linux/drivers/scsi/be2iscsi
Jitendra Bhivare 938f372c7d scsi: be2iscsi: Fix async PDU handling path
BUG: unable to handle kernel NULL pointer dereference at 000000000000015e
IP: [<ffffffffa0081700>]
hwi_get_async_handle.isra.23.constprop.39+0x90/0x1d0 [be2iscsi]
PGD 0
Oops: 0000 [#1] SMP
...
Call Trace:
 <IRQ>
 [<ffffffffa00818bc>] hwi_process_default_pdu_ring+0x7c/0x280 [be2iscsi]
 [<ffffffffa0088f51>] beiscsi_process_cq+0x321/0xb90 [be2iscsi]
 [<ffffffff810af028>] ? __wake_up_common+0x58/0x90
 [<ffffffff810b0d84>] ? __wake_up+0x44/0x50
 [<ffffffffa0089a2d>] be_iopoll+0x1d/0xb0 [be2iscsi]
 [<ffffffff812d1f61>] blk_iopoll_softirq+0xc1/0x100
 [<ffffffff81084b0f>] __do_softirq+0xef/0x280

The symptom observed is multiple async handles get queued for same index
thus causing leak in buffers posted to FW.

The root cause is:
- async handle is continued to be used even if it does not match the
completion.
- list_move operation done on already filled index.

1. Remove use of writables, host_write_ptr and ep_read_ptr.
2. Remove consumed logic to update writables. Instead, use only
free_entries to do the accounting of handles to be posted back.
3. Remove busy_list, instead use simple slot to index handles.
4. Added check no data, header less and overflow to make sure
all async_handles are flushed in error cases.
5. Added code to verify gathering of handles to form PDU by
checking final bit before forwarding PDU.
6. Added code to catch mismatch with CQE and handle gracefully.
7. Use AMAP, traverse cri_wait_queue list to post buffers, log
"async PDU" related errors.
8. Rearranged few data structures and added comments in init &
processing path.
9. Added WARN_ONs to catch any HD ring corruption.

Signed-off-by: Jitendra Bhivare <jitendra.bhivare@broadcom.com>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-08-23 22:42:44 -04:00
..
be_cmds.c scsi: be2iscsi: Add FUNCTION_RESET during driver unload 2016-08-23 22:42:44 -04:00
be_cmds.h scsi: be2iscsi: Add FUNCTION_RESET during driver unload 2016-08-23 22:42:44 -04:00
be_iscsi.c scsi: be2iscsi: Add TPE recovery feature 2016-08-23 22:42:44 -04:00
be_iscsi.h scsi: be2iscsi: Move functions to right files 2016-08-23 22:42:43 -04:00
be_main.c scsi: be2iscsi: Fix async PDU handling path 2016-08-23 22:42:44 -04:00
be_main.h scsi: be2iscsi: Fix async PDU handling path 2016-08-23 22:42:44 -04:00
be_mgmt.c scsi: be2iscsi: Add TPE recovery feature 2016-08-23 22:42:44 -04:00
be_mgmt.h scsi: be2iscsi: Add TPE recovery feature 2016-08-23 22:42:44 -04:00
be.h scsi: be2iscsi: Fix to add timer for UE detection 2016-08-23 22:42:43 -04:00
Kconfig irq_poll: make blk-iopoll available outside the block layer 2015-12-11 11:52:24 -08:00
Makefile be2iscsi: Revert ownership to Emulex 2015-10-27 10:34:18 +09:00