forked from SCST-project/scst
-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NAS-116626 / 22.02.2 / update SCST to match upstream #1
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Google no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. This causes problems when using github mail notification action to send SCST patches. Hence, change the Google mail server to an another one.
Reported-by: Gilbert Standen <gilstanden@hotmail.com> Fixes: SCST-project#45
yocalebo
changed the title
update SCST to match upstream
NAS-116626 / 22.02.2 / update SCST to match upstream
Jun 7, 2022
usaleem-ix
approved these changes
Jun 7, 2022
yocalebo
pushed a commit
that referenced
this pull request
Jun 7, 2022
Fix warning message due to adisc being flushed. Linux kernel triggered a warning message where a different error code type is not matching up with the expected type. Add additional translation of one error code type to another. WARNING: CPU: 2 PID: 1131623 at drivers/scsi/qla2xxx/qla_init.c:498 qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx] CPU: 2 PID: 1131623 Comm: drmgr Not tainted 5.13.0-rc1-autotest #1 .. GPR28: c000000aaa9c8890 c0080000079ab678 c00000140a104800 c00000002bd19000 NIP [c00800000790857c] qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx] LR [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx] Call Trace: [c00000001cdc3620] [c008000007908578] qla2x00_async_adisc_sp_done+0x290/0x2b0 [qla2xxx] (unreliable) [c00000001cdc3710] [c0080000078f3080] __qla2x00_abort_all_cmds+0x1b8/0x580 [qla2xxx] [c00000001cdc3840] [c0080000078f589c] qla2x00_abort_all_cmds+0x34/0xd0 [qla2xxx] [c00000001cdc3880] [c0080000079153d8] qla2x00_abort_isp_cleanup+0x3f0/0x570 [qla2xxx] [c00000001cdc3920] [c0080000078fb7e8] qla2x00_remove_one+0x3d0/0x480 [qla2xxx] [c00000001cdc39b0] [c00000000071c274] pci_device_remove+0x64/0x120 [c00000001cdc39f0] [c0000000007fb818] device_release_driver_internal+0x168/0x2a0 [c00000001cdc3a30] [c00000000070e304] pci_stop_bus_device+0xb4/0x100 [c00000001cdc3a70] [c00000000070e4f0] pci_stop_and_remove_bus_device+0x20/0x40 [c00000001cdc3aa0] [c000000000073940] pci_hp_remove_devices+0x90/0x130 [c00000001cdc3b30] [c0080000070704d0] disable_slot+0x38/0x90 [rpaphp] [ c00000001cdc3b60] [c00000000073eb4c] power_write_file+0xcc/0x180 [c00000001cdc3be0] [c0000000007354bc] pci_slot_attr_store+0x3c/0x60 [c00000001cdc3c00] [c00000000055f820] sysfs_kf_write+0x60/0x80 [c00000001cdc3c20] [c00000000055df10] kernfs_fop_write_iter+0x1a0/0x290 [c00000001cdc3c70] [c000000000447c4c] new_sync_write+0x14c/0x1d0 [c00000001cdc3d10] [c00000000044b134] vfs_write+0x224/0x330 [c00000001cdc3d60] [c00000000044b3f4] ksys_write+0x74/0x130 [c00000001cdc3db0] [c00000000002df70] system_call_exception+0x150/0x2d0 [c00000001cdc3e10] [c00000000000d45c] system_call_common+0xec/0x278 Link: https://lore.kernel.org/r/20220110050218.3958-5-njavali@marvell.com Cc: stable@vger.kernel.org Reported-by: Abdul Haleem <abdhalee@linux.vnet.ibm.com> Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Quinn Tran <qutran@marvell.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> [ commit 64f24af75b79 upstream ]
yocalebo
pushed a commit
that referenced
this pull request
Oct 28, 2022
This patch fixes the following Coverity complaint: CID 271606 (#1 of 1): Uninitialized scalar variable (UNINIT) uninit_use_in_call: Using uninitialized value event. Field event.target_name is uninitialized when calling __event_send.
yocalebo
pushed a commit
that referenced
this pull request
Oct 28, 2022
This patch fixes the following Coverity complaint: CID 271601 (#1 of 1): Uninitialized scalar variable (UNINIT) uninit_use_in_call: Using uninitialized value req. Field req.cid is uninitialized when calling iscsid_request.
yocalebo
pushed a commit
that referenced
this pull request
Oct 28, 2022
Suppress the following (false positive) Coverity complaint: CID 271578 (#1 of 1): Dereference after null check (FORWARD_NULL) var_deref_model: Passing null pointer (*ref_cmd).scst_cmd to scst_set_delivery_status, which dereferences it (*ref_cmd).scst_aen is set when (*ref_cmd).scst_state == ISCSI_CMD_STATE_AEN and vice versa, so the Coverity complaint is a false positive. Hence rewrite the code to suppress this complaint and make the code cleaner.
yocalebo
pushed a commit
that referenced
this pull request
Oct 28, 2022
This patch should fix the following bug: iscsi-scst: ***ERROR***: Sending data failed: initiator ..., write_size 0, write_state 1, res 0 iscsi-scst: ***CRITICAL ERROR***: 0 6 31 ------------[ cut here ]------------ kernel BUG at /usr/src/packages/BUILD/scst-3.7.0.8695/iscsi-scst/kernel/nthread.c:1517! invalid opcode: 0000 [#1] SMP NOPTI CPU: 12 PID: 997595 Comm: iscsiwr0_14 ... ... RIP: 0010:iscsi_send+0x877/0x8b0 [iscsi_scst] Call Trace: istwr+0x123/0x3b0 [iscsi_scst] kthread+0x120/0x136 ret_from_fork+0x24/0x36 ------------------------------------- What happens: - istwr() calls scst_do_job_wr(). - scst_do_job_wr() calls iscsi_send(). - iscsi_send() sets the 'res' variable to 0 during error in one of three possible places: iscsi_do_send(), tx_padding(), tx_ddigest(). - All of these functions call exit_tx() which sets conn->write_state to TX_END. - After iscsi_send() has completed for the current iteration, the next time it processes iscsi_conn with conn->write_state == TX_END, which will call BUG() in the switch default case. Therefore, remove the res == 0 check in iscsi_send() to handle TX_END state. Fixes: SCST-project#12
yocalebo
pushed a commit
that referenced
this pull request
Oct 28, 2022
This patch fixes the following Coverity complaint: CID 275306 (#1 of 1): Resource leak (RESOURCE_LEAK) Variable cwrp going out of scope leaks the storage it points to. In the scst_cmp_wr_local() function, we don't free 'cwrp' if the next check after the memory allocation fails. Hence move this check before allocating memory. Fixes: 4525b04 ("scst: Reject inconsistent COMPARE AND WRITE commands")
yocalebo
pushed a commit
that referenced
this pull request
Nov 23, 2022
This patch should fix the following bug: list_del corruption. next->prev should be ffff955cb1ea2540, but was ffff955c54a32440 ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:54! invalid opcode: 0000 [#1] SMP PTI Workqueue: events vdev_inq_changed_fn [scst_vdisk] RIP: 0010:__list_del_entry_valid.cold+0x1d/0x47 Call Trace: scst_cm_dev_unregister+0x66/0xd0 [scst] scst_cm_update_dev+0x41/0xc0 [scst] process_one_work+0x1ee/0x390 worker_thread+0x53/0x3e0 kthread+0x124/0x150 ret_from_fork+0x1f/0x30 scst_cm_desig_list is a global list for all SCST devices. It must be protected with scst_cm_mutex because it can be modified by scst_cm_init_inq_finish() from another thread when scst_cm_update_dev() is called. Fixes: SCST-project#99
yocalebo
pushed a commit
that referenced
this pull request
Jan 5, 2023
This patch should fix the following bug: list_del corruption. next->prev should be ffff955cb1ea2540, but was ffff955c54a32440 ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:54! invalid opcode: 0000 [#1] SMP PTI Workqueue: events vdev_inq_changed_fn [scst_vdisk] RIP: 0010:__list_del_entry_valid.cold+0x1d/0x47 Call Trace: scst_cm_dev_unregister+0x66/0xd0 [scst] scst_cm_update_dev+0x41/0xc0 [scst] process_one_work+0x1ee/0x390 worker_thread+0x53/0x3e0 kthread+0x124/0x150 ret_from_fork+0x1f/0x30 scst_cm_desig_list is a global list for all SCST devices. It must be protected with scst_cm_mutex because it can be modified by scst_cm_init_inq_finish() from another thread when scst_cm_update_dev() is called. Fixes: SCST-project#99
yocalebo
pushed a commit
that referenced
this pull request
Jan 5, 2023
This patch fixes the following Coverity complaint: CID 275308 (#1-2 of 2): Uninitialized scalar variable (UNINIT) uninit_use_in_call: Using uninitialized value multi.multi_cmd.replies_done when calling fprintf.
yocalebo
pushed a commit
that referenced
this pull request
Jan 5, 2023
scst_clear_aca_mcmd() can only return an error if scst_set_mcmd_next_state() fails. In this case, the mcmd->state will be SCST_MCMD_STATE_WAITING_AFFECTED_CMDS_DONE or SCST_MCMD_STATE_WAITING_AFFECTED_CMDS_FINISH. Thus, a secondary call of scst_set_mcmd_next_state() will match the default branch of the switch statement, resulting in a crash. Therefore, fix the error handling for scst_clear_aca_mcmd() to avoid this case. This patch fixes the following Coverity complaint: CID 271592 (#1 of 1): Unused value (UNUSED_VALUE) returned_value: Assigning value from scst_clear_aca_mcmd(mcmd) to res here, but that stored value is overwritten before it can be used.
yocalebo
pushed a commit
that referenced
this pull request
Mar 8, 2023
This patch fixes the following Coverity complaint: CID 275308 (#1-2 of 2): Uninitialized scalar variable (UNINIT) uninit_use_in_call: Using uninitialized value multi.multi_cmd.replies_done when calling fprintf.
yocalebo
pushed a commit
that referenced
this pull request
Mar 8, 2023
scst_clear_aca_mcmd() can only return an error if scst_set_mcmd_next_state() fails. In this case, the mcmd->state will be SCST_MCMD_STATE_WAITING_AFFECTED_CMDS_DONE or SCST_MCMD_STATE_WAITING_AFFECTED_CMDS_FINISH. Thus, a secondary call of scst_set_mcmd_next_state() will match the default branch of the switch statement, resulting in a crash. Therefore, fix the error handling for scst_clear_aca_mcmd() to avoid this case. This patch fixes the following Coverity complaint: CID 271592 (#1 of 1): Unused value (UNUSED_VALUE) returned_value: Assigning value from scst_clear_aca_mcmd(mcmd) to res here, but that stored value is overwritten before it can be used.
bmeagherix
pushed a commit
that referenced
this pull request
May 15, 2023
While adding and removing the controller, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50 CPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1 RIP: 0010:dma_free_attrs+0x33/0x50 Call Trace: qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx] qla2x00_abort_srb+0x8e/0x250 [qla2xxx] ? ql_dbg+0x70/0x100 [qla2xxx] __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx] qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx] qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx] qla2x00_remove_one+0x364/0x400 [qla2xxx] pci_device_remove+0x36/0xa0 __device_release_driver+0x17a/0x230 device_release_driver+0x24/0x30 pci_stop_bus_device+0x68/0x90 pci_stop_and_remove_bus_device_locked+0x16/0x30 remove_store+0x75/0x90 kernfs_fop_write_iter+0x11c/0x1b0 new_sync_write+0x11f/0x1b0 vfs_write+0x1eb/0x280 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0x80 ? do_user_addr_fault+0x1d8/0x680 ? do_syscall_64+0x69/0x80 ? exc_page_fault+0x62/0x140 ? asm_exc_page_fault+0x8/0x30 entry_SYSCALL_64_after_hwframe+0x44/0xae The command was completed in the abort path during driver unload with a lock held, causing the warning in abort path. Hence complete the command without any lock held. Reported-by: Lin Li <lilin@redhat.com> Tested-by: Lin Li <lilin@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Nilesh Javali <njavali@marvell.com> Link: https://lore.kernel.org/r/20230313043711.13500-2-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Reviewed-by: John Meneghini <jmeneghi@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> [ commit 0367076b0817 upstream ]
bmeagherix
pushed a commit
that referenced
this pull request
May 15, 2023
A system hang was observed with the following call trace: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 15 PID: 86747 Comm: nvme Kdump: loaded Not tainted 6.2.0+ #1 Hardware name: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 03/31/2022 RIP: 0010:__wake_up_common+0x55/0x190 Code: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43 08 4c 8d 40 e8 48 8d 43 08 48 89 04 24 48 89 c6\ 49 8d 40 18 48 39 c6 0f 84 e9 00 00 00 <49> 8b 40 18 89 6c 24 14 31 ed 4c 8d 60 e8 41 8b 18 f6 c3 04 75 5d RSP: 0018:ffffb05a82afbba0 EFLAGS: 00010082 RAX: 0000000000000000 RBX: ffff8f9b83a00018 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffff8f9b83a00020 RDI: ffff8f9b83a00018 RBP: 0000000000000001 R08: ffffffffffffffe8 R09: ffffb05a82afbbf8 R10: 70735f7472617473 R11: 5f30307832616c71 R12: 0000000000000001 R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f815cf4c740(0000) GS:ffff8f9eeed80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000010633a000 CR4: 0000000000350ee0 Call Trace: <TASK> __wake_up_common_lock+0x83/0xd0 qla_nvme_ls_req+0x21b/0x2b0 [qla2xxx] __nvme_fc_send_ls_req+0x1b5/0x350 [nvme_fc] nvme_fc_xmt_disconnect_assoc+0xca/0x110 [nvme_fc] nvme_fc_delete_association+0x1bf/0x220 [nvme_fc] ? nvme_remove_namespaces+0x9f/0x140 [nvme_core] nvme_do_delete_ctrl+0x5b/0xa0 [nvme_core] nvme_sysfs_delete+0x5f/0x70 [nvme_core] kernfs_fop_write_iter+0x12b/0x1c0 vfs_write+0x2a3/0x3b0 ksys_write+0x5f/0xe0 do_syscall_64+0x5c/0x90 ? syscall_exit_work+0x103/0x130 ? syscall_exit_to_user_mode+0x12/0x30 ? do_syscall_64+0x69/0x90 ? exit_to_user_mode_loop+0xd0/0x130 ? exit_to_user_mode_prepare+0xec/0x100 ? syscall_exit_to_user_mode+0x12/0x30 ? do_syscall_64+0x69/0x90 ? syscall_exit_to_user_mode+0x12/0x30 ? do_syscall_64+0x69/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f815cd3eb97 The IOCB counts are out of order and that would block any commands from going out and subsequently hang the system. Synchronize the IOCB count to be in correct order. Fixes: 5f63a163ed2f ("scsi: qla2xxx: Fix exchange oversubscription for management commands") Cc: stable@vger.kernel.org Signed-off-by: Quinn Tran <qutran@marvell.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Link: https://lore.kernel.org/r/20230313043711.13500-3-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Reviewed-by: John Meneghini <jmeneghi@redhat.com> Tested-by: Lin Li <lilin@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> [ commit d3affdeb400f upstream ]
bmeagherix
pushed a commit
that referenced
this pull request
Nov 21, 2023
The prepare_to_wait_exclusive_head() function was modified in commit d8894cb ("scst.h: Refactor wait_event_locked() to enhance usability and clarity"). It now returns an error if the current interruptible thread has pending signals. This patch introduces the scst_wait_for_cmd() helper function for the scst_cmd_thread(). This new function handles the return value of the prepare_to_wait_exclusive_head() appropriately. This patch fixes the following Coverity complaint: CID 321410 (#1 of 1): Unchecked return value (CHECKED_RETURN) check_return: Calling prepare_to_wait_exclusive_head without checking return value.
