On Wed, 2020-01-22 at 16:20 -0800, Arun Easi wrote:
> Thanks for the review, Robert. Response inline..
>
> On Wed, 22 Jan 2020, 3:59pm, Elliott, Robert (Servers) wrote:
>
> >
> > > -----Original Message-----
> > > From: linux-scsi-owner@xxxxxxxxxxxxxxx <linux-scsi-owner@xxxxxxxxxxxxxxx>
> > > On Behalf Of Himanshu Madhani
> > > Sent: Tuesday, January 21, 2020 1:27 PM
> > > Subject: [PATCH v4] qla2xxx: Fix unbound NVME response length
> > ...
> > > We discovered issue with our newer Gen7 adapter when response length
> > > happens to be larger than 32 bytes, could result into crash.
> > ...
> > > drivers/scsi/qla2xxx/qla_isr.c | 10 ++++++++++
> > > 1 file changed, 10 insertions(+)
> > >
> > > diff --git a/drivers/scsi/qla2xxx/qla_isr.c
> > ...
> > > + if (unlikely(iocb->u.nvme.rsp_pyld_len >
> > > + sizeof(struct nvme_fc_ersp_iu))) {
> > > + WARN_ONCE(1, "Unexpected response payload length %u.\n",
> > > + iocb->u.nvme.rsp_pyld_len);
> >
> > Do you really need a kernel stack dump for this error, which the WARN
> > macros create? The problem would be caused by firmware behavior, not
> > something wrong in the kernel.
>
> The intent was to bring this to the tester's notice. My expectation is
> that this would be removed once the root cause is known. The issue was not
> reproducible internally.
We have a reproducible test case, so testing the patch was
not a problem. I agree the log message should be restricted
or suppressed though, once would be enough.
The problem appeared to be that an extra bit was set (because
the length was too long by 16K) and our testing worked OK with
the ersp_iu data truncated to the correct structure size.
-Ewan
>
> > If this function runs in interrupt context (based on the filename),
> > then printing lots of data to the slow serial port can cause soft
> > lockups and other issues.
>
> In retrospect, this should have been under the driver debug tunable (which
> is set usually by testers).
>
> > > + ql_log(ql_log_warn, fcport->vha, 0x5100,
> > > + "Unexpected response payload length %u.\n",
> > > + iocb->u.nvme.rsp_pyld_len);
> > > + iocb->u.nvme.rsp_pyld_len =
> > > + sizeof(struct nvme_fc_ersp_iu);
> > > + }
> >
> > If the problem is due to some firmware incompatibility and every
> > response is long, the kernel log will quickly become full of
> > these messages - per-IO prints are noisy. The handling implies
> > the driver thinks it's safe to proceed, so there's nothing that
> > is going to keep the problem from reoccurring. If the handling was
> > to report a failed IO and shut down the device, then the number
> > of possible error messages would quickly cease.
> >
> > Safer approaches would be to print only once and maintain a count
> > of errors in sysfs, or use ratelimited print functions.
>
> I can post a follow on patch, with the WARN/log message under driver
> debug.
>
> Regards,
> -Arun
>
> >
> >
