From: Bart Van Assche <bart.vanassche@sandisk.com>
To: Doug Ledford <dledford@redhat.com>
Cc: linux-rdma@vger.kernel.org,
Bart Van Assche <bart.vanassche@sandisk.com>,
Israel Rukshin <israelr@mellanox.com>,
Max Gurtovoy <maxg@mellanox.com>,
Laurence Oberman <loberman@redhat.com>,
Steve Feeley <Steve.Feeley@sandisk.com>,
stable@vger.kernel.org
Subject: [PATCH 1/8] IB/srp: Avoid that duplicate responses trigger a kernel bug
Date: Fri, 10 Feb 2017 15:56:04 -0800 [thread overview]
Message-ID: <20170210235611.3243-2-bart.vanassche@sandisk.com> (raw)
In-Reply-To: <20170210235611.3243-1-bart.vanassche@sandisk.com>
After srp_process_rsp() returns there is a short time during which
the scsi_host_find_tag() call will return a pointer to the SCSI
command that is being completed. If during that time a duplicate
response is received, avoid that the following call stack appears:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: srp_recv_done+0x450/0x6b0 [ib_srp]
Oops: 0000 [#1] SMP
CPU: 10 PID: 0 Comm: swapper/10 Not tainted 4.10.0-rc7-dbg+ #1
Call Trace:
<IRQ>
__ib_process_cq+0x4b/0xd0 [ib_core]
ib_poll_handler+0x1d/0x70 [ib_core]
irq_poll_softirq+0xba/0x120
__do_softirq+0xba/0x4c0
irq_exit+0xbe/0xd0
smp_apic_timer_interrupt+0x38/0x50
apic_timer_interrupt+0x90/0xa0
</IRQ>
cpuidle_enter_state+0xf2/0x370
cpuidle_enter+0x12/0x20
call_cpuidle+0x1e/0x40
do_idle+0xe3/0x1c0
cpu_startup_entry+0x18/0x20
start_secondary+0x103/0x130
start_cpu+0x14/0x14
RIP: srp_recv_done+0x450/0x6b0 [ib_srp] RSP: ffff88046f483e20
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Cc: Israel Rukshin <israelr@mellanox.com>
Cc: Max Gurtovoy <maxg@mellanox.com>
Cc: Laurence Oberman <loberman@redhat.com>
Cc: Steve Feeley <Steve.Feeley@sandisk.com>
Cc: <stable@vger.kernel.org>
---
drivers/infiniband/ulp/srp/ib_srp.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/infiniband/ulp/srp/ib_srp.c b/drivers/infiniband/ulp/srp/ib_srp.c
index 79bf48477ddb..4068d34f5427 100644
--- a/drivers/infiniband/ulp/srp/ib_srp.c
+++ b/drivers/infiniband/ulp/srp/ib_srp.c
@@ -1899,7 +1899,14 @@ static void srp_process_rsp(struct srp_rdma_ch *ch, struct srp_rsp *rsp)
scmnd = scsi_host_find_tag(target->scsi_host, rsp->tag);
if (scmnd) {
req = (void *)scmnd->host_scribble;
- scmnd = srp_claim_req(ch, req, NULL, scmnd);
+ if (req) {
+ scmnd = srp_claim_req(ch, req, NULL, scmnd);
+ } else {
+ shost_printk(KERN_ERR, target->scsi_host,
+ "NULL host_scribble for response with tag %#llx\n",
+ rsp->tag);
+ scmnd = NULL;
+ }
}
if (!scmnd) {
shost_printk(KERN_ERR, target->scsi_host,
--
2.11.0
next prev parent reply other threads:[~2017-02-10 23:56 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-10 23:56 [PATCH 0/8] IB/srp bug fixes Bart Van Assche
2017-02-10 23:56 ` Bart Van Assche [this message]
2017-02-12 17:05 ` [PATCH 1/8] IB/srp: Avoid that duplicate responses trigger a kernel bug Leon Romanovsky
2017-02-12 20:07 ` Bart Van Assche
[not found] ` <1486930017.2918.3.camel-XdAiOPVOjttBDgjK7y7TUQ@public.gmane.org>
2017-02-13 5:54 ` Leon Romanovsky
[not found] ` <20170213055432.GM14015-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
2017-02-13 16:02 ` Bart Van Assche
2017-02-10 23:56 ` [PATCH 2/8] IB/srp: Fix race conditions related to task management Bart Van Assche
[not found] ` <20170210235611.3243-1-bart.vanassche-XdAiOPVOjttBDgjK7y7TUQ@public.gmane.org>
2017-02-10 23:56 ` [PATCH 3/8] IB/srp: Document locking conventions Bart Van Assche
2017-02-10 23:56 ` [PATCH 4/8] IB/srp: Make a diagnostic message more informative Bart Van Assche
2017-02-10 23:56 ` [PATCH 5/8] IB/srp: Improve an error path Bart Van Assche
2017-02-10 23:56 ` [PATCH 6/8] IB/srp: Use the IB_DEVICE_SG_GAPS_REG HCA feature if supported Bart Van Assche
2017-02-10 23:56 ` [PATCH 7/8] IB/core: Add support for draining IB_POLL_DIRECT completion queues Bart Van Assche
2017-02-10 23:56 ` [PATCH 8/8] IB/srp: Drain the send queue before destroying a QP Bart Van Assche
[not found] ` <20170210235611.3243-9-bart.vanassche-XdAiOPVOjttBDgjK7y7TUQ@public.gmane.org>
2017-02-11 0:07 ` Robert LeBlanc
[not found] ` <CAANLjFr+Jd3ctmhpBnjYGKZ4ZQPtYLAB7EWZxL59vHpgekP=Jg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-02-11 0:13 ` Bart Van Assche
2017-02-12 17:19 ` Leon Romanovsky
[not found] ` <20170212171928.GF14015-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
2017-02-12 18:02 ` Laurence Oberman
[not found] ` <1041506550.30101266.1486922573298.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-12 18:06 ` Laurence Oberman
[not found] ` <1051975432.30101289.1486922792858.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-14 3:02 ` [PATCH 0/8] IB/srp bug fixes Laurence Oberman
[not found] ` <1465409120.30916025.1487041332560.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-14 17:18 ` Bart Van Assche
[not found] ` <1487092678.2466.6.camel-XdAiOPVOjttBDgjK7y7TUQ@public.gmane.org>
2017-02-14 17:22 ` Laurence Oberman
2017-02-14 18:47 ` Laurence Oberman
[not found] ` <1364431877.31401761.1487098067033.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-14 18:49 ` Bart Van Assche
2017-02-12 20:05 ` [PATCH 8/8] IB/srp: Drain the send queue before destroying a QP Bart Van Assche
[not found] ` <1486929901.2918.1.camel-XdAiOPVOjttBDgjK7y7TUQ@public.gmane.org>
2017-02-13 2:07 ` Laurence Oberman
[not found] ` <655392767.30136125.1486951636415.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-13 3:14 ` Laurence Oberman
[not found] ` <1630482470.30208948.1486955693106.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-13 13:54 ` Laurence Oberman
[not found] ` <1633827327.30531404.1486994093828.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-13 14:17 ` Leon Romanovsky
[not found] ` <20170213141724.GQ14015-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
2017-02-13 14:24 ` Laurence Oberman
[not found] ` <225897984.30545262.1486995841880.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-13 16:12 ` Laurence Oberman
[not found] ` <1971987443.30613645.1487002375580.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-13 16:47 ` Laurence Oberman
[not found] ` <21338434.30712464.1487004451595.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-13 21:34 ` Laurence Oberman
[not found] ` <1301607843.30852658.1487021644535.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-13 21:46 ` Laurence Oberman
[not found] ` <898197116.30855343.1487022400065.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-13 21:52 ` v4.10-rc SRP + mlx5 regression Bart Van Assche
[not found] ` <1487022735.2719.7.camel-XdAiOPVOjttBDgjK7y7TUQ@public.gmane.org>
2017-02-13 21:56 ` Laurence Oberman
2017-02-14 2:19 ` Laurence Oberman
[not found] ` <568916592.30910570.1487038794766.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-14 6:39 ` Leon Romanovsky
[not found] ` <20170214063953.GF6989-U/DQcQFIOTAAJjI8aNfphQ@public.gmane.org>
2017-02-14 10:00 ` Max Gurtovoy
[not found] ` <bfca98d3-3f74-c370-7455-71e2ebd583e9-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2017-02-14 13:31 ` Laurence Oberman
[not found] ` <656778124.31118982.1487079062235.JavaMail.zimbra-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-02-14 16:21 ` Laurence Oberman
2017-02-14 17:15 ` Max Gurtovoy
[not found] ` <a7ae2926-da0a-edf9-7779-09a6edd54d5d-VPRAkNaXOzVWk0Htik3J/w@public.gmane.org>
2017-02-14 17:29 ` Bart Van Assche
2017-02-14 17:31 ` Laurence Oberman
2017-02-14 17:15 ` Max Gurtovoy
2017-02-14 16:53 ` Bart Van Assche
2017-02-12 20:11 ` [PATCH 8/8] IB/srp: Drain the send queue before destroying a QP Bart Van Assche
[not found] ` <1486930299.2918.5.camel-XdAiOPVOjttBDgjK7y7TUQ@public.gmane.org>
2017-02-13 6:07 ` Leon Romanovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170210235611.3243-2-bart.vanassche@sandisk.com \
--to=bart.vanassche@sandisk.com \
--cc=Steve.Feeley@sandisk.com \
--cc=dledford@redhat.com \
--cc=israelr@mellanox.com \
--cc=linux-rdma@vger.kernel.org \
--cc=loberman@redhat.com \
--cc=maxg@mellanox.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox