* [PATCH] scsi: mvumi: add check for dma mapping errors @ 2017-04-21 23:17 Alexey Khoroshilov 2017-04-23 8:41 ` Christoph Hellwig 0 siblings, 1 reply; 5+ messages in thread From: Alexey Khoroshilov @ 2017-04-21 23:17 UTC (permalink / raw) To: James E.J. Bottomley, Martin K. Petersen Cc: Alexey Khoroshilov, linux-scsi, linux-kernel, ldv-project mvumi_make_sgl() does not check if mapping dma memory succeed. The patch adds return error code if the mapping failed and if scsi_bufflen(scmd) is zero. The latter is just in case since the only call site of mvumi_make_sgl() check the scsi_bufflen(scmd) before the call. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> --- drivers/scsi/mvumi.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/mvumi.c b/drivers/scsi/mvumi.c index 247df5e79b71..49f8b20f5d91 100644 --- a/drivers/scsi/mvumi.c +++ b/drivers/scsi/mvumi.c @@ -232,11 +232,14 @@ static int mvumi_make_sgl(struct mvumi_hba *mhba, struct scsi_cmnd *scmd, sgd_inc(mhba, m_sg); } } else { - scmd->SCp.dma_handle = scsi_bufflen(scmd) ? - pci_map_single(mhba->pdev, scsi_sglist(scmd), - scsi_bufflen(scmd), - (int) scmd->sc_data_direction) - : 0; + if (!scsi_bufflen(scmd)) + return -1; + scmd->SCp.dma_handle = pci_map_single(mhba->pdev, + scsi_sglist(scmd), + scsi_bufflen(scmd), + (int) scmd->sc_data_direction); + if (pci_dma_mapping_error(mhba->pdev, scmd->SCp.dma_handle)) + return -1; busaddr = scmd->SCp.dma_handle; m_sg->baseaddr_l = cpu_to_le32(lower_32_bits(busaddr)); m_sg->baseaddr_h = cpu_to_le32(upper_32_bits(busaddr)); -- 2.7.4 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] scsi: mvumi: add check for dma mapping errors 2017-04-21 23:17 [PATCH] scsi: mvumi: add check for dma mapping errors Alexey Khoroshilov @ 2017-04-23 8:41 ` Christoph Hellwig 2017-04-23 23:01 ` [PATCH] scsi: mvumi: remove code handling zero scsi_sg_count(scmd) case Alexey Khoroshilov 0 siblings, 1 reply; 5+ messages in thread From: Christoph Hellwig @ 2017-04-23 8:41 UTC (permalink / raw) To: Alexey Khoroshilov Cc: James E.J. Bottomley, Martin K. Petersen, linux-scsi, linux-kernel, ldv-project On Sat, Apr 22, 2017 at 02:17:50AM +0300, Alexey Khoroshilov wrote: > } else { > - scmd->SCp.dma_handle = scsi_bufflen(scmd) ? > - pci_map_single(mhba->pdev, scsi_sglist(scmd), > - scsi_bufflen(scmd), > - (int) scmd->sc_data_direction) > - : 0; > + if (!scsi_bufflen(scmd)) > + return -1; > + scmd->SCp.dma_handle = pci_map_single(mhba->pdev, > + scsi_sglist(scmd), > + scsi_bufflen(scmd), > + (int) scmd->sc_data_direction); > + if (pci_dma_mapping_error(mhba->pdev, scmd->SCp.dma_handle)) > + return -1; This looks completely broken. Why would you DMA map the in-memory struct scatterlist? It has no meaning for the hardware. In fact this whole branch (and the equivalent in the unmap path) are dead - SCSI commands that transfer data always have a SG entry. So the right fix is to remove the !scsi_sg_count(scmd) map/unmap path. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] scsi: mvumi: remove code handling zero scsi_sg_count(scmd) case 2017-04-23 8:41 ` Christoph Hellwig @ 2017-04-23 23:01 ` Alexey Khoroshilov 2017-04-24 6:36 ` Christoph Hellwig 2017-04-24 22:17 ` Martin K. Petersen 0 siblings, 2 replies; 5+ messages in thread From: Alexey Khoroshilov @ 2017-04-23 23:01 UTC (permalink / raw) To: Christoph Hellwig Cc: Alexey Khoroshilov, James E.J. Bottomley, Martin K. Petersen, linux-scsi, linux-kernel, ldv-project As Christoph Hellwig noted, SCSI commands that transfer data always have a SG entry. The patch removes dead code in mvumi_make_sgl(), mvumi_complete_cmd() and mvumi_timed_out() that handle zero scsi_sg_count(scmd) case. Also the patch adds pci_unmap_sg() on failure path in mvumi_make_sgl(). Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> --- drivers/scsi/mvumi.c | 85 ++++++++++++++++------------------------------------ 1 file changed, 26 insertions(+), 59 deletions(-) diff --git a/drivers/scsi/mvumi.c b/drivers/scsi/mvumi.c index 247df5e79b71..fe97401ad192 100644 --- a/drivers/scsi/mvumi.c +++ b/drivers/scsi/mvumi.c @@ -210,39 +210,27 @@ static int mvumi_make_sgl(struct mvumi_hba *mhba, struct scsi_cmnd *scmd, unsigned int sgnum = scsi_sg_count(scmd); dma_addr_t busaddr; - if (sgnum) { - sg = scsi_sglist(scmd); - *sg_count = pci_map_sg(mhba->pdev, sg, sgnum, - (int) scmd->sc_data_direction); - if (*sg_count > mhba->max_sge) { - dev_err(&mhba->pdev->dev, "sg count[0x%x] is bigger " - "than max sg[0x%x].\n", - *sg_count, mhba->max_sge); - return -1; - } - for (i = 0; i < *sg_count; i++) { - busaddr = sg_dma_address(&sg[i]); - m_sg->baseaddr_l = cpu_to_le32(lower_32_bits(busaddr)); - m_sg->baseaddr_h = cpu_to_le32(upper_32_bits(busaddr)); - m_sg->flags = 0; - sgd_setsz(mhba, m_sg, cpu_to_le32(sg_dma_len(&sg[i]))); - if ((i + 1) == *sg_count) - m_sg->flags |= 1U << mhba->eot_flag; - - sgd_inc(mhba, m_sg); - } - } else { - scmd->SCp.dma_handle = scsi_bufflen(scmd) ? - pci_map_single(mhba->pdev, scsi_sglist(scmd), - scsi_bufflen(scmd), - (int) scmd->sc_data_direction) - : 0; - busaddr = scmd->SCp.dma_handle; + sg = scsi_sglist(scmd); + *sg_count = pci_map_sg(mhba->pdev, sg, sgnum, + (int) scmd->sc_data_direction); + if (*sg_count > mhba->max_sge) { + dev_err(&mhba->pdev->dev, + "sg count[0x%x] is bigger than max sg[0x%x].\n", + *sg_count, mhba->max_sge); + pci_unmap_sg(mhba->pdev, sg, sgnum, + (int) scmd->sc_data_direction); + return -1; + } + for (i = 0; i < *sg_count; i++) { + busaddr = sg_dma_address(&sg[i]); m_sg->baseaddr_l = cpu_to_le32(lower_32_bits(busaddr)); m_sg->baseaddr_h = cpu_to_le32(upper_32_bits(busaddr)); - m_sg->flags = 1U << mhba->eot_flag; - sgd_setsz(mhba, m_sg, cpu_to_le32(scsi_bufflen(scmd))); - *sg_count = 1; + m_sg->flags = 0; + sgd_setsz(mhba, m_sg, cpu_to_le32(sg_dma_len(&sg[i]))); + if ((i + 1) == *sg_count) + m_sg->flags |= 1U << mhba->eot_flag; + + sgd_inc(mhba, m_sg); } return 0; @@ -1350,21 +1338,10 @@ static void mvumi_complete_cmd(struct mvumi_hba *mhba, struct mvumi_cmd *cmd, break; } - if (scsi_bufflen(scmd)) { - if (scsi_sg_count(scmd)) { - pci_unmap_sg(mhba->pdev, - scsi_sglist(scmd), - scsi_sg_count(scmd), - (int) scmd->sc_data_direction); - } else { - pci_unmap_single(mhba->pdev, - scmd->SCp.dma_handle, - scsi_bufflen(scmd), - (int) scmd->sc_data_direction); - - scmd->SCp.dma_handle = 0; - } - } + if (scsi_bufflen(scmd)) + pci_unmap_sg(mhba->pdev, scsi_sglist(scmd), + scsi_sg_count(scmd), + (int) scmd->sc_data_direction); cmd->scmd->scsi_done(scmd); mvumi_return_cmd(mhba, cmd); } @@ -2171,19 +2148,9 @@ static enum blk_eh_timer_return mvumi_timed_out(struct scsi_cmnd *scmd) scmd->result = (DRIVER_INVALID << 24) | (DID_ABORT << 16); scmd->SCp.ptr = NULL; if (scsi_bufflen(scmd)) { - if (scsi_sg_count(scmd)) { - pci_unmap_sg(mhba->pdev, - scsi_sglist(scmd), - scsi_sg_count(scmd), - (int)scmd->sc_data_direction); - } else { - pci_unmap_single(mhba->pdev, - scmd->SCp.dma_handle, - scsi_bufflen(scmd), - (int)scmd->sc_data_direction); - - scmd->SCp.dma_handle = 0; - } + pci_unmap_sg(mhba->pdev, scsi_sglist(scmd), + scsi_sg_count(scmd), + (int)scmd->sc_data_direction); } mvumi_return_cmd(mhba, cmd); spin_unlock_irqrestore(mhba->shost->host_lock, flags); -- 2.7.4 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] scsi: mvumi: remove code handling zero scsi_sg_count(scmd) case 2017-04-23 23:01 ` [PATCH] scsi: mvumi: remove code handling zero scsi_sg_count(scmd) case Alexey Khoroshilov @ 2017-04-24 6:36 ` Christoph Hellwig 2017-04-24 22:17 ` Martin K. Petersen 1 sibling, 0 replies; 5+ messages in thread From: Christoph Hellwig @ 2017-04-24 6:36 UTC (permalink / raw) To: Alexey Khoroshilov Cc: Christoph Hellwig, James E.J. Bottomley, Martin K. Petersen, linux-scsi, linux-kernel, ldv-project Looks fine, Reviewed-by: Christoph Hellwig <hch@lst.de> Note that there is plenty opportunity for cleanup even in the moved code section, but let's get this issue sorted out only for now. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] scsi: mvumi: remove code handling zero scsi_sg_count(scmd) case 2017-04-23 23:01 ` [PATCH] scsi: mvumi: remove code handling zero scsi_sg_count(scmd) case Alexey Khoroshilov 2017-04-24 6:36 ` Christoph Hellwig @ 2017-04-24 22:17 ` Martin K. Petersen 1 sibling, 0 replies; 5+ messages in thread From: Martin K. Petersen @ 2017-04-24 22:17 UTC (permalink / raw) To: Alexey Khoroshilov Cc: Christoph Hellwig, James E.J. Bottomley, Martin K. Petersen, linux-scsi, linux-kernel, ldv-project Alexey, > As Christoph Hellwig noted, SCSI commands that transfer data > always have a SG entry. The patch removes dead code in > mvumi_make_sgl(), mvumi_complete_cmd() and mvumi_timed_out() > that handle zero scsi_sg_count(scmd) case. > > Also the patch adds pci_unmap_sg() on failure path in mvumi_make_sgl(). Applied to 4.12/scsi-queue, thanks! -- Martin K. Petersen Oracle Linux Engineering ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-04-24 22:18 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-04-21 23:17 [PATCH] scsi: mvumi: add check for dma mapping errors Alexey Khoroshilov 2017-04-23 8:41 ` Christoph Hellwig 2017-04-23 23:01 ` [PATCH] scsi: mvumi: remove code handling zero scsi_sg_count(scmd) case Alexey Khoroshilov 2017-04-24 6:36 ` Christoph Hellwig 2017-04-24 22:17 ` Martin K. Petersen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox