From nobody Sun Feb 8 14:22:31 2026 Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F2602750ED for ; Thu, 15 Jan 2026 17:11:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768497119; cv=none; b=Ei/SIksi3ASsV0mhnpzFJ/rSH3hB+8q0S0UMZDEHqLC6D1IcT1/Uhk/u5lCS/gNt/36LX8N/KwlIewZoT0gCRF+cxIdSUcI64OeZiNtnO+zXxHmjFxl8DN59GGn1RZzij/2rteU92F7y0F3+jCwTau8fhlnGoUARClO5LfcygWM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1768497119; c=relaxed/simple; bh=5jvT77sR0fzLjhtGZIstKrpDDk4IPsEN3tBAzUsO4vE=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=GdVhzferyUB6ogxlXxZMDvhdO1aqVLLHFeggxi8G3F11V8Mw7gkZ6js3Ki0Q1mSM03WLCYXnu6646EzINUq02qipR6iby2Irhd9fgeb1xk2Abkdsebn2HBJ+Y0lHpbFC6gM83lmdKGdgvP+OhQ5Gj7x5yrkcxHxkIcLhcq20P2U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Ip276U89; arc=none smtp.client-ip=209.85.221.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Ip276U89" Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-42fbb061a08so93726f8f.2 for ; Thu, 15 Jan 2026 09:11:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1768497117; x=1769101917; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=JfnPKfCJdkhp9EqSDp2pIOhI0ZkfZNyhP7oMAkYw2+4=; b=Ip276U898QP/2QCdBWUtZ7pbxNZMfO3TgNz6+JWQ3mQbPcDIVhBvlImXfvFzcdQ2VW qR1RbKwUfUvoajw1cnoNdimtiTfiAHnr3LzcDuaS365OZsVptR9Hvq/0hDFuiwDFwlaF /6+oTZrqFlHztT8qHMYjnh5h9Q5ozG895HdA1gpHBdh1CTCKzkzmoDQrL/Z2hTuH5srI /aRC0n6XsI4LuDMa1Z/6oSYXzJV49OhsTgNGLyUZZrtNjCQoj3MYRDV6QhzNQgh1ZdAl VQO5B+Fiw3M3kFdy+uBsBNeDgVftUlNEhKrdx5ejggZnoSR5An9RA4Z0ynBdoM9X2NGX Z6nQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768497117; x=1769101917; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=JfnPKfCJdkhp9EqSDp2pIOhI0ZkfZNyhP7oMAkYw2+4=; b=V2FOMy2njiNadQG8MdiepZcCVV6UH+j4tcZhGcnkhdlriC+7h7j5T/N+JN09+ODy2m qRLw47ka0q7b10F7ot82SiLw9pAdCobcoPkCpvLdqqNMHGqkmvZR3xFX0i1OSX8cWUTS SjaDjy9AALlxNf4/mYKbKPyehBWBo2IhjsF+fET20LZwj3ob7/IKUxi8W7HkOQgPUxYz gxFl0IB1BmUk0gemYWXknRpGH22Zg7xZd+OSibNwLeDkmFXyOTNxtVYb6UmLLIR8JH8n CDbwMCsZhDVMCZS2nSBcte7dwrLeJCBZMUiVmtjy+bkDGAChPCE6P2+drfoMXFN95AQw 9SoA== X-Forwarded-Encrypted: i=1; AJvYcCVnpujbLmd8NYiw2BVHVzyZyGUI3EKBZfjVngWrTq5SvLlYlnA23SgkfilwX9JWrRo0Jc3HHNoqTSl/Y7s=@vger.kernel.org X-Gm-Message-State: AOJu0YyR6uTiCS9Cf3I2bAriyZo2CtGoR0Kyhz2uVEhEyg7SgY3bQbbQ 182cg46Gqi0ApWas0G95EMY4go/YRZw9+W9xO84viEt7UGXLkCy3PxUL X-Gm-Gg: AY/fxX5gy0qKfBgpfNqfGROS4Lr6NkeNm7vGd88ofODiOLX9w12/XbltdJA2OgqTaki akXVVSu0hhwPYh2sorpdzr388s+KaXgh/rKdXZHAKIO0bUwcikgl5Sm+xOCzsHP8Ct6zEfC6BI6 v0nFEaXJMGpO5jUCc/RfPens8Lhyjkw8YLr/301ExiQ5GtctBm7V53p4nyQH40EeH+N8Wst3k20 JhzfXioP0CHDBbQhU16ufJUck+cqoZbaG1GfbJQvjnhQ69XY9fawBUWBmSCv//VJNA5+FU06R9m nqThinUcOmcED+p5rXh4LWLZIeIJ5Lno8u+rTyZDcT2EoBjNUcsXDmosSV0Ji03dEyltDW/I5Le duVq1M7et+oKEtc7jPbcpq9szwmb1vStSNVxiRba/+bDCn0QBD0S2d9peW2Gp3IkUYmJJ4D71GK dM8eYQciPfF5NPjVHK4PmO+tcdFGmeugLEt3OG1/fQWwh4rMYC35Nltcpyjd3be9lhfkNi X-Received: by 2002:a05:600c:4e43:b0:477:a478:3f94 with SMTP id 5b1f17b1804b1-4801e347e3bmr3517515e9.5.1768497116436; Thu, 15 Jan 2026 09:11:56 -0800 (PST) Received: from 3ce1e5d2d1b2.cse.ust.hk (191host009.mobilenet.cse.ust.hk. [143.89.191.9]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435696fbea8sm223315f8f.0.2026.01.15.09.11.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 15 Jan 2026 09:11:55 -0800 (PST) From: Chengfeng Ye X-Google-Original-From: Chengfeng Ye To: "James E . J . Bottomley" , "Martin K . Petersen" Cc: Jack Wang , linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, Chengfeng Ye Subject: [PATCH] scsi: pm8001: Fix data race in sysfs SAS address read Date: Thu, 15 Jan 2026 17:11:40 +0000 Message-Id: <20260115171140.281969-1-cyeaa@connect.ust.hk> X-Mailer: git-send-email 2.25.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Chengfeng Ye Fix a data race where sysfs read pm8001_ctl_host_sas_address_show() reads pm8001_ha->sas_addr without synchronization while it can be written from interrupt context in pm8001_mpi_get_nvmd_resp(). The write path is already protected by pm8001_ha->lock (held by process_oq() when calling pm8001_mpi_get_nvmd_resp()), but the sysfs read path accesses the 8-byte SAS address without any synchronization, allowing torn reads. Thread interleaving scenario: Thread A (sysfs read) | Thread B (interrupt context) -------------------------------------+------------------------------------ pm8001_ctl_host_sas_address_show() | |- read sas_addr[0..3] | | process_oq() | |- spin_lock_irqsave(&lock) | |- process_one_iomb() | | |- pm8001_mpi_get_nvmd_resp() | | |- memcpy(sas_addr, new, 8) | | /* writes all 8 bytes */ | |- spin_unlock_irqrestore(&lock) |- read sas_addr[4..7] | /* gets mix of old and new */ | Fix by protecting the sysfs read with the same pm8001_ha->lock. Signed-off-by: Chengfeng Ye --- drivers/scsi/pm8001/pm8001_ctl.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/pm8001/pm8001_ctl.c b/drivers/scsi/pm8001/pm8001_= ctl.c index cbfda8c04e95..e49f11969b3b 100644 --- a/drivers/scsi/pm8001/pm8001_ctl.c +++ b/drivers/scsi/pm8001/pm8001_ctl.c @@ -311,8 +311,15 @@ static ssize_t pm8001_ctl_host_sas_address_show(struct= device *cdev, struct Scsi_Host *shost =3D class_to_shost(cdev); struct sas_ha_struct *sha =3D SHOST_TO_SAS_HA(shost); struct pm8001_hba_info *pm8001_ha =3D sha->lldd_ha; - return sysfs_emit(buf, "0x%016llx\n", - be64_to_cpu(*(__be64 *)pm8001_ha->sas_addr)); + unsigned long flags; + ssize_t ret; + + spin_lock_irqsave(&pm8001_ha->lock, flags); + ret =3D sysfs_emit(buf, "0x%016llx\n", + be64_to_cpu(*(__be64 *)pm8001_ha->sas_addr)); + spin_unlock_irqrestore(&pm8001_ha->lock, flags); + + return ret; } static DEVICE_ATTR(host_sas_address, S_IRUGO, pm8001_ctl_host_sas_address_show, NULL); --=20 2.25.1