• Tony Camuso's avatar
    ipmi: move message error checking to avoid deadlock · 38303521
    Tony Camuso authored
    V1->V2: in handle_one_rcv_msg, if data_size > 2, set requeue to zero and
            goto out instead of calling ipmi_free_msg.
            Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
    
    In the source stack trace below, function set_need_watch tries to
    take out the same si_lock that was taken earlier by ipmi_thread.
    
    ipmi_thread() [drivers/char/ipmi/ipmi_si_intf.c:995]
     smi_event_handler() [drivers/char/ipmi/ipmi_si_intf.c:765]
      handle_transaction_done() [drivers/char/ipmi/ipmi_si_intf.c:555]
       deliver_recv_msg() [drivers/char/ipmi/ipmi_si_intf.c:283]
        ipmi_smi_msg_received() [drivers/char/ipmi/ipmi_msghandler.c:4503]
         intf_err_seq() [drivers/char/ipmi/ipmi_msghandler.c:1149]
          smi_remove_watch() [drivers/char/ipmi/ipmi_msghandler.c:999]
           set_need_watch() [drivers/char/ipmi/ipmi_si_intf.c:1066]
    
    Upstream commit e1891cff adds code to
    ipmi_smi_msg_received() to call smi_remove_watch() via intf_err_seq()
    and this seems to be causing the deadlock.
    
    commit e1891cff
    Author: Corey Minyard <cminyard@mvista.com>
    Date:   Wed Oct 24 15:17:04 2018 -0500
        ipmi: Make the smi watcher be disabled immediately when not needed
    
    The fix is to put all messages in the queue and move the message
    checking code out of ipmi_smi_msg_received and into handle_one_recv_msg,
    which processes the message checking after ipmi_thread releases its
    locks.
    
    Additionally,Kosuke Tatsukawa <tatsu@ab.jp.nec.com> reported that
    handle_new_recv_msgs calls ipmi_free_msg when handle_one_rcv_msg returns
    zero, so that the call to ipmi_free_msg in handle_one_rcv_msg introduced
    another panic when "ipmitool sensor list" was run in a loop. He
    submitted this part of the patch.
    
    +free_msg:
    +               requeue = 0;
    +               goto out;
    
    Reported by: Osamu Samukawa <osa-samukawa@tg.jp.nec.com>
    Characterized by: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
    Signed-off-by: default avatarTony Camuso <tcamuso@redhat.com>
    Fixes: e1891cff ("ipmi: Make the smi watcher be disabled immediately when not needed")
    Cc: stable@vger.kernel.org # 5.1
    Signed-off-by: default avatarCorey Minyard <cminyard@mvista.com>
    38303521
ipmi_msghandler.c 131 KB