From: "Bruno Prémont" <bonbons@linux-vserver.org>
To: Thorsten Leemhuis <regressions@leemhuis.info>
Cc: Quinn Tran <quinn.tran@qlogic.com>,
Himanshu Madhani <himanshu.madhani@qlogic.com>,
Nicholas Bellinger <nab@linux-iscsi.org>,
qla2xxx-upstream@qlogic.com,
"James E.J. Bottomley" <jejb@linux.vnet.ibm.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] qla2xxx: Fix NULL pointer deref in QLA interrupt
Date: Mon, 11 Jul 2016 10:29:48 +0200 [thread overview]
Message-ID: <20160711102948.4e37a56f@pluto.restena.lu> (raw)
In-Reply-To: <8fadfa97-370f-7483-e80e-437f5338d3fd@leemhuis.info>
On Mon, 11 Jul 2016 09:30:30 +0200 Thorsten Leemhuis wrote:
> Bruno Prémont wrote on 11.07.2016 09:17:
> > On Fri, 8 Jul 2016 09:27:18 +0200 Thorsten Leemhuis wrote:
> >> Bruno Prémont wrote on 30.06.2016 17:00:
> >> > In qla24xx_process_response_queue() rsp->msix->cpuid may trigger NULL
> >> > pointer dereference when rsp->msix is NULL:
> >> > […]
> >> > The affected code was introduced by commit cdb898c52d1dfad4b4800b83a58b3fe5d352edde
> >> > (qla2xxx: Add irq affinity notification).
> >> >
> >> > Only dereference rsp->msix when it has been set so the machine can boot
> >> > fine. Possibly rsp->msix is unset because:
> >> > [ 3.479679] qla2xxx [0000:00:00.0]-0005: : QLogic Fibre Channel HBA Driver: 8.07.00.33-k.
> >> > [ 3.481839] qla2xxx [0000:13:00.0]-001d: : Found an ISP2432 irq 17 iobase 0xffffc90000038000.
> >> > [ 3.484081] qla2xxx [0000:13:00.0]-0035:0: MSI-X; Unsupported ISP2432 (0x2, 0x3).
> >> > [ 3.485804] qla2xxx [0000:13:00.0]-0037:0: Falling back-to MSI mode -258.
> >> > [ 3.890145] scsi host0: qla2xxx
> >> > [ 3.891956] qla2xxx [0000:13:00.0]-00fb:0: QLogic QLE2460 - PCI-Express Single Channel 4Gb Fibre Channel HBA.
> >> > [ 3.894207] qla2xxx [0000:13:00.0]-00fc:0: ISP2432: PCIe (2.5GT/s x4) @ 0000:13:00.0 hdma+ host#=0 fw=7.03.00 (9496).
> >> > [ 5.714774] qla2xxx [0000:13:00.0]-500a:0: LOOP UP detected (4 Gbps).
> >>
> >> Bruno: Does that mean you actually tested that patch and it fixed the
> >> problem for you? It looks like it, but there is some confusion about it;
> >> that's one of the reasons why this patch didn't get any further yet
> >> afaics, so a quick clarification might help to finally get this fixed
> >> properly in mainline and stable.
> > Yes, it does fix the Oops for me.
>
> Thx for the feedback. The patch hit mainline late last week (it's
> included in rc7) and should hopefully make it to the stable trees in a
> week or two.
I got the queued notification from James last week and kept an eye
at the state on patchwork before that.
> > I did not analyze the reason why rsp->msix is NULL (no idea if
> > it remains NULL forever on my hardware) - I just extracted messages
> > from qla driver shown during boot which seem to indicate a possible
> > reason why msix is NULL.
> > Further analysis should be done by someone with better knowledge of qla
> > driver than mine though I would be happy to perform tests.
>
> I have no idea about the details, but in case you missed it, this
> discussion might have some more relevant details:
> http://thread.gmane.org/gmane.linux.kernel/2247804/focus=2250727
I didn't see that thread, though it does have some insight.
Thanks for the reference!
Bruno
> Cheers, Thorsten
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: "Bruno Prémont" <bonbons@linux-vserver.org>
To: Thorsten Leemhuis <regressions@leemhuis.info>
Cc: Quinn Tran <quinn.tran@qlogic.com>,
Himanshu Madhani <himanshu.madhani@qlogic.com>,
Nicholas Bellinger <nab@linux-iscsi.org>,
qla2xxx-upstream@qlogic.com,
"James E.J. Bottomley" <jejb@linux.vnet.ibm.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] qla2xxx: Fix NULL pointer deref in QLA interrupt
Date: Mon, 11 Jul 2016 10:29:48 +0200 [thread overview]
Message-ID: <20160711102948.4e37a56f@pluto.restena.lu> (raw)
In-Reply-To: <8fadfa97-370f-7483-e80e-437f5338d3fd@leemhuis.info>
On Mon, 11 Jul 2016 09:30:30 +0200 Thorsten Leemhuis wrote:
> Bruno Prémont wrote on 11.07.2016 09:17:
> > On Fri, 8 Jul 2016 09:27:18 +0200 Thorsten Leemhuis wrote:
> >> Bruno Prémont wrote on 30.06.2016 17:00:
> >> > In qla24xx_process_response_queue() rsp->msix->cpuid may trigger NULL
> >> > pointer dereference when rsp->msix is NULL:
> >> > […]
> >> > The affected code was introduced by commit cdb898c52d1dfad4b4800b83a58b3fe5d352edde
> >> > (qla2xxx: Add irq affinity notification).
> >> >
> >> > Only dereference rsp->msix when it has been set so the machine can boot
> >> > fine. Possibly rsp->msix is unset because:
> >> > [ 3.479679] qla2xxx [0000:00:00.0]-0005: : QLogic Fibre Channel HBA Driver: 8.07.00.33-k.
> >> > [ 3.481839] qla2xxx [0000:13:00.0]-001d: : Found an ISP2432 irq 17 iobase 0xffffc90000038000.
> >> > [ 3.484081] qla2xxx [0000:13:00.0]-0035:0: MSI-X; Unsupported ISP2432 (0x2, 0x3).
> >> > [ 3.485804] qla2xxx [0000:13:00.0]-0037:0: Falling back-to MSI mode -258.
> >> > [ 3.890145] scsi host0: qla2xxx
> >> > [ 3.891956] qla2xxx [0000:13:00.0]-00fb:0: QLogic QLE2460 - PCI-Express Single Channel 4Gb Fibre Channel HBA.
> >> > [ 3.894207] qla2xxx [0000:13:00.0]-00fc:0: ISP2432: PCIe (2.5GT/s x4) @ 0000:13:00.0 hdma+ host#=0 fw=7.03.00 (9496).
> >> > [ 5.714774] qla2xxx [0000:13:00.0]-500a:0: LOOP UP detected (4 Gbps).
> >>
> >> Bruno: Does that mean you actually tested that patch and it fixed the
> >> problem for you? It looks like it, but there is some confusion about it;
> >> that's one of the reasons why this patch didn't get any further yet
> >> afaics, so a quick clarification might help to finally get this fixed
> >> properly in mainline and stable.
> > Yes, it does fix the Oops for me.
>
> Thx for the feedback. The patch hit mainline late last week (it's
> included in rc7) and should hopefully make it to the stable trees in a
> week or two.
I got the queued notification from James last week and kept an eye
at the state on patchwork before that.
> > I did not analyze the reason why rsp->msix is NULL (no idea if
> > it remains NULL forever on my hardware) - I just extracted messages
> > from qla driver shown during boot which seem to indicate a possible
> > reason why msix is NULL.
> > Further analysis should be done by someone with better knowledge of qla
> > driver than mine though I would be happy to perform tests.
>
> I have no idea about the details, but in case you missed it, this
> discussion might have some more relevant details:
> http://thread.gmane.org/gmane.linux.kernel/2247804/focus=2250727
I didn't see that thread, though it does have some insight.
Thanks for the reference!
Bruno
> Cheers, Thorsten
next prev parent reply other threads:[~2016-07-11 8:29 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-30 15:00 [PATCH] qla2xxx: Fix NULL pointer deref in QLA interrupt Bruno Prémont
2016-06-30 17:20 ` Quinn Tran
2016-07-06 7:28 ` Johannes Thumshirn
2016-07-06 7:28 ` Johannes Thumshirn
2016-07-08 7:27 ` Thorsten Leemhuis
2016-07-08 7:27 ` Thorsten Leemhuis
2016-07-08 17:23 ` Himanshu Madhani
2016-07-11 7:17 ` Bruno Prémont
2016-07-11 7:30 ` Thorsten Leemhuis
2016-07-11 8:29 ` Bruno Prémont [this message]
2016-07-11 8:29 ` Bruno Prémont
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160711102948.4e37a56f@pluto.restena.lu \
--to=bonbons@linux-vserver.org \
--cc=himanshu.madhani@qlogic.com \
--cc=jejb@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=nab@linux-iscsi.org \
--cc=qla2xxx-upstream@qlogic.com \
--cc=quinn.tran@qlogic.com \
--cc=regressions@leemhuis.info \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.