Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NAS-116626 / 22.02.2 / update SCST to match upstream #1

Merged
merged 2 commits into from
Jun 7, 2022

Conversation

yocalebo
Copy link

@yocalebo yocalebo commented Jun 7, 2022

We're only 2 minor commits behind upstream stable but I'd like to get this in before we freeze for next stable/angelfish release.

lnocturno added 2 commits June 7, 2022 08:29

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Google no longer support the use of third-party apps or devices which
ask you to sign in to your Google Account using only your username and
password. This causes problems when using github mail notification action
to send SCST patches. Hence, change the Google mail server to an another one.

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Reported-by: Gilbert Standen <gilstanden@hotmail.com>

Fixes: SCST-project#45
@yocalebo yocalebo requested review from anodos325 and usaleem-ix June 7, 2022 12:31
@yocalebo yocalebo changed the title update SCST to match upstream NAS-116626 / 22.02.2 / update SCST to match upstream Jun 7, 2022
@yocalebo yocalebo merged commit 5fb4621 into stable/angelfish Jun 7, 2022
@yocalebo yocalebo deleted the NAS-116624 branch June 7, 2022 12:39
yocalebo pushed a commit that referenced this pull request Jun 7, 2022

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Fix warning message due to adisc being flushed.  Linux kernel triggered a
warning message where a different error code type is not matching up with
the expected type. Add additional translation of one error code type to
another.

WARNING: CPU: 2 PID: 1131623 at drivers/scsi/qla2xxx/qla_init.c:498
qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx]
CPU: 2 PID: 1131623 Comm: drmgr Not tainted 5.13.0-rc1-autotest #1
..
GPR28: c000000aaa9c8890 c0080000079ab678 c00000140a104800 c00000002bd19000
NIP [c00800000790857c] qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx]
LR [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx]
Call Trace:
[c00000001cdc3620] [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx] (unreliable)
[c00000001cdc3710] [c0080000078f3080] __qla2x00_abort_all_cmds+0x1b8/0x580 [qla2xxx]
[c00000001cdc3840] [c0080000078f589c] qla2x00_abort_all_cmds+0x34/0xd0 [qla2xxx]
[c00000001cdc3880] [c0080000079153d8] qla2x00_abort_isp_cleanup+0x3f0/0x570 [qla2xxx]
[c00000001cdc3920] [c0080000078fb7e8] qla2x00_remove_one+0x3d0/0x480 [qla2xxx]
[c00000001cdc39b0] [c00000000071c274] pci_device_remove+0x64/0x120
[c00000001cdc39f0] [c0000000007fb818] device_release_driver_internal+0x168/0x2a0
[c00000001cdc3a30] [c00000000070e304] pci_stop_bus_device+0xb4/0x100
[c00000001cdc3a70] [c00000000070e4f0] pci_stop_and_remove_bus_device+0x20/0x40
[c00000001cdc3aa0] [c000000000073940] pci_hp_remove_devices+0x90/0x130
[c00000001cdc3b30] [c0080000070704d0] disable_slot+0x38/0x90 [rpaphp] [
c00000001cdc3b60] [c00000000073eb4c] power_write_file+0xcc/0x180
[c00000001cdc3be0] [c0000000007354bc] pci_slot_attr_store+0x3c/0x60
[c00000001cdc3c00] [c00000000055f820] sysfs_kf_write+0x60/0x80 [c00000001cdc3c20]
[c00000000055df10] kernfs_fop_write_iter+0x1a0/0x290
[c00000001cdc3c70] [c000000000447c4c] new_sync_write+0x14c/0x1d0
[c00000001cdc3d10] [c00000000044b134] vfs_write+0x224/0x330
[c00000001cdc3d60] [c00000000044b3f4] ksys_write+0x74/0x130
[c00000001cdc3db0] [c00000000002df70] system_call_exception+0x150/0x2d0
[c00000001cdc3e10] [c00000000000d45c] system_call_common+0xec/0x278

Link: https://lore.kernel.org/r/20220110050218.3958-5-njavali@marvell.com
Cc: stable@vger.kernel.org
Reported-by: Abdul Haleem <abdhalee@linux.vnet.ibm.com>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 64f24af75b79 upstream ]
yocalebo pushed a commit that referenced this pull request Oct 28, 2022

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
This patch fixes the following Coverity complaint:

    CID 271606 (#1 of 1): Uninitialized scalar variable (UNINIT)
    uninit_use_in_call: Using uninitialized value event.
    Field event.target_name is uninitialized when calling __event_send.
yocalebo pushed a commit that referenced this pull request Oct 28, 2022

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
This patch fixes the following Coverity complaint:

    CID 271601 (#1 of 1): Uninitialized scalar variable (UNINIT)
    uninit_use_in_call: Using uninitialized value req.
    Field req.cid is uninitialized when calling iscsid_request.
yocalebo pushed a commit that referenced this pull request Oct 28, 2022

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Suppress the following (false positive) Coverity complaint:

    CID 271578 (#1 of 1): Dereference after null check (FORWARD_NULL)
    var_deref_model: Passing null pointer (*ref_cmd).scst_cmd to
    scst_set_delivery_status, which dereferences it

(*ref_cmd).scst_aen is set when (*ref_cmd).scst_state == ISCSI_CMD_STATE_AEN
and vice versa, so the Coverity complaint is a false positive. Hence rewrite
the code to suppress this complaint and make the code cleaner.
yocalebo pushed a commit that referenced this pull request Oct 28, 2022

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
This patch should fix the following bug:

iscsi-scst: ***ERROR***: Sending data failed: initiator ..., write_size 0, write_state 1, res 0
iscsi-scst: ***CRITICAL ERROR***: 0 6 31
 ------------[ cut here ]------------
kernel BUG at /usr/src/packages/BUILD/scst-3.7.0.8695/iscsi-scst/kernel/nthread.c:1517!
invalid opcode: 0000 [#1] SMP NOPTI
CPU: 12 PID: 997595 Comm: iscsiwr0_14 ...
...
RIP: 0010:iscsi_send+0x877/0x8b0 [iscsi_scst]
Call Trace:
 istwr+0x123/0x3b0 [iscsi_scst]
 kthread+0x120/0x136
 ret_from_fork+0x24/0x36
 -------------------------------------

What happens:

 - istwr() calls scst_do_job_wr().

 - scst_do_job_wr() calls iscsi_send().

 - iscsi_send() sets the 'res' variable to 0 during error
   in one of three possible places:
   iscsi_do_send(), tx_padding(), tx_ddigest().

 - All of these functions call exit_tx() which sets conn->write_state to TX_END.

 - After iscsi_send() has completed for the current iteration, the next time
   it processes iscsi_conn with conn->write_state == TX_END,
   which will call BUG() in the switch default case.

Therefore, remove the res == 0 check in iscsi_send() to handle TX_END state.

Fixes: SCST-project#12
yocalebo pushed a commit that referenced this pull request Oct 28, 2022

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
This patch fixes the following Coverity complaint:

    CID 275306 (#1 of 1): Resource leak (RESOURCE_LEAK)
    Variable cwrp going out of scope leaks the storage it points to.

In the scst_cmp_wr_local() function, we don't free 'cwrp' if the next
check after the memory allocation fails. Hence move this check before
allocating memory.

Fixes: 4525b04 ("scst: Reject inconsistent COMPARE AND WRITE commands")
yocalebo pushed a commit that referenced this pull request Nov 23, 2022

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
This patch should fix the following bug:

list_del corruption. next->prev should be ffff955cb1ea2540, but was ffff955c54a32440
 ------------[ cut here ]------------
kernel BUG at lib/list_debug.c:54!
invalid opcode: 0000 [#1] SMP PTI
Workqueue: events vdev_inq_changed_fn [scst_vdisk]
RIP: 0010:__list_del_entry_valid.cold+0x1d/0x47
Call Trace:
 scst_cm_dev_unregister+0x66/0xd0 [scst]
 scst_cm_update_dev+0x41/0xc0 [scst]
 process_one_work+0x1ee/0x390
 worker_thread+0x53/0x3e0
 kthread+0x124/0x150
 ret_from_fork+0x1f/0x30

scst_cm_desig_list is a global list for all SCST devices. It must be
protected with scst_cm_mutex because it can be modified by
scst_cm_init_inq_finish() from another thread when scst_cm_update_dev()
is called.

