RE: Regarding - Patch - Fix crash on qla2x00_mailbox_command

Saurav Kashyap <skashyap@xxxxxxxxxxx> · Wed, 20 May 2020 06:33:45 +0000

Hi Rodrigo,
Any updates on this?

Thanks,
~Saurav

> -----Original Message-----
> From: Saurav Kashyap
> Sent: Monday, May 18, 2020 12:20 PM
> To: rosattig@xxxxxxxxxxxxxxxxxx
> Cc: linux-scsi@xxxxxxxxxxxxxxx; Arun Easi <aeasi@xxxxxxxxxxx>; Girish Basrur
> <gbasrur@xxxxxxxxxxx>; Nilesh Javali <njavali@xxxxxxxxxxx>
> Subject: Regarding - Patch - Fix crash on qla2x00_mailbox_command
> 
> Hi  Rodrigo,
> We are seen regression introduced by below patch for QLA 82XX HBAs. On
> unload, the disable interrupt, mailbox command (MBX 0x10) fails because of
> this patch and leaves the FW/HW in unstable state. The next load fails with
> initialization FW timing out.
> The only way out of this is to reboot the server. I  and  test team have tried to
> reproduce an original problem that is fixed by below patch but we don't have
> any luck.
> 
> We would like to revert the below patch but would like to address original
> problem as well. Can you share more details about the NULL pointer
> dereference? Which data structure was NULL and what was the test case?
> 
> ==============================
> git show 3cb182b3fa8b7a61f05c671525494697cba39c6a
> commit 3cb182b3fa8b7a61f05c671525494697cba39c6a
> Author: Rodrigo R. Galvao <rosattig@xxxxxxxxxxxxxxxxxx>
> Date:   Mon May 28 14:58:44 2018 -0300
> 
>     scsi: qla2xxx: Fix crash on qla2x00_mailbox_command
> 
>     This patch fixes a crash on qla2x00_mailbox_command caused when the
> driver
>     is on UNLOADING state and tries to call qla2x00_poll, which triggers a
>     NULL pointer dereference.
> 
>     Signed-off-by: Rodrigo R. Galvao <rosattig@xxxxxxxxxxxxxxxxxx>
>     Signed-off-by: Mauro S. M. Rodrigues <maurosr@xxxxxxxxxxxxxxxxxx>
>     Acked-by: Himanshu Madhani <himanshu.madhani@xxxxxxxxxx>
>     Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
> 
> diff --git a/drivers/scsi/qla2xxx/qla_mbx.c b/drivers/scsi/qla2xxx/qla_mbx.c
> index d8a36c1..7e875f5 100644
> --- a/drivers/scsi/qla2xxx/qla_mbx.c
> +++ b/drivers/scsi/qla2xxx/qla_mbx.c
> @@ -292,6 +292,14 @@ static int is_rom_cmd(uint16_t cmd)
>                         if (time_after(jiffies, wait_time))
>                                 break;
> 
> +                       /*
> +                        * Check if it's UNLOADING, cause we cannot poll in
> +                        * this case, or else a NULL pointer dereference
> +                        * is triggered.
> +                        */
> +                       if (unlikely(test_bit(UNLOADING, &base_vha->dpc_flags)))
> +                               return QLA_FUNCTION_TIMEOUT;
> +
>                         /* Check for pending interrupts. */
>                         qla2x00_poll(ha->rsp_q_map[0]);
> ====================
> 
> Thanks,
> ~Saurav