On 6/28/24 12:00 AM, peter.wang@mediatek.com wrote:
From: Peter Wang peter.wang@mediatek.com
When ufshcd_clear_cmd racing with complete ISR, the completed tag of request's mq_hctx pointer will set NULL by ISR. And ufshcd_clear_cmd call ufshcd_mcq_req_to_hwq will get NULL pointer KE. Return success when request is completed by ISR beacuse sq dosen't need cleanup.
The racing flow is:
Thread A ufshcd_err_handler step 1 ufshcd_try_to_abort_task ufshcd_cmd_inflight(true) step 3 ufshcd_clear_cmd ... ufshcd_mcq_req_to_hwq blk_mq_unique_tag rq->mq_hctx->queue_num step 5
Thread B ufs_mtk_mcq_intr(cq complete ISR) step 2 scsi_done ... __blk_mq_free_request rq->mq_hctx = NULL; step 4
Reviewed-by: Bart Van Assche bvanassche@acm.org