Fixes: SCST-project#99
yocalebo pushed a commit that referenced this pull request Jan 5, 2023

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
This patch should fix the following bug:

list_del corruption. next->prev should be ffff955cb1ea2540, but was ffff955c54a32440
 ------------[ cut here ]------------
kernel BUG at lib/list_debug.c:54!
invalid opcode: 0000 [#1] SMP PTI
Workqueue: events vdev_inq_changed_fn [scst_vdisk]
RIP: 0010:__list_del_entry_valid.cold+0x1d/0x47
Call Trace:
 scst_cm_dev_unregister+0x66/0xd0 [scst]
 scst_cm_update_dev+0x41/0xc0 [scst]
 process_one_work+0x1ee/0x390
 worker_thread+0x53/0x3e0
 kthread+0x124/0x150
 ret_from_fork+0x1f/0x30

scst_cm_desig_list is a global list for all SCST devices. It must be
protected with scst_cm_mutex because it can be modified by
scst_cm_init_inq_finish() from another thread when scst_cm_update_dev()
is called.

Fixes: SCST-project#99
yocalebo pushed a commit that referenced this pull request Jan 5, 2023

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
This patch fixes the following Coverity complaint:

    CID 275308 (#1-2 of 2): Uninitialized scalar variable (UNINIT)
    uninit_use_in_call: Using uninitialized value
    multi.multi_cmd.replies_done when calling fprintf.
yocalebo pushed a commit that referenced this pull request Jan 5, 2023

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
scst_clear_aca_mcmd() can only return an error if
scst_set_mcmd_next_state() fails. In this case, the mcmd->state will be
SCST_MCMD_STATE_WAITING_AFFECTED_CMDS_DONE or
SCST_MCMD_STATE_WAITING_AFFECTED_CMDS_FINISH. Thus, a secondary call of
scst_set_mcmd_next_state() will match the default branch of the switch
statement, resulting in a crash.

Therefore, fix the error handling for scst_clear_aca_mcmd() to avoid
this case.

This patch fixes the following Coverity complaint:

    CID 271592 (#1 of 1): Unused value (UNUSED_VALUE)
    returned_value: Assigning value from scst_clear_aca_mcmd(mcmd) to
    res here, but that stored value is overwritten before it can be
    used.
yocalebo pushed a commit that referenced this pull request Mar 8, 2023

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
This patch fixes the following Coverity complaint:

    CID 275308 (#1-2 of 2): Uninitialized scalar variable (UNINIT)
    uninit_use_in_call: Using uninitialized value
    multi.multi_cmd.replies_done when calling fprintf.
yocalebo pushed a commit that referenced this pull request Mar 8, 2023

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
scst_clear_aca_mcmd() can only return an error if
scst_set_mcmd_next_state() fails. In this case, the mcmd->state will be
SCST_MCMD_STATE_WAITING_AFFECTED_CMDS_DONE or
SCST_MCMD_STATE_WAITING_AFFECTED_CMDS_FINISH. Thus, a secondary call of
scst_set_mcmd_next_state() will match the default branch of the switch
statement, resulting in a crash.

Therefore, fix the error handling for scst_clear_aca_mcmd() to avoid
this case.

This patch fixes the following Coverity complaint:

    CID 271592 (#1 of 1): Unused value (UNUSED_VALUE)
    returned_value: Assigning value from scst_clear_aca_mcmd(mcmd) to
    res here, but that stored value is overwritten before it can be
    used.
bmeagherix pushed a commit that referenced this pull request May 15, 2023

Unverified

This user has not yet uploaded their public signing key.
This patch fixes the following Coverity complaint:

    CID 307352 (#1 of 1): Uninitialized pointer read (UNINIT)
    uninit_use_in_call: Using uninitialized value arg when calling
    kfree.

Fixes: 7ba5b11 ("scst_disk: Add cluster SCSI sync state mode
support to dev_disk")
bmeagherix pushed a commit that referenced this pull request May 15, 2023

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
While adding and removing the controller, the following call trace was
observed:

WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50
CPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1
RIP: 0010:dma_free_attrs+0x33/0x50

