[Skiboot] [RESEND PATCH] fix lock error when BT IRQ preempt BT timer

Vasant Hegde hegdevasant at linux.vnet.ibm.com
Wed Jan 13 21:02:51 AEDT 2021

From: lixg <lixgemail at gmail.com>

BT IRQ may preempt BT timer if BMC response host when bt msg timeout.
When BT IRQ preempt BT timer, the infight_bt_msg did not protected by bt.lock very well.

And we will see the following log:
[29006114.163785853,3] BT: seq 0x81 netfn 0x0a cmd 0x23: Timeout sending message
[29006114.288029290,3] BT: seq 0x81 netfn 0x0b cmd 0x23: Timeout sending message
[29006114.288917798,3] IPMI: Incorrect netfn 0x0b in response

It may cause 'CPU Hardlock UP', 'memory refree', 'kernel crash' or something else...

Signed-off-by: lixg <867314078 at qq.com>
  Your patch was filtered out and didn't hit mailing list. Hence
  resending your patch.
  I have fixed mailing list issue. Now all your patches/responses will
  come to maiilng list.


 hw/bt.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hw/bt.c b/hw/bt.c
index cf967f899..5016feab6 100644
--- a/hw/bt.c
+++ b/hw/bt.c
@@ -211,6 +211,11 @@ static void bt_msg_del(struct bt_msg *bt_msg)
+	/* once inflight_bt_msg out of list, it should be emptyed */
+	if (bt_msg == inflight_bt_msg)
+		inflight_bt_msg = NULL;
@@ -393,9 +398,6 @@ static void bt_expire_old_msg(uint64_t tb)
 			BT_Q_ERR(bt_msg, "Timeout sending message");
-			/* Ready to send next message */
-			inflight_bt_msg = NULL;
 			 * Timing out a message is inherently racy as the BMC
 			 * may start writing just as we decide to kill the

More information about the Skiboot mailing list