@@ -112,6 +112,7 @@ enum sg_rq_state { /* N.B. sg_rq_state_arr assumes SG_RS_AWAIT_RCV==2 */
#define SG_FRQ_SYNC_INVOC 2 /* synchronous (blocking) invocation */
#define SG_FRQ_NO_US_XFER 3 /* no user space transfer of data */
#define SG_FRQ_DEACT_ORPHAN 6 /* not keeping orphan so de-activate */
+#define SG_FRQ_RECEIVING 7 /* guard against multiple receivers */
/* Bit positions (flags) for sg_fd::ffd_bm bitmask follow */
#define SG_FFD_FORCE_PACKID 0 /* receive only given pack_id/tag */
@@ -374,6 +375,7 @@ sg_check_file_access(struct file *filp, const char *caller)
static int
sg_wait_open_event(struct sg_device *sdp, bool o_excl)
+ __must_hold(sdp->open_rel_lock)
{
int res = 0;
@@ -1271,6 +1273,7 @@ sg_ctl_ioreceive(struct file *filp, struct sg_fd *sfp, void __user *p)
SG_LOG(3, sfp, "%s: non_block(+IMMED)=%d\n", __func__, non_block);
/* read in part of v3 or v4 header for pack_id or tag based find */
id = pack_id;
+try_again:
srp = sg_find_srp_by_id(sfp, id, &busy);
while (!srp) { /* nothing available so wait on packet or */
if (unlikely(!busy && SG_IS_DETACHING(sdp)))
@@ -1285,6 +1288,10 @@ sg_ctl_ioreceive(struct file *filp, struct sg_fd *sfp, void __user *p)
if (res)
return res; /* signal --> -ERESTARTSYS */
}
+ if (test_and_set_bit(SG_FRQ_RECEIVING, srp->frq_bm)) {
+ cpu_relax();
+ goto try_again;
+ }
return sg_receive_v4(sfp, srp, p, h4p);
}
@@ -1322,7 +1329,7 @@ sg_ctl_ioreceive_v3(struct file *filp, struct sg_fd *sfp, void __user *p)
if (test_bit(SG_FFD_FORCE_PACKID, sfp->ffd_bm))
pack_id = h3p->pack_id;
-
+try_again:
srp = sg_find_srp_by_id(sfp, pack_id, &busy);
while (!srp) { /* nothing available so wait on packet or */
if (unlikely(!busy && SG_IS_DETACHING(sdp)))
@@ -1335,6 +1342,10 @@ sg_ctl_ioreceive_v3(struct file *filp, struct sg_fd *sfp, void __user *p)
if (unlikely(res))
return res; /* signal --> -ERESTARTSYS */
}
+ if (test_and_set_bit(SG_FRQ_RECEIVING, srp->frq_bm)) {
+ cpu_relax();
+ goto try_again;
+ }
return sg_receive_v3(sfp, srp, SZ_SG_IO_HDR, p);
}
@@ -1451,7 +1462,6 @@ get_sg_io_pack_id(int *pack_id, void __user *buf, size_t count)
return get_user(*pack_id, &hp->pack_id);
}
}
-
/* no valid header was passed, so ignore the pack_id */
*pack_id = -1;
return 0;
@@ -1486,8 +1496,9 @@ sg_read(struct file *filp, char __user *buf, size_t count, loff_t *ppos)
return ret;
}
+try_again:
srp = sg_find_srp_by_id(sfp, req_pack_id, &busy);
- if (!srp) { /* now wait on packet to arrive */
+ while (!srp) { /* now wait on packet to arrive */
if (unlikely(!busy && SG_IS_DETACHING(sdp)))
return -ENODEV;
if (non_block) /* O_NONBLOCK or v3::flags & SGV4_FLAG_IMMED */
@@ -1501,6 +1512,10 @@ sg_read(struct file *filp, char __user *buf, size_t count, loff_t *ppos)
return ret;
/* otherwise srp should be valid */
}
+ if (test_and_set_bit(SG_FRQ_RECEIVING, srp->frq_bm)) {
+ cpu_relax();
+ goto try_again;
+ }
if (srp->s_hdr3.interface_id == '\0')
ret = sg_read_v1v2(buf, (int)count, sfp, srp);
else
@@ -1720,6 +1735,7 @@ sg_ctl_sg_io(struct file *filp, struct sg_device *sdp, struct sg_fd *sfp,
*/
static int
sg_set_reserved_sz(struct sg_fd *sfp, int want_rsv_sz)
+ __must_hold(sfp->f_mutex)
{
int new_sz, blen, res;
unsigned long iflags;
@@ -2908,26 +2924,27 @@ sg_finish_scsi_blk_rq(struct sg_request *srp)
atomic_dec(&sfp->submitted);
atomic_dec(&sfp->waiting);
}
+
+ /* Expect blk_mq_free_request(rq) already called in sg_rq_end_io() */
+ if (rq) { /* blk_get_request() may have failed */
+ srp->rq = NULL;
+ blk_mq_free_request(rq);
+ }
if (srp->bio) {
bool us_xfer = !test_bit(SG_FRQ_NO_US_XFER, srp->frq_bm);
+ struct bio *bio = srp->bio;
- if (us_xfer) {
- ret = blk_rq_unmap_user(srp->bio);
+ srp->bio = NULL;
+ if (us_xfer && bio) {
+ ret = blk_rq_unmap_user(bio);
if (ret) { /* -EINTR (-4) can be ignored */
SG_LOG(6, sfp,
"%s: blk_rq_unmap_user() --> %d\n",
__func__, ret);
}
}
- srp->bio = NULL;
- }
- /* In worst case READ data returned to user space by this point */
-
- /* Expect blk_mq_free_request(rq) already called in sg_rq_end_io() */
- if (rq) { /* blk_get_request() may have failed */
- srp->rq = NULL;
- blk_mq_free_request(rq);
}
+ /* In worst case, READ data returned to user space by this point */
}
static int
@@ -3367,6 +3384,7 @@ sg_deact_request(struct sg_fd *sfp, struct sg_request *srp)
return;
sbp = srp->sense_bp;
srp->sense_bp = NULL;
+ srp->frq_bm[0] = 0;
sg_rq_state_chg(srp, 0, SG_RS_INACTIVE, true /* force */, __func__);
/* maybe orphaned req, thus never read */
if (sbp)
@@ -3499,6 +3517,7 @@ static void
sg_remove_sfp_usercontext(struct work_struct *work)
{
__maybe_unused int o_count;
+ int subm;
unsigned long idx, iflags;
struct sg_device *sdp;
struct sg_fd *sfp = container_of(work, struct sg_fd, ew_fd.work);
@@ -3536,6 +3555,10 @@ sg_remove_sfp_usercontext(struct work_struct *work)
SG_LOG(6, sfp, "%s: kfree: srp=%pK --\n", __func__, srp);
kfree(srp);
}
+ subm = atomic_read(&sfp->submitted);
+ if (subm != 0)
+ SG_LOG(1, sfp, "%s: expected submitted=0 got %d\n",
+ __func__, subm);
xa_destroy(xafp);
xa_lock_irqsave(xadp, iflags);
e_sfp = __xa_erase(xadp, sfp->idx);
@@ -3564,12 +3587,12 @@ sg_remove_sfp(struct kref *kref)
static int
sg_idr_max_id(int id, void *p, void *data)
+ __must_hold(sg_index_lock)
{
int *k = data;
if (*k < id)
*k = id;
-
return 0;
}
@@ -3799,6 +3822,7 @@ sg_proc_seq_show_devstrs(struct seq_file *s, void *v)
/* Writes debug info for one sg_request in obp buffer */
static int
sg_proc_debug_sreq(struct sg_request *srp, int to, char *obp, int len)
+ __must_hold(sfp->srp_arr.xa_lock)
{
bool is_v3v4, v4, is_dur;
int n = 0;
@@ -3901,6 +3925,7 @@ sg_proc_debug_fd(struct sg_fd *fp, char *obp, int len, unsigned long idx)
/* Writes debug info for one sg device (including its sg fds) in obp buffer */
static int
sg_proc_debug_sdev(struct sg_device *sdp, char *obp, int len, int *fd_counterp)
+ __must_hold(sg_index_lock)
{
int n = 0;
int my_count = 0;