between > > shutdown > > flow and sysfs node access), it may not really exist in the Linux > > envriroment. everytime, the shutdonw flow will be: > > > > e10_sync_handler()->e10_svc()->do_e10_svc()->__do_sys_reboot()- > > > kernel_poweroff/kernel_halt()->device_shutdown()- > > > >platform_shutdown()- > > > ufshcd_platform_shutdown()->ufshcd_shutdown(). > > > > I think before going into the kernel shutdown, the userspace > > cannot > > issue new requests anymore. otherwise, this would be a big issue. > > > > pm_runtime_get_sync() will return 0 or failure while shutdown? > > the > > answer is not important now, maybe as you said, it is always 0. > > But in > > my testing, it didn't get there the system has been shutdown. > > Which > > means once shutdonw starts, sysfs node access path cannot reach > > pm_runtime_get_sync(). (note, I don't know if sysfs node access > > thread > > has been disabled or not) > > > > > > Responsibly say, I didn't reproduce this issue on my system > > (ubuntu), > > maybe you are using Android. I am not an expert on this topic, if > > you > > have the best idea on how to reproduce this issue. please please > > let > > me > > try. appreciate it! > > > > When you do a reboot/shutdown/poweroff, how your system behaves > highly > depends on how the reboot cmd is implemented in C code under > /sbin/. > > On Ubuntu, reboot looks like: > $ reboot --help > reboot [OPTIONS...] [ARG] > > Reboot the system. > > --help Show this help > --halt Halt the machine >-p --poweroff Switch off the machine > --rebootReboot the machine >-f --force Force immediate halt/power-off/reboot >-w --wtmp-only Don't halt/power-off/reboot, just write wtmp > record >-d --no-wtmp Don't write wtmp record > --no-wall Don't send wall message before halt/power- > off/reboot > > > On a pure Linux with a initrd RAM FS built from busybox, reboot > looks > like: > # reboot --help > BusyBox v1.30.1 (2019-05-24 12:53:36 IST) multi-call binary. > > Usage: reboot [-d DELAY] [-n] [-f] > > Reboot the system > > -d SEC Delay interval > -n
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: > + * @shutting_down: flag to check if shutdown has been invoked > + * @host_sem: semaphore used to serialize concurrent contexts > * @eh_wq: Workqueue that eh_work works on > * @eh_work: Worker to handle UFS errors that require s/w attention > * @eeh_work: Worker to handle exception events > @@ -751,7 +753,8 @@ struct ufs_hba { > u32 intr_mask; > u16 ee_ctrl_mask; > bool is_powered; > - struct semaphore eh_sem; > + bool shutting_down; > + struct semaphore host_sem; > > /* Work Queues */ > struct workqueue_struct *eh_wq; > @@ -875,6 +878,11 @@ static inline bool ufshcd_is_wb_allowed(struct > ufs_hba *hba) > return hba->caps & UFSHCD_CAP_WB_EN; > } > > +static inline bool ufshcd_is_sysfs_allowed(struct ufs_hba *hba) > +{ > + return !hba->shutting_down; > +} > + Can, Instead adding new shutting_down flag, can we use availible variable system_state? Thanks, Bean
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On Sat, 2021-01-09 at 12:51 +0800, Can Guo wrote: > On 2021-01-09 12:45, Can Guo wrote: > > On 2021-01-08 19:29, Bean Huo wrote: > > > On Wed, 2021-01-06 at 09:20 +0800, Can Guo wrote: > > > > Hi Bean, > > > > > > > > On 2021-01-06 02:38, Bean Huo wrote: > > > > > On Tue, 2021-01-05 at 09:07 +0800, Can Guo wrote: > > > > > > On 2021-01-05 04:05, Bean Huo wrote: > > > > > > > On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: > > > > > > > > + * @shutting_down: flag to check if shutdown has been > > > > > > > > invoked > > > > > > > > > > > > > > I am not much sure if this flag is need, since once PM > > > > > > > going in > > > > > > > shutdown path, what will be returnded by > > > > > > > pm_runtime_get_sync()? > > > > > > > > > > > > > > If pm_runtime_get_sync() will fail, just check its > > > > > > > return. > > > > > > > > > > > > > > > > > > > That depends. During/after shutdown, for UFS's case only, > > > > > > pm_runtime_get_sync(hba->dev) will most likely return 0, > > > > > > because it is already RUNTIME_ACTIVE, pm_runtime_get_sync() > > > > > > will directly return 0... meaning you cannot count on it. > > > > > > > > > > > > Check Stanley's change - > > > > > > https://lore.kernel.org/patchwork/patch/1341389/ > > > > > > > > > > > > Can Guo. > > > > > > > > > > Can, > > > > > > > > > > Thanks for pointing out that. > > > > > > > > > > Based on my understanding, that patch is redundent. maybe I > > > > > misundestood Linux shutdown sequence. > > > > > > > > Sorry, do you mean Stanley's change is redundant? > > > > > > yes. > > > > > > > No, it is definitely needed. As Stanley replied you in another > > thread, it is not protecting I/Os from user layer, but from > > other subsystems during shutdown. > > > > > > > > > > > > > > > > I checked the shutdown flow: > > > > > > > > > > 1. Set the "system_state" variable > > > > > 2. Disable usermod to ensure that no user from userspace can > > > > > start > > > > > a > > > > > request > > > > > > > > I hope it is like what you interpreted, but step #2 only stops > > > > UMH(#265) > > > > but not all user space activities. Whereas, UMH is for kernel > > > > space > > > > calling > > > > user space. > > > > > > > > > Can, > > > > > > I did further study and homework on the Linux shutdown in the > > > last few > > > days. Yes, you are right, usermodehelper_disable() is to prevent > > > executing the process from the kernel space. > > > > > > But I didn't reproduce this "maybe" race issue while shutdown. no > > > matter how I torment my system, once Linux shutdown/halt/reboot > > > starts, > > > nobody can access the sysfs node. I create 10 processes in the > > > user > > > space and constantly access UFS sysfs node, also, fio is running > > > in > > > the > > > background for the normal data read/write. there is a shutdown > > > thread > > > that will randomly trigger shutdown/halt/reboot. but no race > > > issue > > > appears. > > > > > > I don't know if this is a hypothetical issue(the race between > > > shutdown > > > flow and sysfs node access), it may not really exist in the Linux > > > envriroment. everytime, the shutdonw flow will be: > > > > > > e10_sync_handler()->e10_svc()->do_e10_svc()->__do_sys_reboot()- > > > > kernel_poweroff/kernel_halt()->device_shutdown()- > > > > >platform_shutdown()- > > > > ufshcd_platform_shutdown()->ufshcd_shutdown(). > > > > > > I think before going into the kernel shutdown, the userspace > > > cannot > > > issue new requests anymore. otherwise, this would be a big issue. > > > > > > pm_runtime_get_sync() will return 0 or failure while shutdown? > > > the > > > answer is not important now, maybe as you said, it is always 0. > > > But in > > > my testing, it didn't get there the system has been shutdown. > > > Which > > > means once shutdonw starts, sysfs node access path cannot reach > > > pm_runtime_get_sync(). (note, I don't know if sysfs node access > > > thread > > > has been disabled or not) > > > > > > > > > Responsibly say, I didn't reproduce this issue on my system > > > (ubuntu), > > > maybe you are using Android. I am not an expert on this topic, if > > > you > > > have the best idea on how to reproduce this issue. please please > > > let > > > me > > > try. appreciate it! > > > > > > > When you do a reboot/shutdown/poweroff, how your system behaves > > highly > > depends on how the reboot cmd is implemented in C code under > > /sbin/. > > > > On Ubuntu, reboot looks like: > > $ reboot --help > > reboot [OPTIONS...] [ARG] > > > > Reboot the system. > > > > --help Show this help > > --halt Halt the machine > >-p --poweroff Switch off the machine > > --rebootReboot the machine > >-f --force Force immediate halt/power-off/reboot > >-w --wtmp-only Don't halt/power-off/reboot, just write wtmp > > record > >-d --no-wtmp Don't write wtmp record > > --no-wall Don't send wall message before halt/power- > >
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On 2021-01-09 12:45, Can Guo wrote: On 2021-01-08 19:29, Bean Huo wrote: On Wed, 2021-01-06 at 09:20 +0800, Can Guo wrote: Hi Bean, On 2021-01-06 02:38, Bean Huo wrote: > On Tue, 2021-01-05 at 09:07 +0800, Can Guo wrote: > > On 2021-01-05 04:05, Bean Huo wrote: > > > On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: > > > > + * @shutting_down: flag to check if shutdown has been > > > > invoked > > > > > > I am not much sure if this flag is need, since once PM going in > > > shutdown path, what will be returnded by pm_runtime_get_sync()? > > > > > > If pm_runtime_get_sync() will fail, just check its return. > > > > > > > That depends. During/after shutdown, for UFS's case only, > > pm_runtime_get_sync(hba->dev) will most likely return 0, > > because it is already RUNTIME_ACTIVE, pm_runtime_get_sync() > > will directly return 0... meaning you cannot count on it. > > > > Check Stanley's change - > > https://lore.kernel.org/patchwork/patch/1341389/ > > > > Can Guo. > > Can, > > Thanks for pointing out that. > > Based on my understanding, that patch is redundent. maybe I > misundestood Linux shutdown sequence. Sorry, do you mean Stanley's change is redundant? yes. No, it is definitely needed. As Stanley replied you in another thread, it is not protecting I/Os from user layer, but from other subsystems during shutdown. > > I checked the shutdown flow: > > 1. Set the "system_state" variable > 2. Disable usermod to ensure that no user from userspace can start > a > request I hope it is like what you interpreted, but step #2 only stops UMH(#265) but not all user space activities. Whereas, UMH is for kernel space calling user space. Can, I did further study and homework on the Linux shutdown in the last few days. Yes, you are right, usermodehelper_disable() is to prevent executing the process from the kernel space. But I didn't reproduce this "maybe" race issue while shutdown. no matter how I torment my system, once Linux shutdown/halt/reboot starts, nobody can access the sysfs