Call Trace:
   qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx]
   qla2x00_abort_srb+0x8e/0x250 [qla2xxx]
   ? ql_dbg+0x70/0x100 [qla2xxx]
   __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx]
   qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx]
   qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx]
   qla2x00_remove_one+0x364/0x400 [qla2xxx]
   pci_device_remove+0x36/0xa0
   __device_release_driver+0x17a/0x230
   device_release_driver+0x24/0x30
   pci_stop_bus_device+0x68/0x90
   pci_stop_and_remove_bus_device_locked+0x16/0x30
   remove_store+0x75/0x90
   kernfs_fop_write_iter+0x11c/0x1b0
   new_sync_write+0x11f/0x1b0
   vfs_write+0x1eb/0x280
   ksys_write+0x5f/0xe0
   do_syscall_64+0x5c/0x80
   ? do_user_addr_fault+0x1d8/0x680
   ? do_syscall_64+0x69/0x80
   ? exc_page_fault+0x62/0x140
   ? asm_exc_page_fault+0x8/0x30
   entry_SYSCALL_64_after_hwframe+0x44/0xae

The command was completed in the abort path during driver unload with a
lock held, causing the warning in abort path. Hence complete the command
without any lock held.

Reported-by: Lin Li <lilin@redhat.com>
Tested-by: Lin Li <lilin@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230313043711.13500-2-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Reviewed-by: John Meneghini <jmeneghi@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 0367076b0817 upstream ]
bmeagherix pushed a commit that referenced this pull request May 15, 2023

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
A system hang was observed with the following call trace:

BUG: kernel NULL pointer dereference, address: 0000000000000000
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 15 PID: 86747 Comm: nvme Kdump: loaded Not tainted 6.2.0+ #1
Hardware name: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 03/31/2022
RIP: 0010:__wake_up_common+0x55/0x190
Code: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43 08 4c 8d
      40 e8 48 8d 43 08 48 89 04 24 48 89 c6\
      49 8d 40 18 48 39 c6 0f 84 e9 00 00 00 <49> 8b 40 18 89 6c 24 14 31
      ed 4c 8d 60 e8 41 8b 18 f6 c3 04 75 5d
RSP: 0018:ffffb05a82afbba0 EFLAGS: 00010082
RAX: 0000000000000000 RBX: ffff8f9b83a00018 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffff8f9b83a00020 RDI: ffff8f9b83a00018
RBP: 0000000000000001 R08: ffffffffffffffe8 R09: ffffb05a82afbbf8
R10: 70735f7472617473 R11: 5f30307832616c71 R12: 0000000000000001
R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f815cf4c740(0000) GS:ffff8f9eeed80000(0000)
	knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000010633a000 CR4: 0000000000350ee0
Call Trace:
    <TASK>
    __wake_up_common_lock+0x83/0xd0
    qla_nvme_ls_req+0x21b/0x2b0 [qla2xxx]
    __nvme_fc_send_ls_req+0x1b5/0x350 [nvme_fc]
    nvme_fc_xmt_disconnect_assoc+0xca/0x110 [nvme_fc]
    nvme_fc_delete_association+0x1bf/0x220 [nvme_fc]
    ? nvme_remove_namespaces+0x9f/0x140 [nvme_core]
    nvme_do_delete_ctrl+0x5b/0xa0 [nvme_core]
    nvme_sysfs_delete+0x5f/0x70 [nvme_core]
    kernfs_fop_write_iter+0x12b/0x1c0
    vfs_write+0x2a3/0x3b0
    ksys_write+0x5f/0xe0
    do_syscall_64+0x5c/0x90
    ? syscall_exit_work+0x103/0x130
    ? syscall_exit_to_user_mode+0x12/0x30
    ? do_syscall_64+0x69/0x90
    ? exit_to_user_mode_loop+0xd0/0x130
    ? exit_to_user_mode_prepare+0xec/0x100
    ? syscall_exit_to_user_mode+0x12/0x30
    ? do_syscall_64+0x69/0x90
    ? syscall_exit_to_user_mode+0x12/0x30
    ? do_syscall_64+0x69/0x90
    entry_SYSCALL_64_after_hwframe+0x72/0xdc
    RIP: 0033:0x7f815cd3eb97

The IOCB counts are out of order and that would block any commands from
going out and subsequently hang the system. Synchronize the IOCB count to
be in correct order.