bmeagherix
pushed a commit
that referenced
this pull request
Nov 21, 2023
System crash when qla2x00_start_sp(sp) returns error code EGAIN and wake_up gets called for uninitialized wait queue sp->nvme_ls_waitq. qla2xxx [0000:37:00.1]-2121:5: Returning existing qpair of ffff8ae2c0513400 for idx=0 qla2xxx [0000:37:00.1]-700e:5: qla2x00_start_sp failed = 11 BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc] RIP: 0010:__wake_up_common+0x4c/0x190 RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086 RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320 RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8 R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20 R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: __wake_up_common_lock+0x7c/0xc0 qla_nvme_ls_req+0x355/0x4c0 [qla2xxx] ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc] ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc] ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc] Remove unused nvme_ls_waitq wait queue. nvme_ls_waitq logic was removed previously in the commits tagged Fixed: below. Fixes: 219d27d7147e ("scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands") Fixes: 5621b0dd7453 ("scsi: qla2xxx: Simpify unregistration of FC-NVMe local/remote ports") Cc: stable@vger.kernel.org Signed-off-by: Manish Rangankar <mrangankar@marvell.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Link: https://lore.kernel.org/r/20230615074633.12721-1-njavali@marvell.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> [ commit 20fce500b232 upstream ]
bmeagherix
pushed a commit
that referenced
this pull request
Nov 21, 2023
…id() The following call trace was observed: localhost kernel: nvme nvme0: NVME-FC{0}: controller connect complete localhost kernel: BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u129:4/75092 localhost kernel: nvme nvme0: NVME-FC{0}: new ctrl: NQN "nqn.1992-08.com.netapp:sn.b42d198afb4d11ecad6d00a098d6abfa:subsystem.PR_Channel2022_RH84_subsystem_291" localhost kernel: caller is qla_nvme_post_cmd+0x216/0x1380 [qla2xxx] localhost kernel: CPU: 6 PID: 75092 Comm: kworker/u129:4 Kdump: loaded Tainted: G B W OE --------- --- 5.14.0-70.22.1.el9_0.x86_64+debug #1 localhost kernel: Hardware name: HPE ProLiant XL420 Gen10/ProLiant XL420 Gen10, BIOS U39 01/13/2022 localhost kernel: Workqueue: nvme-wq nvme_async_event_work [nvme_core] localhost kernel: Call Trace: localhost kernel: dump_stack_lvl+0x57/0x7d localhost kernel: check_preemption_disabled+0xc8/0xd0 localhost kernel: qla_nvme_post_cmd+0x216/0x1380 [qla2xxx] Use raw_smp_processor_id() instead of smp_processor_id(). Also use queue_work() across the driver instead of queue_work_on() thus avoiding usage of smp_processor_id() when CONFIG_DEBUG_PREEMPT is enabled. Cc: stable@vger.kernel.org Suggested-by: John Garry <john.g.garry@oracle.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Link: https://lore.kernel.org/r/20230831112146.32595-2-njavali@marvell.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> [ commit 59f10a05b5c7 upstream ]
bmeagherix
pushed a commit
that referenced
this pull request
Jan 16, 2024
On driver load, scsi_add_host() can fail. This triggers the free path to call qla2x00_mem_free() multiple times. This causes NULL pointer access of ha->base_qpair. Add check before access. BUG: unable to handle kernel NULL pointer dereference at 0000000000000030 IP: [<ffffffffc118f73c>] qla2x00_mem_free+0x51c/0xcb0 [qla2xxx] PGD 8000001fcfe4a067 PUD 1fc8f0a067 PMD 0 Oops: 0000 [#1] SMP RIP: 0010:[<ffffffffc118f73c>] [<ffffffffc118f73c>] qla2x00_mem_free+0x51c/0xcb0 [qla2xxx] RSP: 0018:ffff8ace97a93a30 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff8ace8efd0000 RCX: 000000000000488f RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff8ace97a93a60 R08: 000000000001f040 R09: ffffffff8678209b R10: ffff8acf7d6df040 R11: ffffc591c0fcc980 R12: ffffffff87034800 R13: ffff8acf0e3cc740 R14: ffff8ace8efd0000 R15: 00000000fffffff4 FS: 00007f4cf5449740(0000) GS:ffff8acf7d6c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000001fc2f6c000 CR4: 00000000007607e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: [<ffffffff86781f18>] ? kobject_put+0x28/0x60 [<ffffffffc119a59c>] qla2x00_probe_one+0x19fc/0x3040 [qla2xxx] Fixes: efeda3bf912f ("scsi: qla2xxx: Move resource to allow code reuse") Signed-off-by: Quinn Tran <qutran@marvell.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Link: https://lore.kernel.org/r/20231016101749.5059-1-njavali@marvell.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> [ commit 097c06394c83 upstream ]
bmeagherix
pushed a commit
that referenced
this pull request
Apr 30, 2024
Suppress the following (false positive) Coverity complaint: CID 347415: (#1 of 1): Dereference after null check (FORWARD_NULL) var_deref_model: Passing null pointer virt_dev->bdev_handle to bdev_release_backport, which dereferences it
bmeagherix
pushed a commit
that referenced
this pull request
May 6, 2024
System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc] RIP: 0010:__wake_up_common+0x4c/0x190 Code: 24 10 4d 85 c9 74 0a 41 f6 01 04 0f 85 9d 00 00 00 48 8b 43 08 48 83 c3 08 4c 8d 48 e8 49 8d 41 18 48 39 c3 0f 84 f0 00 00 00 <49> 8b 41 18 89 54 24 08 31 ed 4c 8d 70 e8 45 8b 29 41 f6 c5 04 75 RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086 RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320 RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8 R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20 R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: __wake_up_common_lock+0x7c/0xc0 qla_nvme_ls_req+0x355/0x4c0 [qla2xxx] qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae1407ca000 from port 21:32:00:02:ac:07:ee:b8 loop_id 0x02 s_id 01:02:00 logout 1 keep 0 els_logo 0 ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc] qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:00:02:ac:07:ee:b8 state transitioned from ONLINE to LOST - portid=010200. ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc] qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320002ac07eeb8. rport ffff8ae598122000 roles 1 ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc] qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae14801e000 from port 21:32:01:02:ad:f7:ee:b8 loop_id 0x04 s_id 01:02:01 logout 1 keep 0 els_logo 0 ? __switch_to+0x10c/0x450 ? process_one_work+0x1a7/0x360 qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:01:02:ad:f7:ee:b8 state transitioned from ONLINE to LOST - portid=010201. ? worker_thread+0x1ce/0x390 ? create_worker+0x1a0/0x1a0 qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320102adf7eeb8. rport ffff8ae3b2312800 roles 70 ? kthread+0x10a/0x120 qla2xxx [0000:12:00.1]-2112:3: qla_nvme_unregister_remote_port: unregister remoteport on ffff8ae14801e000 21320102adf7eeb8 ? set_kthread_struct+0x40/0x40 qla2xxx [0000:12:00.1]-2110:3: remoteport_delete of ffff8ae14801e000 21320102adf7eeb8 completed. ? ret_from_fork+0x1f/0x40 qla2xxx [0000:12:00.1]-f086:3: qlt_free_session_done: waiting for sess ffff8ae14801e000 logout The system was under memory stress where driver was not able to allocate an SRB to carry out error recovery of cable pull. The failure to flush causes upper layer to start modifying scsi_cmnd. When the system frees up some memory, the subsequent cable pull trigger another command flush. At this point the driver access a null pointer when attempting to DMA unmap the SGL. Add a check to make sure commands are flush back on session tear down to prevent the null pointer access. Cc: stable@vger.kernel.org Signed-off-by: Quinn Tran <qutran@marvell.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Link: https://lore.kernel.org/r/20240227164127.36465-7-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> [ commit a27d4d0e7de3 upstream ]
bmeagherix
pushed a commit
that referenced
this pull request
May 6, 2024
The server was crashing after LOGO because fcport was getting freed twice. -----------[ cut here ]----------- kernel BUG at mm/slub.c:371! invalid opcode: 0000 1 SMP PTI CPU: 35 PID: 4610 Comm: bash Kdump: loaded Tainted: G OE --------- - - 4.18.0-425.3.1.el8.x86_64 #1 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 RIP: 0010:set_freepointer.part.57+0x0/0x10 RSP: 0018:ffffb07107027d90 EFLAGS: 00010246 RAX: ffff9cb7e3150000 RBX: ffff9cb7e332b9c0 RCX: ffff9cb7e3150400 RDX: 0000000000001f37 RSI: 0000000000000000 RDI: ffff9cb7c0005500 RBP: fffff693448c5400 R08: 0000000080000000 R09: 0000000000000009 R10: 0000000000000000 R11: 0000000000132af0 R12: ffff9cb7c0005500 R13: ffff9cb7e3150000 R14: ffffffffc06990e0 R15: ffff9cb7ea85ea58 FS: 00007ff6b79c2740(0000) GS:ffff9cb8f7ec0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055b426b7d700 CR3: 0000000169c18002 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: kfree+0x238/0x250 qla2x00_els_dcmd_sp_free+0x20/0x230 [qla2xxx] ? qla24xx_els_dcmd_iocb+0x607/0x690 [qla2xxx] qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx] ? qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx] ? kernfs_fop_write+0x11e/0x1a0 Remove one of the free calls and add check for valid fcport. Also use function qla2x00_free_fcport() instead of kfree(). Cc: stable@vger.kernel.org Signed-off-by: Saurav Kashyap <skashyap@marvell.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Link: https://lore.kernel.org/r/20240227164127.36465-9-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> [ commit 82f522ae0d97 upstream ]
bmeagherix
pushed a commit
that referenced
this pull request
Sep 19, 2024
During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command array. For all these stale I/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but I/Os could not complete while vport delete is in process of deleting. BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI Workqueue: qla2xxx_wq qla_do_work [qla2xxx] RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffa1e1e150fc68 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000001 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8ce208a7a0d0 RBP: ffff8ce208a7a0d0 R08: 0000000000000000 R09: ffff8ce378aac9c8 R10: ffff8ce378aac8a0 R11: ffffa1e1e150f9d8 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8ce378aac9c8 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8d217f000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000002089acc000 CR4: 0000000000350ee0 Call Trace: <TASK> qla2xxx_qpair_sp_free_dma+0x417/0x4e0 ? qla2xxx_qpair_sp_compl+0x10d/0x1a0 ? qla2x00_status_entry+0x768/0x2830 ? newidle_balance+0x2f0/0x430 ? dequeue_entity+0x100/0x3c0 ? qla24xx_process_response_queue+0x6a1/0x19e0 ? __schedule+0x2d5/0x1140 ? qla_do_work+0x47/0x60 ? process_one_work+0x267/0x440 ? process_one_work+0x440/0x440 ? worker_thread+0x2d/0x3d0 ? process_one_work+0x440/0x440 ? kthread+0x156/0x180 ? set_kthread_struct+0x50/0x50 ? ret_from_fork+0x22/0x30 </TASK> Send out async logout explicitly for all the ports during vport delete. Cc: stable@vger.kernel.org Signed-off-by: Manish Rangankar <mrangankar@marvell.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Link: https://lore.kernel.org/r/20240710171057.35066-8-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> [ commit 76f480d7c717 upstream ]
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We're only 2 minor commits behind upstream stable but I'd like to get this in before we freeze for next stable/angelfish release.