node. I create 10 processes in the user space and constantly access UFS sysfs node, also, fio is running in the background for the normal data read/write. there is a shutdown thread that will randomly trigger shutdown/halt/reboot. but no race issue appears. I don't know if this is a hypothetical issue(the race between shutdown flow and sysfs node access), it may not really exist in the Linux envriroment. everytime, the shutdonw flow will be: e10_sync_handler()->e10_svc()->do_e10_svc()->__do_sys_reboot()- kernel_poweroff/kernel_halt()->device_shutdown()->platform_shutdown()- ufshcd_platform_shutdown()->ufshcd_shutdown(). I think before going into the kernel shutdown, the userspace cannot issue new requests anymore. otherwise, this would be a big issue. pm_runtime_get_sync() will return 0 or failure while shutdown? the answer is not important now, maybe as you said, it is always 0. But in my testing, it didn't get there the system has been shutdown. Which means once shutdonw starts, sysfs node access path cannot reach pm_runtime_get_sync(). (note, I don't know if sysfs node access thread has been disabled or not) Responsibly say, I didn't reproduce this issue on my system (ubuntu), maybe you are using Android. I am not an expert on this topic, if you have the best idea on how to reproduce this issue. please please let me try. appreciate it! When you do a reboot/shutdown/poweroff, how your system behaves highly depends on how the reboot cmd is implemented in C code under /sbin/. On Ubuntu, reboot looks like: $ reboot --help reboot [OPTIONS...] [ARG] Reboot the system. --help Show this help --halt Halt the machine -p --poweroff Switch off the machine --rebootReboot the machine -f --force Force immediate halt/power-off/reboot -w --wtmp-only Don't halt/power-off/reboot, just write wtmp record -d --no-wtmp Don't write wtmp record --no-wall Don't send wall message before halt/power-off/reboot On a pure Linux with a initrd RAM FS built from busybox, reboot looks like: # reboot --help BusyBox v1.30.1 (2019-05-24 12:53:36 IST) multi-call binary. Usage: reboot [-d DELAY] [-n] [-f] Reboot the system -d SEC Delay interval -n Do not sync -f Force (don't go through init) For example, when you work on a pure Linux with a filesystem built from busybox, when you hit reboot cmd, halt_main() will be called. And based on the reboot options passed to reboot cmd, halt_main() behaves differently. A plain reboot cmd does things like sync filesystem, send SIGKILL to all processes (except for init), remount all filesytem as read-only and so on before invoking linux kernel reboot syscall. In this case, we are safe. However, if you do a "reboot -f", halt_main() directly invokes reboot(). And with "reboot -f", I can easily reproduce the race condition we are talking about here - it is not based on imagination. Find the patch
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On 2021-01-08 19:29, Bean Huo wrote: On Wed, 2021-01-06 at 09:20 +0800, Can Guo wrote: Hi Bean, On 2021-01-06 02:38, Bean Huo wrote: > On Tue, 2021-01-05 at 09:07 +0800, Can Guo wrote: > > On 2021-01-05 04:05, Bean Huo wrote: > > > On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: > > > > + * @shutting_down: flag to check if shutdown has been > > > > invoked > > > > > > I am not much sure if this flag is need, since once PM going in > > > shutdown path, what will be returnded by pm_runtime_get_sync()? > > > > > > If pm_runtime_get_sync() will fail, just check its return. > > > > > > > That depends. During/after shutdown, for UFS's case only, > > pm_runtime_get_sync(hba->dev) will most likely return 0, > > because it is already RUNTIME_ACTIVE, pm_runtime_get_sync() > > will directly return 0... meaning you cannot count on it. > > > > Check Stanley's change - > > https://lore.kernel.org/patchwork/patch/1341389/ > > > > Can Guo. > > Can, > > Thanks for pointing out that. > > Based on my understanding, that patch is redundent. maybe I > misundestood Linux shutdown sequence. Sorry, do you mean Stanley's change is redundant? yes. No, it is definitely needed. As Stanley replied you in another thread, it is not protecting I/Os from user layer, but from other subsystems during shutdown. > > I checked the shutdown flow: > > 1. Set the "system_state" variable > 2. Disable usermod to ensure that no user from userspace can start > a > request I hope it is like what you interpreted, but step #2 only stops UMH(#265) but not all user space activities. Whereas, UMH is for kernel space calling user space. Can, I did further study and homework on the Linux shutdown in the last few days. Yes, you are right, usermodehelper_disable() is to prevent executing the process from the kernel space. But I didn't reproduce this "maybe" race issue while shutdown. no matter how I torment my system, once Linux shutdown/halt/reboot starts, nobody can access the sysfs node. I create 10 processes in the user space and constantly access UFS sysfs node, also, fio is running in the background for the normal data read/write. there is a shutdown thread that will randomly trigger shutdown/halt/reboot. but no race issue appears. I don't know if this is a hypothetical issue(the race between shutdown flow and sysfs node access), it may not really exist in the Linux envriroment. everytime, the shutdonw flow will be: e10_sync_handler()->e10_svc()->do_e10_svc()->__do_sys_reboot()- kernel_poweroff/kernel_halt()->device_shutdown()->platform_shutdown()- ufshcd_platform_shutdown()->ufshcd_shutdown(). I think before going into the kernel shutdown, the userspace cannot issue new requests anymore. otherwise, this would be a big issue. pm_runtime_get_sync() will return 0 or failure while shutdown? the answer is not important now, maybe as you said, it is always 0. But in my testing, it didn't get there the system has been shutdown. Which means once shutdonw starts, sysfs node access path cannot reach pm_runtime_get_sync(). (note, I don't know if sysfs node access thread has been disabled or not) Responsibly say, I didn't reproduce this issue on my system (ubuntu), maybe you are using Android. I am not an expert on this topic, if you have the best idea on how to reproduce this issue. please please let me try. appreciate it! When you do a reboot/shutdown/poweroff, how your system behaves highly depends on how the reboot cmd is implemented in C code under /sbin/. On Ubuntu, reboot looks like: $ reboot --help reboot [OPTIONS...] [ARG] Reboot the system. --help Show this help --halt Halt the machine -p --poweroff Switch off the machine --rebootReboot the machine -f --force Force immediate halt/power-off/reboot -w --wtmp-only Don't halt/power-off/reboot, just write wtmp record -d --no-wtmp Don't write wtmp record --no-wall Don't send wall message before halt/power-off/reboot On a pure Linux with a initrd RAM FS built from busybox, reboot looks like: # reboot --help BusyBox v1.30.1 (2019-05-24 12:53:36 IST) multi-call binary. Usage: reboot [-d DELAY] [-n] [-f] Reboot the system -d SEC Delay interval -n Do not sync -f Force (don't go through init) For example, when you work on a pure Linux with a filesystem built from busybox, when you hit reboot cmd, halt_main() will be called. And based on the reboot options passed to reboot cmd, halt_main() behaves differently. A plain reboot cmd does things like sync filesystem, send SIGKILL to all processes (except for init), remount all filesytem as read-only and so on before invoking linux kernel reboot syscall. In this case, we are safe. However, if you do a "reboot -f", halt_main() directly invokes reboot(). And with "reboot -f", I can easily reproduce the race condition we are talking about here - it is not based on imagination. Find the patch I used for replication in the attachment, fix
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
Hi Bean, On Fri, 2021-01-08 at 12:29 +0100, Bean Huo wrote: > On Wed, 2021-01-06 at 09:20 +0800, Can Guo wrote: > > Hi Bean, > > > > On 2021-01-06 02:38, Bean Huo wrote: > > > On Tue, 2021-01-05 at 09:07 +0800, Can Guo wrote: > > > > On 2021-01-05 04:05, Bean Huo wrote: > > > > > On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: > > > > > > + * @shutting_down: flag to check if shutdown has been > > > > > > invoked > > > > > > > > > > I am not much sure if this flag is need, since once PM going in > > > > > shutdown path, what will be returnded by pm_runtime_get_sync()? > > > > > > > > > > If pm_runtime_get_sync() will fail, just check its return. > > > > > > > > > > > > > That depends. During/after shutdown, for UFS's case only, > > > > pm_runtime_get_sync(hba->dev) will most likely return 0, > > > > because it is already RUNTIME_ACTIVE, pm_runtime_get_sync() > > > > will directly return 0... meaning you cannot count on it. > > > > > > > > Check Stanley's change - > > > > https://lore.kernel.org/patchwork/patch/1341389/ > > > > > > > > Can Guo. > > > > > > Can, > > > > > > Thanks for pointing out that. > > > > > > Based on my understanding, that patch is redundent. maybe I > > > misundestood Linux shutdown sequence. > > > > Sorry, do you mean Stanley's change is redundant? > > yes. > > > > > > > > > I checked the shutdown flow: > > > > > > 1. Set the "system_state" variable > > > 2. Disable usermod to ensure that no user from userspace can start > > > a > > > request > > > > I hope it is like what you interpreted, but step #2 only stops > > UMH(#265) > > but not all user space activities. Whereas, UMH is for kernel space > > calling > > user space. > > > Can, > > I did further study and homework on the Linux shutdown in the last few > days. Yes, you are right, usermodehelper_disable() is to prevent > executing the process from the kernel space. > > But I didn't reproduce this "maybe" race issue while shutdown. no > matter how I torment my system, once Linux shutdown/halt/reboot starts, > nobody can access the sysfs node. I create 10 processes in the user > space and constantly access UFS sysfs node, also, fio is running in the > background for the normal data read/write. there is a shutdown thread > that will randomly trigger shutdown/halt/reboot. but no race issue > appears. > > I don't know if this is a hypothetical issue(the race between shutdown > flow and sysfs node access), it may not really exist in the Linux > envriroment. everytime, the shutdonw flow will be: > > e10_sync_handler()->e10_svc()->do_e10_svc()->__do_sys_reboot()- > >kernel_poweroff/kernel_halt()->device_shutdown()->platform_shutdown()- > >ufshcd_platform_shutdown()->ufshcd_shutdown(). > > I think before going into the kernel shutdown, the userspace cannot > issue new requests anymore. otherwise, this would be a big issue. > > pm_runtime_get_sync() will return 0 or failure while shutdown? the > answer is not important now, maybe as you said, it is always 0. But in > my testing, it didn't get there the system has been shutdown. Which > means once shutdonw starts, sysfs node access path cannot reach > pm_runtime_get_sync(). (note, I don't know if sysfs node access thread > has been disabled or not) > > > Responsibly say, I didn't reproduce this issue on my system (ubuntu), > maybe you are using Android. I am not an expert on this topic, if you > have the best idea on how to reproduce this issue. please please let me > try. appreciate it! > One of the racing in my platforms happens due to I/O access triggered from kernel space, not user space. Thanks, Stanley Chu > > Thanks, > Bean > > > > > > 264 system_state = state; > > 265 usermodehelper_disable(); > > 266 device_shutdown(); > > > > Thanks, > > Can Guo. >
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On Wed, 2021-01-06 at 09:20 +0800, Can Guo wrote: > Hi Bean, > > On 2021-01-06 02:38, Bean Huo wrote: > > On Tue, 2021-01-05 at 09:07 +0800, Can Guo wrote: > > > On 2021-01-05 04:05, Bean Huo wrote: > > > > On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: > > > > > + * @shutting_down: flag to check if shutdown has been > > > > > invoked > > > > > > > > I am not much sure if this flag is need, since once PM going in > > > > shutdown path, what will be returnded by pm_runtime_get_sync()? > > > > > > > > If pm_runtime_get_sync() will fail, just check its return. > > > > > > > > > > That depends. During/after shutdown, for UFS's case only, > > > pm_runtime_get_sync(hba->dev) will most likely return 0, > > > because it is already RUNTIME_ACTIVE, pm_runtime_get_sync() > > > will directly return 0... meaning you cannot count on it. > > > > > > Check Stanley's change - > > > https://lore.kernel.org/patchwork/patch/1341389/ > > > > > > Can Guo. > > > > Can, > > > > Thanks for pointing out that. > > > > Based on my understanding, that patch is redundent. maybe I > > misundestood Linux shutdown sequence. > > Sorry, do you mean Stanley's change is redundant? yes. > > > > > I checked the shutdown flow: > > > > 1. Set the "system_state" variable > > 2. Disable usermod to ensure that no user from userspace can start > > a > > request > > I hope it is like what you interpreted, but step #2 only stops > UMH(#265) > but not all user space activities. Whereas, UMH is for kernel space > calling > user space. Can, I did further study and homework on the Linux shutdown in the last few days. Yes, you are right, usermodehelper_disable() is to prevent executing the process from the kernel space. But I didn't reproduce this "maybe" race issue while shutdown. no matter how I torment my system, once Linux shutdown/halt/reboot starts, nobody can access the sysfs node. I create 10 processes in the user space and constantly access UFS sysfs node, also, fio is running in the background for the normal data read/write. there is a shutdown thread that will randomly trigger shutdown/halt/reboot. but no race issue appears. I don't know if this is a hypothetical issue(the race between shutdown flow and sysfs node access), it may not really exist in the Linux envriroment. everytime, the shutdonw flow will be: e10_sync_handler()->e10_svc()->do_e10_svc()->__do_sys_reboot()- >kernel_poweroff/kernel_halt()->device_shutdown()->platform_shutdown()- >ufshcd_platform_shutdown()->ufshcd_shutdown(). I think before going into the kernel shutdown, the userspace cannot issue new requests anymore. otherwise, this would be a big issue. pm_runtime_get_sync() will return 0 or failure while shutdown? the answer is not important now, maybe as you said, it is always 0. But in my testing, it didn't get there the system has been shutdown. Which means once shutdonw starts, sysfs node access path cannot reach pm_runtime_get_sync(). (note, I don't know if sysfs node access thread has been disabled or not) Responsibly say, I didn't reproduce this issue on my system (ubuntu), maybe you are using Android. I am not an expert on this topic, if you have the best idea on how to reproduce this issue. please please let me try. appreciate it! Thanks, Bean > > 264 system_state = state; > 265 usermodehelper_disable(); > 266 device_shutdown(); > > Thanks, > Can Guo.
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
Hi Bean, On 2021-01-06 02:38, Bean Huo wrote: On Tue, 2021-01-05 at 09:07 +0800, Can Guo wrote: On 2021-01-05 04:05, Bean Huo wrote: > On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: > > + * @shutting_down: flag to check if shutdown has been invoked > > I am not much sure if this flag is need, since once PM going in > shutdown path, what will be returnded by pm_runtime_get_sync()? > > If pm_runtime_get_sync() will fail, just check its return. > That depends. During/after shutdown, for UFS's case only, pm_runtime_get_sync(hba->dev) will most likely return 0, because it is already RUNTIME_ACTIVE, pm_runtime_get_sync() will directly return 0... meaning you cannot count on it. Check Stanley's change - https://lore.kernel.org/patchwork/patch/1341389/ Can Guo. Can, Thanks for pointing out that. Based on my understanding, that patch is redundent. maybe I misundestood Linux shutdown sequence. Sorry, do you mean Stanley's change is redundant? I checked the shutdown flow: 1. Set the "system_state" variable 2. Disable usermod to ensure that no user from userspace can start a request I hope it is like what you interpreted, but step #2 only stops UMH(#265) but not all user space activities. Whereas, UMH is for kernel space calling user space. 264 system_state = state; 265 usermodehelper_disable(); 266 device_shutdown(); Thanks, Can Guo. 3. device_shutdown() So, userspace thread can not start a request to trigger runtime resume(pm_runtime_get_sync) after step 2. also, no need to add that flag to checkup if shutdwon is running, maybe it is better to check variable system_state: if (system_state == SYSTEM_POWER_OFF || system_state == SYSTEM_HALT || system_state == SYSTEM_RESTART) //shutdown start I still hope Rafael or someone else can confirm that if pm_runtime_get_sync() will really return ok in shutdown flow. thanks, Bean > Hi Rafael > would you please help us confirm this? > > thanks, > Bean
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On Tue, 2021-01-05 at 09:07 +0800, Can Guo wrote: > On 2021-01-05 04:05, Bean Huo wrote: > > On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: > > > + * @shutting_down: flag to check if shutdown has been invoked > > > > I am not much sure if this flag is need, since once PM going in > > shutdown path, what will be returnded by pm_runtime_get_sync()? > > > > If pm_runtime_get_sync() will fail, just check its return. > > > > That depends. During/after shutdown, for UFS's case only, > pm_runtime_get_sync(hba->dev) will most likely return 0, > because it is already RUNTIME_ACTIVE, pm_runtime_get_sync() > will directly return 0... meaning you cannot count on it. > > Check Stanley's change - > https://lore.kernel.org/patchwork/patch/1341389/ > > Can Guo. Can, Thanks for pointing out that. Based on my understanding, that patch is redundent. maybe I misundestood Linux shutdown sequence. I checked the shutdown flow: 1. Set the "system_state" variable 2. Disable usermod to ensure that no user from userspace can start a request 3. device_shutdown() So, userspace thread can not start a request to trigger runtime resume(pm_runtime_get_sync) after step 2. also, no need to add that flag to checkup if shutdwon is running, maybe it is better to check variable system_state: if (system_state == SYSTEM_POWER_OFF || system_state == SYSTEM_HALT || system_state == SYSTEM_RESTART) //shutdown start I still hope Rafael or someone else can confirm that if pm_runtime_get_sync() will really return ok in shutdown flow. thanks, Bean > > > Hi Rafael > > would you please help us confirm this? > > > > thanks, > > Bean
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On 2021-01-05 04:05, Bean Huo wrote: On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: + * @shutting_down: flag to check if shutdown has been invoked I am not much sure if this flag is need, since once PM going in shutdown path, what will be returnded by pm_runtime_get_sync()? If pm_runtime_get_sync() will fail, just check its return. That depends. During/after shutdown, for UFS's case only, pm_runtime_get_sync(hba->dev) will most likely return 0, because it is already RUNTIME_ACTIVE, pm_runtime_get_sync() will directly return 0... meaning you cannot count on it. Check Stanley's change - https://lore.kernel.org/patchwork/patch/1341389/ Can Guo. Hi Rafael would you please help us confirm this? thanks, Bean + * @host_sem: semaphore used to serialize concurrent contexts * @eh_wq: Workqueue that eh_work works on * @eh_work: Worker to handle UFS errors that require s/w attention * @eeh_work: Worker to handle exception events @@ -751,7 +753,8 @@ struct ufs_hba { u32 intr_mask; u16 ee_ctrl_mask; bool is_powered; - struct semaphore eh_sem; + bool shutting_down; + struct semaphore host_sem;
Re: [PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
On Sat, 2021-01-02 at 05:59 -0800, Can Guo wrote: > + * @shutting_down: flag to check if shutdown has been invoked I am not much sure if this flag is need, since once PM going in shutdown path, what will be returnded by pm_runtime_get_sync()? If pm_runtime_get_sync() will fail, just check its return. Hi Rafael would you please help us confirm this? thanks, Bean > + * @host_sem: semaphore used to serialize concurrent contexts > * @eh_wq: Workqueue that eh_work works on > * @eh_work: Worker to handle UFS errors that require s/w attention > * @eeh_work: Worker to handle exception events > @@ -751,7 +753,8 @@ struct ufs_hba { > u32 intr_mask; > u16 ee_ctrl_mask; > bool is_powered; > - struct semaphore eh_sem; > + bool shutting_down; > + struct semaphore host_sem;
[PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
User layer may access sysfs nodes when system PM ops or error handling is running, which can cause various problems. Rename eh_sem to host_sem and use it to protect PM ops and error handling from user layer intervene. Signed-off-by: Can Guo diff --git a/drivers/scsi/ufs/ufs-sysfs.c b/drivers/scsi/ufs/ufs-sysfs.c index 08e72b7..98a9447 100644 --- a/drivers/scsi/ufs/ufs-sysfs.c +++ b/drivers/scsi/ufs/ufs-sysfs.c @@ -154,18 +154,29 @@ static ssize_t auto_hibern8_show(struct device *dev, struct device_attribute *attr, char *buf) { u32 ahit; + int ret; struct ufs_hba *hba = dev_get_drvdata(dev); if (!ufshcd_is_auto_hibern8_supported(hba)) return -EOPNOTSUPP; + down(>host_sem); + if (!ufshcd_is_sysfs_allowed(hba)) { + ret = -EBUSY; + goto out; + } + pm_runtime_get_sync(hba->dev); ufshcd_hold(hba, false); ahit = ufshcd_readl(hba, REG_AUTO_HIBERNATE_IDLE_TIMER); ufshcd_release(hba); pm_runtime_put_sync(hba->dev); - return scnprintf(buf, PAGE_SIZE, "%d\n", ufshcd_ahit_to_us(ahit)); + ret = scnprintf(buf, PAGE_SIZE, "%d\n", ufshcd_ahit_to_us(ahit)); + +out: + up(>host_sem); + return ret; } static ssize_t auto_hibern8_store(struct device *dev, @@ -174,6 +185,7 @@ static ssize_t auto_hibern8_store(struct device *dev, { struct ufs_hba *hba = dev_get_drvdata(dev); unsigned int timer; + int ret = 0; if (!ufshcd_is_auto_hibern8_supported(hba)) return -EOPNOTSUPP; @@ -184,9 +196,17 @@ static ssize_t auto_hibern8_store(struct device *dev, if (timer > UFSHCI_AHIBERN8_MAX) return -EINVAL; + down(>host_sem); + if (!ufshcd_is_sysfs_allowed(hba)) { + ret = -EBUSY; + goto out; + } + ufshcd_auto_hibern8_update(hba, ufshcd_us_to_ahit(timer)); - return count; +out: + up(>host_sem); + return ret ? ret : count; } static DEVICE_ATTR_RW(rpm_lvl); @@ -225,12 +245,21 @@ static ssize_t ufs_sysfs_read_desc_param(struct ufs_hba *hba, if (param_size > 8) return -EINVAL; + down(>host_sem); + if (!ufshcd_is_sysfs_allowed(hba)) { + ret = -EBUSY; + goto out; + } + pm_runtime_get_sync(hba->dev); ret = ufshcd_read_desc_param(hba, desc_id, desc_index, param_offset, desc_buf, param_size); pm_runtime_put_sync(hba->dev); - if (ret) - return -EINVAL; + if (ret) { + ret = -EINVAL; + goto out; + } + switch (param_size) { case 1: ret = sprintf(sysfs_buf, "0x%02X\n", *desc_buf); @@ -249,6 +278,8 @@ static ssize_t ufs_sysfs_read_desc_param(struct ufs_hba *hba, break; } +out: + up(>host_sem); return ret; } @@ -591,9 +622,16 @@ static ssize_t _name##_show(struct device *dev, \ int desc_len = QUERY_DESC_MAX_SIZE; \ u8 *desc_buf; \ \ + down(>host_sem); \ + if (!ufshcd_is_sysfs_allowed(hba)) {\ + up(>host_sem); \ + return -EBUSY; \ + } \ desc_buf = kzalloc(QUERY_DESC_MAX_SIZE, GFP_ATOMIC);\ - if (!desc_buf) \ - return -ENOMEM; \ + if (!desc_buf) {\ + up(>host_sem); \ + return -ENOMEM; \ + } \ pm_runtime_get_sync(hba->dev); \ ret = ufshcd_query_descriptor_retry(hba,\ UPIU_QUERY_OPCODE_READ_DESC, QUERY_DESC_IDN_DEVICE, \ @@ -613,6 +651,7 @@ static ssize_t _name##_show(struct device *dev, \ out: \ pm_runtime_put_sync(hba->dev); \ kfree(desc_buf);\ + up(>host_sem); \ return ret; \ } \ static
[PATCH 2/2] scsi: ufs: Protect PM ops and err_handler from user access through sysfs
User layer may access sysfs nodes when system PM ops or error handling is running, which can cause various problems. Rename eh_sem to host_sem and use it to protect PM ops and error handling from user layer intervene. Signed-off-by: Can Guo diff --git a/drivers/scsi/ufs/ufs-sysfs.c b/drivers/scsi/ufs/ufs-sysfs.c index 08e72b7..1828b34 100644 --- a/drivers/scsi/ufs/ufs-sysfs.c +++ b/drivers/scsi/ufs/ufs-sysfs.c @@ -154,18 +154,29 @@ static ssize_t auto_hibern8_show(struct device *dev, struct device_attribute *attr, char *buf) { u32 ahit; + int ret; struct ufs_hba *hba = dev_get_drvdata(dev); if (!ufshcd_is_auto_hibern8_supported(hba)) return -EOPNOTSUPP; + down(>host_sem); + if (hba->shutting_down) { + ret = -EBUSY; + goto out; + } + pm_runtime_get_sync(hba->dev); ufshcd_hold(hba, false); ahit = ufshcd_readl(hba, REG_AUTO_HIBERNATE_IDLE_TIMER); ufshcd_release(hba); pm_runtime_put_sync(hba->dev); - return scnprintf(buf, PAGE_SIZE, "%d\n", ufshcd_ahit_to_us(ahit)); + ret = scnprintf(buf, PAGE_SIZE, "%d\n", ufshcd_ahit_to_us(ahit)); + +out: + up(>host_sem); + return ret; } static ssize_t auto_hibern8_store(struct device *dev, @@ -174,6 +185,7 @@ static ssize_t auto_hibern8_store(struct device *dev, { struct ufs_hba *hba = dev_get_drvdata(dev); unsigned int timer; + int ret = 0; if (!ufshcd_is_auto_hibern8_supported(hba)) return -EOPNOTSUPP; @@ -184,9 +196,17 @@ static ssize_t auto_hibern8_store(struct device *dev, if (timer > UFSHCI_AHIBERN8_MAX) return -EINVAL; + down(>host_sem); + if (hba->shutting_down) { + ret = -EBUSY; + goto out; + } + ufshcd_auto_hibern8_update(hba, ufshcd_us_to_ahit(timer)); - return count; +out: + up(>host_sem); + return ret ? ret : count; } static DEVICE_ATTR_RW(rpm_lvl); @@ -225,12 +245,21 @@ static ssize_t ufs_sysfs_read_desc_param(struct ufs_hba *hba, if (param_size > 8) return -EINVAL; + down(>host_sem); + if (hba->shutting_down) { + ret = -EBUSY; + goto out; + } + pm_runtime_get_sync(hba->dev); ret = ufshcd_read_desc_param(hba, desc_id, desc_index, param_offset, desc_buf, param_size); pm_runtime_put_sync(hba->dev); - if (ret) - return -EINVAL; + if (ret) { + ret = -EINVAL; + goto out; + } + switch (param_size) { case 1: ret = sprintf(sysfs_buf, "0x%02X\n", *desc_buf); @@ -249,6 +278,8 @@ static ssize_t ufs_sysfs_read_desc_param(struct ufs_hba *hba, break; } +out: + up(>host_sem); return ret; } @@ -591,9 +622,16 @@ static ssize_t _name##_show(struct device *dev, \ int desc_len = QUERY_DESC_MAX_SIZE; \ u8 *desc_buf; \ \ + down(>host_sem); \ + if (hba->shutting_down) { \ + up(>host_sem); \ + return -EBUSY; \ + } \ desc_buf = kzalloc(QUERY_DESC_MAX_SIZE, GFP_ATOMIC);\ - if (!desc_buf) \ - return -ENOMEM; \ + if (!desc_buf) {\ + up(>host_sem); \ + return -ENOMEM; \ + } \ pm_runtime_get_sync(hba->dev); \ ret = ufshcd_query_descriptor_retry(hba,\ UPIU_QUERY_OPCODE_READ_DESC, QUERY_DESC_IDN_DEVICE, \ @@ -613,6 +651,7 @@ static ssize_t _name##_show(struct device *dev, \ out: \ pm_runtime_put_sync(hba->dev); \ kfree(desc_buf);\ + up(>host_sem); \ return ret; \ } \ static DEVICE_ATTR_RO(_name) @@ -651,15 +690,26 @@ static