Fixes: 5f63a163ed2f ("scsi: qla2xxx: Fix exchange oversubscription for management commands")
Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230313043711.13500-3-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Reviewed-by: John Meneghini <jmeneghi@redhat.com>
Tested-by: Lin Li <lilin@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit d3affdeb400f upstream ]
bmeagherix pushed a commit that referenced this pull request Nov 21, 2023

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
The prepare_to_wait_exclusive_head() function was modified in
commit d8894cb ("scst.h: Refactor wait_event_locked() to enhance
usability and clarity"). It now returns an error if the current
interruptible thread has pending signals.

This patch introduces the scst_wait_for_cmd() helper function for the
scst_cmd_thread(). This new function handles the return value of the
prepare_to_wait_exclusive_head() appropriately.

This patch fixes the following Coverity complaint:

    CID 321410 (#1 of 1): Unchecked return value (CHECKED_RETURN)
    check_return: Calling prepare_to_wait_exclusive_head without
    checking return value.
bmeagherix pushed a commit that referenced this pull request Nov 21, 2023

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
System crash when qla2x00_start_sp(sp) returns error code EGAIN and wake_up
gets called for uninitialized wait queue sp->nvme_ls_waitq.

    qla2xxx [0000:37:00.1]-2121:5: Returning existing qpair of ffff8ae2c0513400 for idx=0
    qla2xxx [0000:37:00.1]-700e:5: qla2x00_start_sp failed = 11
    BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
    PGD 0 P4D 0
    Oops: 0000 [#1] SMP NOPTI
    Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021
    Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]
    RIP: 0010:__wake_up_common+0x4c/0x190
    RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086
    RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000
    RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320
    RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8
    R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20
    R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000
    FS:  0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    PKRU: 55555554
    Call Trace:
     __wake_up_common_lock+0x7c/0xc0
     qla_nvme_ls_req+0x355/0x4c0 [qla2xxx]
     ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc]
     ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc]
     ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc]

Remove unused nvme_ls_waitq wait queue. nvme_ls_waitq logic was removed
previously in the commits tagged Fixed: below.

Fixes: 219d27d7147e ("scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands")
Fixes: 5621b0dd7453 ("scsi: qla2xxx: Simpify unregistration of FC-NVMe local/remote ports")
Cc: stable@vger.kernel.org
Signed-off-by: Manish Rangankar <mrangankar@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230615074633.12721-1-njavali@marvell.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 20fce500b232 upstream ]
bmeagherix pushed a commit that referenced this pull request Nov 21, 2023

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
…id()

The following call trace was observed:

localhost kernel: nvme nvme0: NVME-FC{0}: controller connect complete
localhost kernel: BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u129:4/75092
localhost kernel: nvme nvme0: NVME-FC{0}: new ctrl: NQN "nqn.1992-08.com.netapp:sn.b42d198afb4d11ecad6d00a098d6abfa:subsystem.PR_Channel2022_RH84_subsystem_291"
localhost kernel: caller is qla_nvme_post_cmd+0x216/0x1380 [qla2xxx]
localhost kernel: CPU: 6 PID: 75092 Comm: kworker/u129:4 Kdump: loaded Tainted: G    B   W  OE    --------- ---  5.14.0-70.22.1.el9_0.x86_64+debug #1
localhost kernel: Hardware name: HPE ProLiant XL420 Gen10/ProLiant XL420 Gen10, BIOS U39 01/13/2022
localhost kernel: Workqueue: nvme-wq nvme_async_event_work [nvme_core]
localhost kernel: Call Trace:
localhost kernel: dump_stack_lvl+0x57/0x7d
localhost kernel: check_preemption_disabled+0xc8/0xd0
localhost kernel: qla_nvme_post_cmd+0x216/0x1380 [qla2xxx]

Use raw_smp_processor_id() instead of smp_processor_id().

Also use queue_work() across the driver instead of queue_work_on() thus
avoiding usage of smp_processor_id() when CONFIG_DEBUG_PREEMPT is enabled.

Cc: stable@vger.kernel.org
Suggested-by: John Garry <john.g.garry@oracle.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20230831112146.32595-2-njavali@marvell.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 59f10a05b5c7 upstream ]
bmeagherix pushed a commit that referenced this pull request Jan 16, 2024

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
On driver load, scsi_add_host() can fail. This triggers the free path to
call qla2x00_mem_free() multiple times. This causes NULL pointer access of
ha->base_qpair. Add check before access.

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
 IP: [<ffffffffc118f73c>] qla2x00_mem_free+0x51c/0xcb0 [qla2xxx]
 PGD 8000001fcfe4a067 PUD 1fc8f0a067 PMD 0
 Oops: 0000 [#1] SMP
 RIP: 0010:[<ffffffffc118f73c>]  [<ffffffffc118f73c>] qla2x00_mem_free+0x51c/0xcb0 [qla2xxx]
 RSP: 0018:ffff8ace97a93a30  EFLAGS: 00010246
 RAX: 0000000000000000 RBX: ffff8ace8efd0000 RCX: 000000000000488f
 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
 RBP: ffff8ace97a93a60 R08: 000000000001f040 R09: ffffffff8678209b
 R10: ffff8acf7d6df040 R11: ffffc591c0fcc980 R12: ffffffff87034800
 R13: ffff8acf0e3cc740 R14: ffff8ace8efd0000 R15: 00000000fffffff4
 FS:  00007f4cf5449740(0000) GS:ffff8acf7d6c0000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000030 CR3: 0000001fc2f6c000 CR4: 00000000007607e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 Call Trace:
  [<ffffffff86781f18>] ? kobject_put+0x28/0x60
  [<ffffffffc119a59c>] qla2x00_probe_one+0x19fc/0x3040 [qla2xxx]

Fixes: efeda3bf912f ("scsi: qla2xxx: Move resource to allow code reuse")
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20231016101749.5059-1-njavali@marvell.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 097c06394c83 upstream ]
bmeagherix pushed a commit that referenced this pull request Apr 30, 2024

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
Suppress the following (false positive) Coverity complaint:

    CID 347415: (#1 of 1): Dereference after null check (FORWARD_NULL)
    var_deref_model: Passing null pointer virt_dev->bdev_handle to
    bdev_release_backport, which dereferences it
bmeagherix pushed a commit that referenced this pull request May 6, 2024

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
System crash due to command failed to flush back to SCSI layer.

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
 PGD 0 P4D 0
 Oops: 0000 [#1] SMP NOPTI
 CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G           OE    --------- -  - 4.18.0-372.9.1.el8.x86_64 #1
 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021
 Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]
 RIP: 0010:__wake_up_common+0x4c/0x190
 Code: 24 10 4d 85 c9 74 0a 41 f6 01 04 0f 85 9d 00 00 00 48 8b 43 08 48 83 c3 08 4c 8d 48 e8 49 8d 41 18 48 39 c3 0f 84 f0 00 00 00 <49> 8b 41 18 89 54 24 08 31 ed 4c 8d 70 e8 45 8b 29 41 f6 c5 04 75
 RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086
 RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000
 RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320
 RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8
 R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20
 R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000
 FS:  0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 PKRU: 55555554
 Call Trace:
  __wake_up_common_lock+0x7c/0xc0
  qla_nvme_ls_req+0x355/0x4c0 [qla2xxx]
 qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae1407ca000 from port 21:32:00:02:ac:07:ee:b8 loop_id 0x02 s_id 01:02:00 logout 1 keep 0 els_logo 0
 ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc]
 qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:00:02:ac:07:ee:b8 state transitioned from ONLINE to LOST - portid=010200.
  ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc]
 qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320002ac07eeb8. rport ffff8ae598122000 roles 1
 ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc]
 qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae14801e000 from port 21:32:01:02:ad:f7:ee:b8 loop_id 0x04 s_id 01:02:01 logout 1 keep 0 els_logo 0
  ? __switch_to+0x10c/0x450
 ? process_one_work+0x1a7/0x360
 qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:01:02:ad:f7:ee:b8 state transitioned from ONLINE to LOST - portid=010201.
  ? worker_thread+0x1ce/0x390
  ? create_worker+0x1a0/0x1a0
 qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320102adf7eeb8. rport ffff8ae3b2312800 roles 70
  ? kthread+0x10a/0x120
 qla2xxx [0000:12:00.1]-2112:3: qla_nvme_unregister_remote_port: unregister remoteport on ffff8ae14801e000 21320102adf7eeb8
  ? set_kthread_struct+0x40/0x40
 qla2xxx [0000:12:00.1]-2110:3: remoteport_delete of ffff8ae14801e000 21320102adf7eeb8 completed.
  ? ret_from_fork+0x1f/0x40
 qla2xxx [0000:12:00.1]-f086:3: qlt_free_session_done: waiting for sess ffff8ae14801e000 logout

The system was under memory stress where driver was not able to allocate an
SRB to carry out error recovery of cable pull.  The failure to flush causes
upper layer to start modifying scsi_cmnd.  When the system frees up some
memory, the subsequent cable pull trigger another command flush. At this
point the driver access a null pointer when attempting to DMA unmap the
SGL.

