diff options
author | lixg <lixgemail@gmail.com> | 2021-01-13 15:32:51 +0530 |
---|---|---|
committer | Vasant Hegde <hegdevasant@linux.vnet.ibm.com> | 2021-06-24 16:53:35 +0530 |
commit | 1e78fc86008f935e74b97a0e6040566ac26ebb22 (patch) | |
tree | 6296dca4f5fe1804e9e79e1648f3b7b0bedee8e3 /hw | |
parent | 35bd8c027b91d674ef9470da44c578c47f47c4bb (diff) | |
download | skiboot-1e78fc86008f935e74b97a0e6040566ac26ebb22.zip skiboot-1e78fc86008f935e74b97a0e6040566ac26ebb22.tar.gz skiboot-1e78fc86008f935e74b97a0e6040566ac26ebb22.tar.bz2 |
Fix lock error when BT IRQ preempt BT timer
[ Upstream commit 46d7eafbda4006b9b858b49f9df9c63575582a92 ]
BT IRQ may preempt BT timer if BMC response host when bt msg timeout.
When BT IRQ preempt BT timer, the infight_bt_msg did not protected by bt.lock very well.
And we will see the following log:
[29006114.163785853,3] BT: seq 0x81 netfn 0x0a cmd 0x23: Timeout sending message
[29006114.288029290,3] BT: seq 0x81 netfn 0x0b cmd 0x23: Timeout sending message
[29006114.288917798,3] IPMI: Incorrect netfn 0x0b in response
It may cause 'CPU Hardlock UP', 'memory refree', 'kernel crash' or something else...
Signed-off-by: lixg <867314078@qq.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Diffstat (limited to 'hw')
-rw-r--r-- | hw/bt.c | 8 |
1 files changed, 5 insertions, 3 deletions
@@ -211,6 +211,11 @@ static void bt_msg_del(struct bt_msg *bt_msg) { list_del(&bt_msg->link); bt.queue_len--; + + /* once inflight_bt_msg out of list, it should be emptyed */ + if (bt_msg == inflight_bt_msg) + inflight_bt_msg = NULL; + unlock(&bt.lock); ipmi_cmd_done(bt_msg->ipmi_msg.cmd, IPMI_NETFN_RETURN_CODE(bt_msg->ipmi_msg.netfn), @@ -393,9 +398,6 @@ static void bt_expire_old_msg(uint64_t tb) BT_Q_ERR(bt_msg, "Timeout sending message"); bt_msg_del(bt_msg); - /* Ready to send next message */ - inflight_bt_msg = NULL; - /* * Timing out a message is inherently racy as the BMC * may start writing just as we decide to kill the |