From patchwork Tue Mar 8 15:27:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matt Lupfer X-Patchwork-Id: 549604 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95487C433FE for ; Tue, 8 Mar 2022 15:27:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236232AbiCHP2K (ORCPT ); Tue, 8 Mar 2022 10:28:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58336 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347858AbiCHP2C (ORCPT ); Tue, 8 Mar 2022 10:28:02 -0500 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam08on2050.outbound.protection.outlook.com [40.107.102.50]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E294F4754D for ; Tue, 8 Mar 2022 07:27:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=f0YnU5fbsYj7G58OJfgyv7flCBz0aSozey2iNXsJ/XkusT6wga1QhBE+Utspl8hXUOycCGxg4tJKcNA/1zk2jS3NZYtzZr08UiClKvYE9j2EnXg+zn+h+iw5DSG3KjdIomqr50oSENVDUAzkOGDLVoLi+UaA+SZAep9dbWk+TWh/xXJVqLXzJtNUpzgYQ6FjX2WZzS4s2qxoNia4L006gKBusNdGHd/xAgWrKFNAuuiLAjw3H6/XnTAVsNO6dgJx+E+9qrJPjtbp7mNQvy1FFvb1yPW5O6YGZ1Gz9bqUW1FTNqErza2hA8WHvim2cdW1mU9KX5yXVgwmMCRSmQ8gsg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=O2STBTp1GrFuaWbQcbHKvTlxEsgSmlwe8CZyW2br6Rk=; b=DOT3tbJHLibumi2rCFIQLncuLnkR3PXphMVsxs0CPIpf/ZTPThn9JdzrQXJt6OBLYhfqNR7fDTpTz+CEapBaTGdKBQf2KKbUrPWMA9QaG+RU1FOwZA/5ZCJGXWNyk5tsoqo5TuUa2F3z8v/5yCptDyAqpE9ZEpnGGB7oqneTP1YgmGCM33MK6sMGN/4doyFRuxTj9i9vcb3HlGy//L+4UfxFGRsRzvrBlaQ9o7sBaP8ItlJbn3bgP1nVofGL+YyfvzcfC0u1vtodT+lE7By97xDDIagcVcppSXeisQMYOsdX597TcCYLTzj1UhLgDq3LDelj10E698vp+ZWRIJKuEA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ddn.com; dmarc=pass action=none header.from=ddn.com; dkim=pass header.d=ddn.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ddn.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=O2STBTp1GrFuaWbQcbHKvTlxEsgSmlwe8CZyW2br6Rk=; b=fcWrQn6I8yAQhL+ereF6WZqC8i/GrbOCc7O4mV0ogIXy1I6cVD+XiqcX03szhg8ItgECvcfrkrEd8DM3HBHpD36akEZEdDr5HL0e6hEoNMzT0uWhOoJ5jjIHaKyC2xNChwJrpE9BEry85NCoEVeFn+xSKKWokvQ3gy978canmAI= Received: from DM6PR19MB4166.namprd19.prod.outlook.com (2603:10b6:5:2b7::22) by MN2PR19MB2592.namprd19.prod.outlook.com (2603:10b6:208:102::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.15; Tue, 8 Mar 2022 15:27:02 +0000 Received: from DM6PR19MB4166.namprd19.prod.outlook.com ([fe80::8dad:a6cd:8f1:e776]) by DM6PR19MB4166.namprd19.prod.outlook.com ([fe80::8dad:a6cd:8f1:e776%6]) with mapi id 15.20.5038.027; Tue, 8 Mar 2022 15:27:02 +0000 From: Matt Lupfer To: Sathya Prakash , Sreekanth Reddy , Suganath Prabu Subramani , "MPT-FusionLinux.pdl@broadcom.com" , "linux-scsi@vger.kernel.org" Subject: [PATCH] scsi: mpt3sas: page fault in reply q processing Thread-Topic: [PATCH] scsi: mpt3sas: page fault in reply q processing Thread-Index: AQHYMwD1qp9F4YgwUEm81nxxXuQA9w== Date: Tue, 8 Mar 2022 15:27:02 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ddn.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5b8aec74-8b0c-41a0-9b39-08da01181861 x-ms-traffictypediagnostic: MN2PR19MB2592:EE_ x-microsoft-antispam-prvs: x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: jjXljWaOIdlkzFbfZpkv21F7mtaM5e+dlBdSuCXfdnjn3wW8y10LfUxjZk8SYpX70LGCvppEO1CmSedmvkHYbEmJpbDF5gpVTp0QYqaERbUwD+3eBMPUT4gVrTqBVQUCVczhIshTOD4lAw3rE/RL4PGElySEafX+5jOhPHLlTibjGiQFALeGX0LtUxbhU2VwMvD3fnC9WwLylav5+OiTEG2kuuW7T0eXpxMHGqUKWY1CwjO4qoiq6wEIZoLHiIwas/kOI7J1CYt15qrJIFRQYHwBMhj6eeK1Y9vtmcM737KgytLNENFbicwaOgeskQ+4+udCxA5vGBqXxYumo8xAWKYI+snKd7oHSuW+oq66BQwev/k8dISwtnOTPjDwpjVgjEsF90uwI0ZYf5vdFOumF9wZRm0xkMokQ4mFJkOGoNNn5jCE2Indv1/reKiu42T9NDUcWOpY04ksnwvIaRVxkPvf7fech7ROHm2p0Gj828l4SsM5g9cst2ahBUpc51lejquTDPOV0W9mNob/yXysvyOZz106y1IAYYoZUUK3Vkyd47h7jZODCcvIj5coFUrlVzIb6vqlDdpMNh1F7HQFQA0f8eBGx/n+YFR5bAXOaHoXNQP3txC+5F8LU50WxeSNee8HyYXBgQDGHHcWfiYaPa5HVLCWkrAj7erxOZGaO+eyNLavZUC+cpaTpmrtN8acfwvlx460LMfLRXRzqyvSwiTDfmOkNBSJidfT+abOdkyhBbzIyuc63wl/wlgoGsmB8NHblK/LZdIojRjrzLEydQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR19MB4166.namprd19.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(6512007)(6506007)(31696002)(86362001)(38070700005)(122000001)(83380400001)(316002)(91956017)(66446008)(64756008)(31686004)(76116006)(66556008)(66476007)(110136005)(36756003)(8676002)(66946007)(508600001)(2906002)(5660300002)(6486002)(186003)(2616005)(71200400001)(38100700002)(8936002)(32563001)(45980500001); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?utf-8?q?RncE8n44NgWg8dSftqP+NKQ8Hb0z?= =?utf-8?q?rtBkbr8snEWafnTZgJYiCMpH43B8rqN40LFVmQPOzHg5QjnrSh4dD8N98cyNdUCVj?= =?utf-8?q?UoloGvH52yiVE8I1+gmR7gwIT8KgrkTmmzmMd/F5qRt4MAT/CC/2/8HpF6U6DSh2B?= =?utf-8?q?zH0LKywkmcbUfWWqge+yle4GxmZr/Kq7zdSIeZCdjd2iajUTnVgYdsWZTDIx4OGBG?= =?utf-8?q?LmECx4VAL4bazZmB+S8P9H6kR58d3GgofsZtOeecMHaN/OjMu2YeNKhw35xHcSWHs?= =?utf-8?q?svRFacZYeK1sMiP3UTqgMxyFT0dcUo29dinYC+9ziA4zIUKcS7SLJiJ92ZfecX+qx?= =?utf-8?q?CqSqfrw0pOfVvv5+fG/MOFWrpCwztKRU3r5QSa9nXuNlXduNq8JcLv+0VCcPZRW7q?= =?utf-8?q?YlUrCr2XViX9MqvKBt1D1V3RBszFYzGy3I1+nZaVwOWIbkVDurcc9y9wppkNqeCcM?= =?utf-8?q?wMhq9LKJZey/KgSenW/IrsdqloP9XkOTMTqr1FpgWHXIT3m+Jc7m+x5mu+6LZ0mwm?= =?utf-8?q?npUbzORQSHqcQxODxpNyzkcJGQQLpURguwqFp1pB+kFwNCh8k/Q1NB3F4ZaZIQyeM?= =?utf-8?q?urcZgDrK3CH4PEijRV491Qe2SwdgJqgX5+zKZQkrOk0cKwle4GQ0ekJcLyMl6CbH+?= =?utf-8?q?3kPWPWKnG8BO2oZ5HfnrzX3k52PijbPd1t0aif7cnqot5ws7P+i1ld35wtx/UBiLK?= =?utf-8?q?1hQx3e4mUuzZeCGPph0wk4JMTrKEBUkk4Ot8mLSbdkqyW0Q4KhcIPOg4bPQWNPHwt?= =?utf-8?q?Xa6yWl8og00+svoqYE+VyQwlrrnr/7toNKF+OL0NlF8yEZ0S7WBtFpXRzRdiwZIdg?= =?utf-8?q?06S6mBIAmQbYgDbhthw38CaeC9TGQ+QXiyoP6n8gFWrgBhklaWFIdsJgdXWh/gUDF?= =?utf-8?q?XK9wF7is9G53sL/0MZsBcZTjDu/6Zrx4h/iladiNKiFb6OpkhMNopFTE1za9allrc?= =?utf-8?q?Rs5UXbTXE2y7U31VUle4VEyA5vLh3AaIF1p62d4lXDvgeqLMI9VOfQvMGeOlxPUz5?= =?utf-8?q?YN6YCqNR4pYa2Gu1kCvLE8vZvI1jyfJgmI/TRWAUf5wNI3ZaA/jDVweu2kO+QNppI?= =?utf-8?q?cqT76EImi75dfgCQcJPK2ftgdJsPg00MssgHqekcZS6TbHV9wmz7ec90UTXn0yfps?= =?utf-8?q?yX087fiqQy1CBz4SKLbJBmjSdc8WHtymX3h1atiGnSwyZe+Y6KXj3wfQJLu3BTRba?= =?utf-8?q?pEyETw3Rn+IJPu+c5H1pc3sbH335n2WIoL08GJ7LK2d79bGH14DaLfFtCYuB4XJLx?= =?utf-8?q?Qn3jS5hr/fCzw92vofLJ2RG97O+1uY1fTllrmFLHy7R8/HSwAAdFw2Ekgu6lHKMT/?= =?utf-8?q?cYE428N1Y1wPAK1jxyElT89fspcOFEDXQTNq8JBiP26Xil5x3UBSYUTjUbVN6CTxV?= =?utf-8?q?c57Pf9yU8ykTO40kfJ5hboQy7dYWDUkv5XL++V8o/c2ocJ/6Ne3bH18JZ9cR2t4jA?= =?utf-8?q?Xx1BhDS0ZTSkffOXq7TexzJDspzq+8KQj6h+CkBqq30dT9+MKSaAusDis3USK8E7r?= =?utf-8?q?J/03qA2A/6qun9hIJwvazCednPYRXESknw=3D=3D?= Content-ID: MIME-Version: 1.0 X-OriginatorOrg: ddn.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR19MB4166.namprd19.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5b8aec74-8b0c-41a0-9b39-08da01181861 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Mar 2022 15:27:02.5145 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 753b6e26-6fd3-43e6-8248-3f1735d59bb4 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 71MNc7UTaUcCYk3Zfg7TT6Yosm4T3PlPAmp2Fbw23KyEHWTZ/dw1HRP3Rjgovqx1 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR19MB2592 Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org We encountered a page fault in mpt3sas on a LUN reset error path: [ 145.763216] mpt3sas_cm1: Task abort tm failed: handle(0x0002),timeout(30) tr_method(0x0) smid(3) msix_index(0) [ 145.778932] scsi 1:0:0:0: task abort: FAILED scmd(0x0000000024ba29a2) [ 145.817307] scsi 1:0:0:0: attempting device reset! scmd(0x0000000024ba29a2) [ 145.827253] scsi 1:0:0:0: [sg1] tag#2 CDB: Receive Diagnostic 1c 01 01 ff fc 00 [ 145.837617] scsi target1:0:0: handle(0x0002), sas_address(0x500605b0000272b9), phy(0) [ 145.848598] scsi target1:0:0: enclosure logical id(0x500605b0000272b8), slot(0) [ 149.858378] mpt3sas_cm1: Poll ReplyDescriptor queues for completion of smid(0), task_type(0x05), handle(0x0002) [ 149.875202] BUG: unable to handle page fault for address: 00000007fffc445d [ 149.885617] #PF: supervisor read access in kernel mode [ 149.894346] #PF: error_code(0x0000) - not-present page [ 149.903123] PGD 0 P4D 0 [ 149.909387] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 149.917417] CPU: 24 PID: 3512 Comm: scsi_eh_1 Kdump: loaded Tainted: G S O 5.10.89-altav-1 #1 [ 149.934327] Hardware name: DDN 200NVX2 /200NVX2-MB , BIOS ATHG2.2.02.01 09/10/2021 [ 149.951871] RIP: 0010:_base_process_reply_queue+0x4b/0x900 [mpt3sas] [ 149.961889] Code: 0f 84 22 02 00 00 8d 48 01 49 89 fd 48 8d 57 38 f0 0f b1 4f 38 0f 85 d8 01 00 00 49 8b 45 10 45 31 e4 41 8b 55 0c 48 8d 1c d0 <0f> b6 03 83 e0 0f 3c 0f 0f 85 a2 00 00 00 e9 e6 01 00 00 0f b7 ee [ 149.991952] RSP: 0018:ffffc9000f1ebcb8 EFLAGS: 00010246 [ 150.000937] RAX: 0000000000000055 RBX: 00000007fffc445d RCX: 000000002548f071 [ 150.011841] RDX: 00000000ffff8881 RSI: 0000000000000001 RDI: ffff888125ed50d8 [ 150.022670] RBP: 0000000000000000 R08: 0000000000000000 R09: c0000000ffff7fff [ 150.033445] R10: ffffc9000f1ebb68 R11: ffffc9000f1ebb60 R12: 0000000000000000 [ 150.044204] R13: ffff888125ed50d8 R14: 0000000000000080 R15: 34cdc00034cdea80 [ 150.054963] FS: 0000000000000000(0000) GS:ffff88dfaf200000(0000) knlGS:0000000000000000 [ 150.066715] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.076078] CR2: 00000007fffc445d CR3: 000000012448a006 CR4: 0000000000770ee0 [ 150.086887] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 150.097670] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 150.108323] PKRU: 55555554 [ 150.114690] Call Trace: [ 150.120497] ? printk+0x48/0x4a [ 150.127049] mpt3sas_scsih_issue_tm.cold.114+0x2e/0x2b3 [mpt3sas] [ 150.136453] mpt3sas_scsih_issue_locked_tm+0x86/0xb0 [mpt3sas] [ 150.145759] scsih_dev_reset+0xea/0x300 [mpt3sas] [ 150.153891] scsi_eh_ready_devs+0x541/0x9e0 [scsi_mod] [ 150.162206] ? __scsi_host_match+0x20/0x20 [scsi_mod] [ 150.170406] ? scsi_try_target_reset+0x90/0x90 [scsi_mod] [ 150.178925] ? blk_mq_tagset_busy_iter+0x45/0x60 [ 150.186638] ? scsi_try_target_reset+0x90/0x90 [scsi_mod] [ 150.195087] scsi_error_handler+0x3a5/0x4a0 [scsi_mod] [ 150.203206] ? __schedule+0x1e9/0x610 [ 150.209783] ? scsi_eh_get_sense+0x210/0x210 [scsi_mod] [ 150.217924] kthread+0x12e/0x150 [ 150.224041] ? kthread_worker_fn+0x130/0x130 [ 150.231206] ret_from_fork+0x1f/0x30 This is caused by mpt3sas_base_sync_reply_irqs() using an invalid reply_q pointer outside of the list_for_each_entry() loop. At the end of the full list traversal the pointer is invalid. Move the _base_process_reply_queue() call inside of the loop. Signed-off-by: Matt Lupfer Cc: stable@vger.kernel.org Fixes: 711a923c14d9 ("scsi: mpt3sas: Postprocessing of target and LUN reset") --- drivers/scsi/mpt3sas/mpt3sas_base.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c index 511726f92d9a..76229b839560 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_base.c +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c @@ -2011,9 +2011,10 @@ mpt3sas_base_sync_reply_irqs(struct MPT3SAS_ADAPTER *ioc, u8 poll) enable_irq(reply_q->os_irq); } } + + if (poll) + _base_process_reply_queue(reply_q); } - if (poll) - _base_process_reply_queue(reply_q); } /**