Add a check to make sure commands are flush back on session tear down to
prevent the null pointer access.

Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240227164127.36465-7-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit a27d4d0e7de3 upstream ]
bmeagherix pushed a commit that referenced this pull request May 6, 2024

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
The server was crashing after LOGO because fcport was getting freed twice.

 -----------[ cut here ]-----------
 kernel BUG at mm/slub.c:371!
 invalid opcode: 0000 1 SMP PTI
 CPU: 35 PID: 4610 Comm: bash Kdump: loaded Tainted: G OE --------- - - 4.18.0-425.3.1.el8.x86_64 #1
 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021
 RIP: 0010:set_freepointer.part.57+0x0/0x10
 RSP: 0018:ffffb07107027d90 EFLAGS: 00010246
 RAX: ffff9cb7e3150000 RBX: ffff9cb7e332b9c0 RCX: ffff9cb7e3150400
 RDX: 0000000000001f37 RSI: 0000000000000000 RDI: ffff9cb7c0005500
 RBP: fffff693448c5400 R08: 0000000080000000 R09: 0000000000000009
 R10: 0000000000000000 R11: 0000000000132af0 R12: ffff9cb7c0005500
 R13: ffff9cb7e3150000 R14: ffffffffc06990e0 R15: ffff9cb7ea85ea58
 FS: 00007ff6b79c2740(0000) GS:ffff9cb8f7ec0000(0000) knlGS:0000000000000000
 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 000055b426b7d700 CR3: 0000000169c18002 CR4: 00000000007706e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 PKRU: 55555554
 Call Trace:
 kfree+0x238/0x250
 qla2x00_els_dcmd_sp_free+0x20/0x230 [qla2xxx]
 ? qla24xx_els_dcmd_iocb+0x607/0x690 [qla2xxx]
 qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx]
 ? qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx]
 ? kernfs_fop_write+0x11e/0x1a0

Remove one of the free calls and add check for valid fcport. Also use
function qla2x00_free_fcport() instead of kfree().

Cc: stable@vger.kernel.org
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240227164127.36465-9-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 82f522ae0d97 upstream ]
bmeagherix pushed a commit that referenced this pull request Sep 19, 2024

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
During vport delete, it is observed that during unload we hit a crash
because of stale entries in outstanding command array.  For all these stale
I/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but
I/Os could not complete while vport delete is in process of deleting.

  BUG: kernel NULL pointer dereference, address: 000000000000001c
  #PF: supervisor read access in kernel mode
  #PF: error_code(0x0000) - not-present page
  PGD 0 P4D 0
  Oops: 0000 [#1] PREEMPT SMP NOPTI
  Workqueue: qla2xxx_wq qla_do_work [qla2xxx]
  RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0
  RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046
  RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001
  RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0
  RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8
  R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000
  R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000
  FS:  0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0
  Call Trace:
  <TASK>
  qla2xxx_qpair_sp_free_dma+0x417/0x4e0
  ? qla2xxx_qpair_sp_compl+0x10d/0x1a0
  ? qla2x00_status_entry+0x768/0x2830
  ? newidle_balance+0x2f0/0x430
  ? dequeue_entity+0x100/0x3c0
  ? qla24xx_process_response_queue+0x6a1/0x19e0
  ? __schedule+0x2d5/0x1140
  ? qla_do_work+0x47/0x60
  ? process_one_work+0x267/0x440
  ? process_one_work+0x440/0x440
  ? worker_thread+0x2d/0x3d0
  ? process_one_work+0x440/0x440
  ? kthread+0x156/0x180
  ? set_kthread_struct+0x50/0x50
  ? ret_from_fork+0x22/0x30
  </TASK>

Send out async logout explicitly for all the ports during vport delete.

Cc: stable@vger.kernel.org
Signed-off-by: Manish Rangankar <mrangankar@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240710171057.35066-8-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
[ commit 76f480d7c717 upstream ]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants