All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2 0/2] Two small patches for UFS
@ 2019-11-12 22:34 Bean Huo
  2019-11-12 22:34 ` [PATCH v2 1/2] scsi: ufs: print helpful hint when response size exceed buffer size Bean Huo
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Bean Huo @ 2019-11-12 22:34 UTC (permalink / raw)
  To: alim.akhtar, avri.altman, pedrom.sousa, jejb, martin.petersen,
	stanley.chu, beanhuo, bvanassche, tomas.winkler, cang
  Cc: linux-scsi, linux-kernel, Bean Huo

Hi,
Here are two small patches, one is to fix a potential bug which could
result in system hang-up, another one is to add more helpful debug hint.

v1-v2:
 1. add reveiwed-by tags
 2. fix one typo in second patch commit comment

Bean Huo (2):
  scsi: ufs: print helpful hint when response size exceed buffer size
  scsi: ufs: fix potential bug which ends in system hang-up

 drivers/scsi/ufs/ufshcd.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH v2 1/2] scsi: ufs: print helpful hint when response size exceed buffer size
  2019-11-12 22:34 [PATCH v2 0/2] Two small patches for UFS Bean Huo
@ 2019-11-12 22:34 ` Bean Huo
  2019-11-12 22:34 ` [PATCH v2 2/2] scsi: ufs: fix potential bug which ends in system hang-up Bean Huo
  2019-11-13  2:15 ` [PATCH v2 0/2] Two small patches for UFS Martin K. Petersen
  2 siblings, 0 replies; 4+ messages in thread
From: Bean Huo @ 2019-11-12 22:34 UTC (permalink / raw)
  To: alim.akhtar, avri.altman, pedrom.sousa, jejb, martin.petersen,
	stanley.chu, beanhuo, bvanassche, tomas.winkler, cang
  Cc: linux-scsi, linux-kernel

From: Bean Huo <beanhuo@micron.com>

Print out returned response size and buffer size, while the front one
is bigger than the back one.

Signed-off-by: Bean Huo <beanhuo@micron.com>
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
---
 drivers/scsi/ufs/ufshcd.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index 9cbe3b45cf1c..527bd3b4f834 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -1938,8 +1938,8 @@ int ufshcd_copy_query_response(struct ufs_hba *hba, struct ufshcd_lrb *lrbp)
 			memcpy(hba->dev_cmd.query.descriptor, descp, resp_len);
 		} else {
 			dev_warn(hba->dev,
-				"%s: Response size is bigger than buffer",
-				__func__);
+				 "%s: rsp size %d is bigger than buffer size %d",
+				 __func__, resp_len, buf_len);
 			return -EINVAL;
 		}
 	}
@@ -5864,7 +5864,9 @@ static int ufshcd_issue_devman_upiu_cmd(struct ufs_hba *hba,
 			memcpy(desc_buff, descp, resp_len);
 			*buff_len = resp_len;
 		} else {
-			dev_warn(hba->dev, "rsp size is bigger than buffer");
+			dev_warn(hba->dev,
+				 "%s: rsp size %d is bigger than buffer size %d",
+				 __func__, resp_len, *buff_len);
 			*buff_len = 0;
 			err = -EINVAL;
 		}
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH v2 2/2] scsi: ufs: fix potential bug which ends in system hang-up
  2019-11-12 22:34 [PATCH v2 0/2] Two small patches for UFS Bean Huo
  2019-11-12 22:34 ` [PATCH v2 1/2] scsi: ufs: print helpful hint when response size exceed buffer size Bean Huo
@ 2019-11-12 22:34 ` Bean Huo
  2019-11-13  2:15 ` [PATCH v2 0/2] Two small patches for UFS Martin K. Petersen
  2 siblings, 0 replies; 4+ messages in thread
From: Bean Huo @ 2019-11-12 22:34 UTC (permalink / raw)
  To: alim.akhtar, avri.altman, pedrom.sousa, jejb, martin.petersen,
	stanley.chu, beanhuo, bvanassche, tomas.winkler, cang
  Cc: linux-scsi, linux-kernel

From: Bean Huo <beanhuo@micron.com>

In function __ufshcd_query_descriptor(), in the event of an error
happening, we directly goto out_unlock, and forget to invaliate
hba->dev_cmd.query.descriptor pointer. Thus results in this pointer
still validity in ufshcd_copy_query_response() for other query requests
which go through ufshcd_exec_raw_upiu_cmd(). This will cuases __memcpy()
crash and system hangs up, log shows as below:

Unable to handle kernel paging request at virtual address
ffff000012233c40
Mem abort info:
   ESR = 0x96000047
   Exception class = DABT (current EL), IL = 32 bits
   SET = 0, FnV = 0
   EA = 0, S1PTW = 0
Data abort info:
   ISV = 0, ISS = 0x00000047
   CM = 0, WnR = 1
swapper pgtable: 4k pages, 48-bit VAs, pgdp = 0000000028cc735c
[ffff000012233c40] pgd=00000000bffff003, pud=00000000bfffe003,
pmd=00000000ba8b8003, pte=0000000000000000
 Internal error: Oops: 96000047 [#2] PREEMPT SMP
 ...
 Call trace:
  __memcpy+0x74/0x180
  ufshcd_issue_devman_upiu_cmd+0x250/0x3c0
  ufshcd_exec_raw_upiu_cmd+0xfc/0x1a8
  ufs_bsg_request+0x178/0x3b0
  bsg_queue_rq+0xc0/0x118
  blk_mq_dispatch_rq_list+0xb0/0x538
  blk_mq_sched_dispatch_requests+0x18c/0x1d8
  __blk_mq_run_hw_queue+0xb4/0x118
  blk_mq_run_work_fn+0x28/0x38
  process_one_work+0x1ec/0x470
  worker_thread+0x48/0x458
  kthread+0x130/0x138
  ret_from_fork+0x10/0x1c
 Code: 540000ab a8c12027 a88120c7 a8c12027 (a88120c7)
 ---[ end trace 793e1eb5dff69f2d ]---
 note: kworker/0:2H[2054] exited with preempt_count 1

This patch is to move "descriptor = NULL" down to below
the label "out_unlock".

Fixes: d44a5f98bb49b2(ufs: query descriptor API)
Signed-off-by: Bean Huo <beanhuo@micron.com>
Reviewed-by: Alim Akhtar <alim.akhtar@samsung.com>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
---
 drivers/scsi/ufs/ufshcd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
index 527bd3b4f834..977d0c6fef95 100644
--- a/drivers/scsi/ufs/ufshcd.c
+++ b/drivers/scsi/ufs/ufshcd.c
@@ -2989,10 +2989,10 @@ static int __ufshcd_query_descriptor(struct ufs_hba *hba,
 		goto out_unlock;
 	}
 
-	hba->dev_cmd.query.descriptor = NULL;
 	*buf_len = be16_to_cpu(response->upiu_res.length);
 
 out_unlock:
+	hba->dev_cmd.query.descriptor = NULL;
 	mutex_unlock(&hba->dev_cmd.lock);
 out:
 	ufshcd_release(hba);
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH v2 0/2] Two small patches for UFS
  2019-11-12 22:34 [PATCH v2 0/2] Two small patches for UFS Bean Huo
  2019-11-12 22:34 ` [PATCH v2 1/2] scsi: ufs: print helpful hint when response size exceed buffer size Bean Huo
  2019-11-12 22:34 ` [PATCH v2 2/2] scsi: ufs: fix potential bug which ends in system hang-up Bean Huo
@ 2019-11-13  2:15 ` Martin K. Petersen
  2 siblings, 0 replies; 4+ messages in thread
From: Martin K. Petersen @ 2019-11-13  2:15 UTC (permalink / raw)
  To: Bean Huo
  Cc: alim.akhtar, avri.altman, pedrom.sousa, jejb, martin.petersen,
	stanley.chu, beanhuo, bvanassche, tomas.winkler, cang, linux-scsi,
	linux-kernel


Bean,

> Here are two small patches, one is to fix a potential bug which could
> result in system hang-up, another one is to add more helpful debug
> hint.

Applied to 5.5/scsi-queue, thanks!

-- 
Martin K. Petersen	Oracle Linux Engineering

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-11-13  2:16 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-11-12 22:34 [PATCH v2 0/2] Two small patches for UFS Bean Huo
2019-11-12 22:34 ` [PATCH v2 1/2] scsi: ufs: print helpful hint when response size exceed buffer size Bean Huo
2019-11-12 22:34 ` [PATCH v2 2/2] scsi: ufs: fix potential bug which ends in system hang-up Bean Huo
2019-11-13  2:15 ` [PATCH v2 0/2] Two small patches for UFS Martin K. Petersen

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.