Re: [PATCH v2 06/11] qla2xxx: complete command early within lock

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/10/24 10:10 AM, Nilesh Javali wrote:
From: Shreyas Deodhar <sdeodhar@xxxxxxxxxxx>

A crash was observed while performing NPIV and FW reset,

  BUG: kernel NULL pointer dereference, address: 000000000000001c
  #PF: supervisor read access in kernel mode
  #PF: error_code(0x0000) - not-present page
  PGD 0 P4D 0
  Oops: 0000 1 PREEMPT_RT SMP NOPTI
  RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0
  RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246
  RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002
  RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0
  RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034
  R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000
  R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000
  FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000
  CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0
  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
  PKRU: 55555554
  Call Trace:
  <TASK>
  ? __die_body+0x1a/0x60
  ? page_fault_oops+0x16f/0x4a0
  ? do_user_addr_fault+0x174/0x7f0
  ? exc_page_fault+0x69/0x1a0
  ? asm_exc_page_fault+0x22/0x30
  ? dma_direct_unmap_sg+0x51/0x1e0
  ? preempt_count_sub+0x96/0xe0
  qla2xxx_qpair_sp_free_dma+0x29f/0x3b0 [qla2xxx]
  qla2xxx_qpair_sp_compl+0x60/0x80 [qla2xxx]
  __qla2x00_abort_all_cmds+0xa2/0x450 [qla2xxx]

The command completion was done early while aborting the
commands in driver unload path but outside lock to
avoid the WARN_ON condition of performing dma_free_attr
within the lock. However this caused race condition
while command completion via multiple paths causing system
crash.

Hence complete the command early in unload path
but within the lock to avoid race condition.

Fixes: 0367076b0817 ("scsi: qla2xxx: Perform lockless command completion in abort path")
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Shreyas Deodhar <sdeodhar@xxxxxxxxxxx>
Signed-off-by: Nilesh Javali <njavali@xxxxxxxxxxx>
---
  drivers/scsi/qla2xxx/qla_os.c | 5 -----
  1 file changed, 5 deletions(-)

diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
index 70f43eab3f01..e4056cddb727 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -1875,14 +1875,9 @@ __qla2x00_abort_all_cmds(struct qla_qpair *qp, int res)
  	for (cnt = 1; cnt < req->num_outstanding_cmds; cnt++) {
  		sp = req->outstanding_cmds[cnt];
  		if (sp) {
-			/*
-			 * perform lockless completion during driver unload
-			 */
  			if (qla2x00_chip_is_down(vha)) {
  				req->outstanding_cmds[cnt] = NULL;
-				spin_unlock_irqrestore(qp->qp_lock_ptr, flags);
  				sp->done(sp, res);
-				spin_lock_irqsave(qp->qp_lock_ptr, flags);
  				continue;
  			}

Reviewed-by: Himanshu Madhani <himanshu.madhani@xxxxxxxxxx>

--
Himanshu Madhani                                Oracle Linux Engineering





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux