1. Patchew
  2. linux
  3. View series

[PATCH v5] scsi: core: Drop using the host_lock to protect async_scan race condition

Chaohai Chen posted 1 patch 1 month ago 
drivers/scsi/scsi_scan.c | 10 ++--------
include/scsi/scsi_host.h |  7 ++++---
2 files changed, 6 insertions(+), 11 deletions(-)
[PATCH v5] scsi: core: Drop using the host_lock to protect async_scan race condition
Posted by Chaohai Chen 1 month ago 
Previously, host_lock was used to prevent bit-set conflicts in async_scan,
but this approach introduced naked reads in some code paths.

Convert async_scan from a bitfield to a bool type to eliminate bit-level
conflicts entirely. Use __guarded_by(&scan_mutex) to indicate that the
async_scan variable is protected by scan_mutex.

Signed-off-by: Chaohai Chen <wdhh6@aliyun.com>
---
 drivers/scsi/scsi_scan.c | 10 ++--------
 include/scsi/scsi_host.h |  7 ++++---
 2 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/drivers/scsi/scsi_scan.c b/drivers/scsi/scsi_scan.c
index 60c06fa4ec32..efcaf85ff699 100644
--- a/drivers/scsi/scsi_scan.c
+++ b/drivers/scsi/scsi_scan.c
@@ -1943,7 +1943,6 @@ static void scsi_sysfs_add_devices(struct Scsi_Host *shost)
 static struct async_scan_data *scsi_prep_async_scan(struct Scsi_Host *shost)
 {
 	struct async_scan_data *data = NULL;
-	unsigned long flags;
 
 	if (strncmp(scsi_scan_type, "sync", 4) == 0)
 		return NULL;
@@ -1962,9 +1961,7 @@ static struct async_scan_data *scsi_prep_async_scan(struct Scsi_Host *shost)
 		goto err;
 	init_completion(&data->prev_finished);
 
-	spin_lock_irqsave(shost->host_lock, flags);
-	shost->async_scan = 1;
-	spin_unlock_irqrestore(shost->host_lock, flags);
+	shost->async_scan = true;
 	mutex_unlock(&shost->scan_mutex);
 
 	spin_lock(&async_scan_lock);
@@ -1992,7 +1989,6 @@ static struct async_scan_data *scsi_prep_async_scan(struct Scsi_Host *shost)
 static void scsi_finish_async_scan(struct async_scan_data *data)
 {
 	struct Scsi_Host *shost;
-	unsigned long flags;
 
 	if (!data)
 		return;
@@ -2012,9 +2008,7 @@ static void scsi_finish_async_scan(struct async_scan_data *data)
 
 	scsi_sysfs_add_devices(shost);
 
-	spin_lock_irqsave(shost->host_lock, flags);
-	shost->async_scan = 0;
-	spin_unlock_irqrestore(shost->host_lock, flags);
+	shost->async_scan = false;
 
 	mutex_unlock(&shost->scan_mutex);
 
diff --git a/include/scsi/scsi_host.h b/include/scsi/scsi_host.h
index f6e12565a81d..7e2011830ba4 100644
--- a/include/scsi/scsi_host.h
+++ b/include/scsi/scsi_host.h
@@ -660,6 +660,10 @@ struct Scsi_Host {
 	 */
 	unsigned nr_hw_queues;
 	unsigned nr_maps;
+
+	/* Asynchronous scan in progress */
+	bool async_scan __guarded_by(&scan_mutex);
+
 	unsigned active_mode:2;
 
 	/*
@@ -678,9 +682,6 @@ struct Scsi_Host {
 	/* Task mgmt function in progress */
 	unsigned tmf_in_progress:1;
 
-	/* Asynchronous scan in progress */
-	unsigned async_scan:1;
-
 	/* Don't resume host in EH */
 	unsigned eh_noresume:1;
 
-- 
2.43.7
Re: [PATCH v5] scsi: core: Drop using the host_lock to protect async_scan race condition
Posted by Martin K. Petersen 3 weeks, 3 days ago 
On Thu, 05 Mar 2026 10:51:24 +0800, Chaohai Chen wrote:

> Previously, host_lock was used to prevent bit-set conflicts in async_scan,
> but this approach introduced naked reads in some code paths.
> 
> Convert async_scan from a bitfield to a bool type to eliminate bit-level
> conflicts entirely. Use __guarded_by(&scan_mutex) to indicate that the
> async_scan variable is protected by scan_mutex.
> 
> [...]

Applied to 7.1/scsi-queue, thanks!

[1/1] scsi: core: Drop using the host_lock to protect async_scan race condition
      https://git.kernel.org/mkp/scsi/c/7a3aff163c77

-- 
Martin K. Petersen
Re: [PATCH v5] scsi: core: Drop using the host_lock to protect async_scan race condition
Posted by Martin K. Petersen 1 month ago 
Chaohai,

> Previously, host_lock was used to prevent bit-set conflicts in
> async_scan, but this approach introduced naked reads in some code
> paths.

Applied to 7.1/scsi-staging, thanks!

-- 
Martin K. Petersen
Re: [PATCH v5] scsi: core: Drop using the host_lock to protect async_scan race condition
Posted by John Garry 1 month ago 
On 05/03/2026 02:51, Chaohai Chen wrote:
> Previously, host_lock was used to prevent bit-set conflicts in async_scan,
> but this approach introduced naked reads in some code paths.
> 
> Convert async_scan from a bitfield to a bool type to eliminate bit-level
> conflicts entirely. Use __guarded_by(&scan_mutex) to indicate that the
> async_scan variable is protected by scan_mutex.
> 
> Signed-off-by: Chaohai Chen<wdhh6@aliyun.com>


Reviewed-by: John Garry <john.g.garry@oracle.com>
Re: [PATCH v5] scsi: core: Drop using the host_lock to protect async_scan race condition
Posted by Bart Van Assche 1 month ago 
On 3/4/26 8:51 PM, Chaohai Chen wrote:
> +	/* Asynchronous scan in progress */
> +	bool async_scan __guarded_by(&scan_mutex);

The __guarded_by() is ignored because CONTEXT_ANALYSIS has not yet been
set in the drivers/scsi/Makefile. This is something I plan to do if
nobody else does it first. Anyway:

Reviewed-by: Bart Van Assche <bvanassche@acm.org>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.