Hello
A customer discovered this on a RHEL 8.8 kernel but the issue also
exists upstream with the current code in 6.4 for example.
[ 177.143279] ? qla2xxx_dif_start_scsi_mq+0xcd8/0xce0 [qla2xxx]
[ 177.149165] ? internal_add_timer+0x42/0x70
[ 177.153372] qla2xxx_mqueuecommand+0x207/0x2b0 [qla2xxx]
[ 177.158730] scsi_queue_rq+0x2b7/0xc00
[ 177.162501] blk_mq_dispatch_rq_list+0x3ea/0x7e0
Simple reproducer to a LUN with no protection
sg_write_same -T --lba=1 /dev/sdxx (or mpath)
With the device having no protection we land up with
SCSI_PROT_NORMAL being used so fall through to the BUG()
switch (scsi_get_prot_op(GET_CMD_SP(sp))) {
case SCSI_PROT_READ_INSERT:
case SCSI_PROT_WRITE_STRIP:
total_bytes = data_bytes;
data_bytes += dif_bytes;
break;
case SCSI_PROT_READ_STRIP:
case SCSI_PROT_WRITE_INSERT:
case SCSI_PROT_READ_PASS:
case SCSI_PROT_WRITE_PASS:
total_bytes = data_bytes + dif_bytes;
break;
default:
BUG();
}
I also had David Jeffery look at this and his comment was
In this particular case, it looks like the issue is just with qla2xxx,
regardless of the hardware. The scsi_disk being sent the command had no
dif protection enabled and there was no dix data.
crash> struct scsi_disk.protection_type 0xff34947432176800
protection_type = 0 '\000',
crash> px ((struct scsi_cmnd *)0xff3494740b759138)->prot_sdb[0]
$7 = {
table = {
sgl = 0xff3494740b7595a8,
nents = 0x0,
orig_nents = 0x0
},
length = 0x0,
resid = 0x0
}
So a WRITE_SAME_32 prot_op was always going to be SCSI_PROT_NORMAL in
prot_op. qla2xxx should not crash when passed such a command and state.
KDUMP
Linux
segstorage3
6.4.0+
[ 176.960932] ------------[ cut here ]------------
[ 176.965582] kernel BUG at drivers/scsi/qla2xxx/qla_iocb.c:1459!
[ 176.971540] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[ 176.976795] CPU: 10 PID: 16058 Comm: sg_write_same Kdump: loaded
Tainted: G S 6.4.0+ #1
[ 176.986240] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380
Gen10, BIOS U30 05/17/2022
[ 176.994812] RIP: 0010:qla2xxx_dif_start_scsi_mq+0xcd8/0xce0
[qla2xxx]
[ 177.001337] Code: ff ff 48 8b 7c 24 40 0f b7 bf 4c 01 00 00 e9 73 f6
ff ff 83 3d 68 a0 de ff 01 0f 8e 7b fd ff ff e9 6f fd ff ff e8 b8 7f 07
ce <0f> 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 177.020217] RSP: 0018:ffffa1c44f86b9e0 EFLAGS: 00010046
[ 177.025470] RAX: 0000000000000008 RBX: ffff961087e29000 RCX:
0000000000000000
[ 177.032644] RDX: 0000000000000000 RSI: ffff9617c9e09460 RDI:
0000000000000200
[ 177.039818] RBP: ffff9617c9e09588 R08: ffff9617c9e09460 R09:
0000000000000200
[ 177.046992] R10: ffff96107800e880 R11: 0000000000000000 R12:
00000000000010c0
[ 177.054165] R13: ffff96107800e880 R14: ffff961064c52180 R15:
ffff961066f8de00
[ 177.061337] FS: 00007f41eef7e740(0000) GS:ffff961f4d800000(0000)
knlGS:0000000000000000
[ 177.069471] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 177.075246] CR2: 000055e1e2591bd8 CR3: 00000008823b2005 CR4:
00000000007706e0
[ 177.082420] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 177.089594] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 177.096768] PKRU: 55555554
[ 177.099487] Call Trace:
[ 177.101944] <TASK>
[ 177.104052] ? __die_body+0x1e/0x60
[ 177.107560] ? die+0x3c/0x60
[ 177.110454] ? do_trap+0xe6/0x110
[ 177.113786] ? qla2xxx_dif_start_scsi_mq+0xcd8/0xce0 [qla2xxx]
[ 177.119674] ? do_error_trap+0x65/0x80
[ 177.123442] ? qla2xxx_dif_start_scsi_mq+0xcd8/0xce0 [qla2xxx]
[ 177.129328] ? exc_invalid_op+0x50/0x70
[ 177.133184] ? qla2xxx_dif_start_scsi_mq+0xcd8/0xce0 [qla2xxx]
[ 177.139071] ? asm_exc_invalid_op+0x1a/0x20
[ 177.143279] ? qla2xxx_dif_start_scsi_mq+0xcd8/0xce0 [qla2xxx]
[ 177.149165] ? internal_add_timer+0x42/0x70
[ 177.153372] qla2xxx_mqueuecommand+0x207/0x2b0 [qla2xxx]
[ 177.158730] scsi_queue_rq+0x2b7/0xc00
[ 177.162501] blk_mq_dispatch_rq_list+0x3ea/0x7e0
[ 177.167143] __blk_mq_sched_dispatch_requests+0xac/0x670
[ 177.172485] ? blk_rq_map_user_iov+0x2ae/0x690
[ 177.176952] ? blk_mq_request_bypass_insert+0x74/0xa0
[ 177.182031] blk_mq_sched_dispatch_requests+0x37/0x70
[ 177.187110] blk_mq_run_hw_queue+0x183/0x1b0
[ 177.191402] blk_execute_rq+0x103/0x230
[ 177.195257] sg_io+0x17f/0x360
[ 177.198327] scsi_ioctl_sg_io+0x69/0x90
[ 177.202182] scsi_ioctl+0x4c6/0x890
[ 177.205688] ? scsi_block_when_processing_errors+0x26/0xd0
[ 177.211204] ? multipath_prepare_ioctl+0x50/0x130 [dm_multipath]
[ 177.217247] dm_blk_ioctl+0x72/0x120 [dm_mod]
[ 177.221637] blkdev_ioctl+0x1c2/0x280
[ 177.225320] __x64_sys_ioctl+0x90/0xd0
[ 177.229089] do_syscall_64+0x3b/0x90
[ 177.232683] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[ 177.237762] RIP: 0033:0x7f41ee4397cb
[ 177.241355] Code: 73 01 c3 48 8b 0d bd 56 38 00 f7 d8 64 89 01 48 83
c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8d 56 38 00 f7 d8 64 89 01 48
[ 177.260234] RSP: 002b:00007ffe44cf3578 EFLAGS: 00000246 ORIG_RAX:
0000000000000010
[ 177.267846] RAX: ffffffffffffffda RBX: 000055e1e25909a0 RCX:
00007f41ee4397cb
[ 177.275018] RDX: 00007ffe44cf3580 RSI: 0000000000002285 RDI:
0000000000000003
[ 177.282191] RBP: 0000000000000003 R08: 0000000000000040 R09:
000055e1e2590a50
[ 177.289363] R10: 0000000000000000 R11: 0000000000000246 R12:
0000000000000000
[ 177.296535] R13: 00007ffe44cf3638 R14: 000055e1e25909a0 R15:
00007ffe44cf3890
