All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] nvme-fc: initialize nvme_req(rq)->ctrl after calling __nvme_fc_init_request()
@ 2018-11-26 17:01 Ewan D. Milne
  2018-11-26 19:45 ` Hannes Reinecke
                   ` (2 more replies)
  0 siblings, 3 replies; 6+ messages in thread
From: Ewan D. Milne @ 2018-11-26 17:01 UTC (permalink / raw)


__nvme_fc_init_request() invokes memset() on the nvme_fcp_op_w_sgl structure, which
NULLed-out the nvme_req(req)->ctrl field previously set by nvme_fc_init_request().
This apparently was not referenced until commit faf4a44fff ("nvme: support traffic
based keep-alive") which now results in a crash in nvme_complete_rq():

[ 8386.897130] RIP: 0010:panic+0x220/0x26c
[ 8386.901406] Code: 83 3d 6f ee 72 01 00 74 05 e8 e8 54 02 00 48 c7 c6 40 fd 5b b4 48 c7 c7 d8 8d c6 b3 31e
[ 8386.922359] RSP: 0018:ffff99650019fc40 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 8386.930804] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000006
[ 8386.938764] RDX: 0000000000000000 RSI: 0000000000000082 RDI: ffff8e325f8168b0
[ 8386.946725] RBP: ffff99650019fcb0 R08: 0000000000000000 R09: 00000000000004f8
[ 8386.954687] R10: 0000000000000000 R11: ffff99650019f9b8 R12: ffffffffb3c55f3c
[ 8386.962648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001
[ 8386.970613]  oops_end+0xd1/0xe0
[ 8386.974116]  no_context+0x1b2/0x3c0
[ 8386.978006]  do_page_fault+0x32/0x140
[ 8386.982090]  page_fault+0x1e/0x30
[ 8386.985786] RIP: 0010:nvme_complete_rq+0x65/0x1d0 [nvme_core]
[ 8386.992195] Code: 41 bc 03 00 00 00 74 16 0f 86 c3 00 00 00 66 3d 83 00 41 bc 06 00 00 00 0f 85 e7 00 000
[ 8387.013147] RSP: 0018:ffff99650019fe18 EFLAGS: 00010246
[ 8387.018973] RAX: 0000000000000000 RBX: ffff8e322ae51280 RCX: 0000000000000001
[ 8387.026935] RDX: 0000000000000400 RSI: 0000000000000001 RDI: ffff8e322ae51280
[ 8387.034897] RBP: ffff8e322ae51280 R08: 0000000000000000 R09: ffffffffb2f0b890
[ 8387.042859] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
[ 8387.050821] R13: 0000000000000100 R14: 0000000000000004 R15: ffff8e2b0446d990
[ 8387.058782]  ? swiotlb_unmap_page+0x40/0x40
[ 8387.063448]  nvme_fc_complete_rq+0x2d/0x70 [nvme_fc]
[ 8387.068986]  blk_done_softirq+0xa1/0xd0
[ 8387.073264]  __do_softirq+0xd6/0x2a9
[ 8387.077251]  run_ksoftirqd+0x26/0x40
[ 8387.081238]  smpboot_thread_fn+0x10e/0x160
[ 8387.085807]  kthread+0xf8/0x130
[ 8387.089309]  ? sort_range+0x20/0x20
[ 8387.093198]  ? kthread_stop+0x110/0x110
[ 8387.097475]  ret_from_fork+0x35/0x40
[ 8387.101462] ---[ end trace 7106b0adf5e422f8 ]---

Fixes: faf4a44fff ("nvme: support traffic based keep-alive")
Signed-off-by: Ewan D. Milne <emilne at redhat.com>
---
 drivers/nvme/host/fc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/nvme/host/fc.c b/drivers/nvme/host/fc.c
index 83131e4..240d09e 100644
--- a/drivers/nvme/host/fc.c
+++ b/drivers/nvme/host/fc.c
@@ -1746,12 +1746,12 @@ enum {
 	struct nvme_fc_queue *queue = &ctrl->queues[queue_idx];
 	int res;
 
-	nvme_req(rq)->ctrl = &ctrl->ctrl;
 	res = __nvme_fc_init_request(ctrl, queue, &op->op, rq, queue->rqcnt++);
 	if (res)
 		return res;
 	op->op.fcp_req.first_sgl = &op->sgl[0];
 	op->op.fcp_req.private = &op->priv[0];
+	nvme_req(rq)->ctrl = &ctrl->ctrl;
 	return res;
 }
 
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 6+ messages in thread
* [PATCH] nvme-fc: initialize nvme_req(rq)->ctrl after calling __nvme_fc_init_request()
  2018-11-26 17:01 [PATCH] nvme-fc: initialize nvme_req(rq)->ctrl after calling __nvme_fc_init_request() Ewan D. Milne
@ 2018-11-26 19:45 ` Hannes Reinecke
  2018-11-27  7:35 ` Christoph Hellwig
  2018-11-27 17:07 ` James Smart
  2 siblings, 0 replies; 6+ messages in thread
From: Hannes Reinecke @ 2018-11-26 19:45 UTC (permalink / raw)


On 11/26/18 6:01 PM, Ewan D. Milne wrote:
> __nvme_fc_init_request() invokes memset() on the nvme_fcp_op_w_sgl structure, which
> NULLed-out the nvme_req(req)->ctrl field previously set by nvme_fc_init_request().
> This apparently was not referenced until commit faf4a44fff ("nvme: support traffic
> based keep-alive") which now results in a crash in nvme_complete_rq():
> 
> [ 8386.897130] RIP: 0010:panic+0x220/0x26c
> [ 8386.901406] Code: 83 3d 6f ee 72 01 00 74 05 e8 e8 54 02 00 48 c7 c6 40 fd 5b b4 48 c7 c7 d8 8d c6 b3 31e
> [ 8386.922359] RSP: 0018:ffff99650019fc40 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
> [ 8386.930804] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000006
> [ 8386.938764] RDX: 0000000000000000 RSI: 0000000000000082 RDI: ffff8e325f8168b0
> [ 8386.946725] RBP: ffff99650019fcb0 R08: 0000000000000000 R09: 00000000000004f8
> [ 8386.954687] R10: 0000000000000000 R11: ffff99650019f9b8 R12: ffffffffb3c55f3c
> [ 8386.962648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001
> [ 8386.970613]  oops_end+0xd1/0xe0
> [ 8386.974116]  no_context+0x1b2/0x3c0
> [ 8386.978006]  do_page_fault+0x32/0x140
> [ 8386.982090]  page_fault+0x1e/0x30
> [ 8386.985786] RIP: 0010:nvme_complete_rq+0x65/0x1d0 [nvme_core]
> [ 8386.992195] Code: 41 bc 03 00 00 00 74 16 0f 86 c3 00 00 00 66 3d 83 00 41 bc 06 00 00 00 0f 85 e7 00 000
> [ 8387.013147] RSP: 0018:ffff99650019fe18 EFLAGS: 00010246
> [ 8387.018973] RAX: 0000000000000000 RBX: ffff8e322ae51280 RCX: 0000000000000001
> [ 8387.026935] RDX: 0000000000000400 RSI: 0000000000000001 RDI: ffff8e322ae51280
> [ 8387.034897] RBP: ffff8e322ae51280 R08: 0000000000000000 R09: ffffffffb2f0b890
> [ 8387.042859] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
> [ 8387.050821] R13: 0000000000000100 R14: 0000000000000004 R15: ffff8e2b0446d990
> [ 8387.058782]  ? swiotlb_unmap_page+0x40/0x40
> [ 8387.063448]  nvme_fc_complete_rq+0x2d/0x70 [nvme_fc]
> [ 8387.068986]  blk_done_softirq+0xa1/0xd0
> [ 8387.073264]  __do_softirq+0xd6/0x2a9
> [ 8387.077251]  run_ksoftirqd+0x26/0x40
> [ 8387.081238]  smpboot_thread_fn+0x10e/0x160
> [ 8387.085807]  kthread+0xf8/0x130
> [ 8387.089309]  ? sort_range+0x20/0x20
> [ 8387.093198]  ? kthread_stop+0x110/0x110
> [ 8387.097475]  ret_from_fork+0x35/0x40
> [ 8387.101462] ---[ end trace 7106b0adf5e422f8 ]---
> 
> Fixes: faf4a44fff ("nvme: support traffic based keep-alive")
> Signed-off-by: Ewan D. Milne <emilne at redhat.com>
> ---
>   drivers/nvme/host/fc.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/nvme/host/fc.c b/drivers/nvme/host/fc.c
> index 83131e4..240d09e 100644
> --- a/drivers/nvme/host/fc.c
> +++ b/drivers/nvme/host/fc.c
> @@ -1746,12 +1746,12 @@ enum {
>   	struct nvme_fc_queue *queue = &ctrl->queues[queue_idx];
>   	int res;
>   
> -	nvme_req(rq)->ctrl = &ctrl->ctrl;
>   	res = __nvme_fc_init_request(ctrl, queue, &op->op, rq, queue->rqcnt++);
>   	if (res)
>   		return res;
>   	op->op.fcp_req.first_sgl = &op->sgl[0];
>   	op->op.fcp_req.private = &op->priv[0];
> +	nvme_req(rq)->ctrl = &ctrl->ctrl;
>   	return res;
>   }
>   
> 
Ah, that's the one. I've ran into that, too, but than had been too lazy 
to followup upon it.

Reviewed-by: Hannes Reinecke <hare at suse.com>

Cheers,

Hannes

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [PATCH] nvme-fc: initialize nvme_req(rq)->ctrl after calling __nvme_fc_init_request()
  2018-11-26 17:01 [PATCH] nvme-fc: initialize nvme_req(rq)->ctrl after calling __nvme_fc_init_request() Ewan D. Milne
  2018-11-26 19:45 ` Hannes Reinecke
@ 2018-11-27  7:35 ` Christoph Hellwig
  2018-11-27 17:07 ` James Smart
  2 siblings, 0 replies; 6+ messages in thread
From: Christoph Hellwig @ 2018-11-27  7:35 UTC (permalink / raw)


Thanks,

applied to nvme-4.20.

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [PATCH] nvme-fc: initialize nvme_req(rq)->ctrl after calling __nvme_fc_init_request()
  2018-11-26 17:01 [PATCH] nvme-fc: initialize nvme_req(rq)->ctrl after calling __nvme_fc_init_request() Ewan D. Milne
  2018-11-26 19:45 ` Hannes Reinecke
  2018-11-27  7:35 ` Christoph Hellwig
@ 2018-11-27 17:07 ` James Smart
  2 siblings, 0 replies; 6+ messages in thread
From: James Smart @ 2018-11-27 17:07 UTC (permalink / raw)




On 11/26/2018 9:01 AM, Ewan D. Milne wrote:
> __nvme_fc_init_request() invokes memset() on the nvme_fcp_op_w_sgl structure, which
> NULLed-out the nvme_req(req)->ctrl field previously set by nvme_fc_init_request().
> This apparently was not referenced until commit faf4a44fff ("nvme: support traffic
> based keep-alive") which now results in a crash in nvme_complete_rq():
>
> ...
>
> Fixes: faf4a44fff ("nvme: support traffic based keep-alive")
> Signed-off-by: Ewan D. Milne <emilne at redhat.com>
> ---
>

looks good. Thank Ewan.

-- james

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [PATCH] nvme-fc: initialize nvme_req(rq)->ctrl after calling __nvme_fc_init_request()
  2018-11-26 21:26 Ewan D. Milne
@ 2018-11-26 21:31 ` Ewan D. Milne
  0 siblings, 0 replies; 6+ messages in thread
From: Ewan D. Milne @ 2018-11-26 21:31 UTC (permalink / raw)


On Mon, 2018-11-26@16:26 -0500, Ewan D. Milne wrote:
> 

My apologies, duplicate email.

-Ewan

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [PATCH] nvme-fc: initialize nvme_req(rq)->ctrl after calling __nvme_fc_init_request()
@ 2018-11-26 21:26 Ewan D. Milne
  2018-11-26 21:31 ` Ewan D. Milne
  0 siblings, 1 reply; 6+ messages in thread
From: Ewan D. Milne @ 2018-11-26 21:26 UTC (permalink / raw)


__nvme_fc_init_request() invokes memset() on the nvme_fcp_op_w_sgl structure, which
NULLed-out the nvme_req(req)->ctrl field previously set by nvme_fc_init_request().
This apparently was not referenced until commit faf4a44fff ("nvme: support traffic
based keep-alive") which now results in a crash in nvme_complete_rq():

[ 8386.897130] RIP: 0010:panic+0x220/0x26c
[ 8386.901406] Code: 83 3d 6f ee 72 01 00 74 05 e8 e8 54 02 00 48 c7 c6 40 fd 5b b4 48 c7 c7 d8 8d c6 b3 31e
[ 8386.922359] RSP: 0018:ffff99650019fc40 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 8386.930804] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000006
[ 8386.938764] RDX: 0000000000000000 RSI: 0000000000000082 RDI: ffff8e325f8168b0
[ 8386.946725] RBP: ffff99650019fcb0 R08: 0000000000000000 R09: 00000000000004f8
[ 8386.954687] R10: 0000000000000000 R11: ffff99650019f9b8 R12: ffffffffb3c55f3c
[ 8386.962648] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001
[ 8386.970613]  oops_end+0xd1/0xe0
[ 8386.974116]  no_context+0x1b2/0x3c0
[ 8386.978006]  do_page_fault+0x32/0x140
[ 8386.982090]  page_fault+0x1e/0x30
[ 8386.985786] RIP: 0010:nvme_complete_rq+0x65/0x1d0 [nvme_core]
[ 8386.992195] Code: 41 bc 03 00 00 00 74 16 0f 86 c3 00 00 00 66 3d 83 00 41 bc 06 00 00 00 0f 85 e7 00 000
[ 8387.013147] RSP: 0018:ffff99650019fe18 EFLAGS: 00010246
[ 8387.018973] RAX: 0000000000000000 RBX: ffff8e322ae51280 RCX: 0000000000000001
[ 8387.026935] RDX: 0000000000000400 RSI: 0000000000000001 RDI: ffff8e322ae51280
[ 8387.034897] RBP: ffff8e322ae51280 R08: 0000000000000000 R09: ffffffffb2f0b890
[ 8387.042859] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
[ 8387.050821] R13: 0000000000000100 R14: 0000000000000004 R15: ffff8e2b0446d990
[ 8387.058782]  ? swiotlb_unmap_page+0x40/0x40
[ 8387.063448]  nvme_fc_complete_rq+0x2d/0x70 [nvme_fc]
[ 8387.068986]  blk_done_softirq+0xa1/0xd0
[ 8387.073264]  __do_softirq+0xd6/0x2a9
[ 8387.077251]  run_ksoftirqd+0x26/0x40
[ 8387.081238]  smpboot_thread_fn+0x10e/0x160
[ 8387.085807]  kthread+0xf8/0x130
[ 8387.089309]  ? sort_range+0x20/0x20
[ 8387.093198]  ? kthread_stop+0x110/0x110
[ 8387.097475]  ret_from_fork+0x35/0x40
[ 8387.101462] ---[ end trace 7106b0adf5e422f8 ]---

Fixes: faf4a44fff ("nvme: support traffic based keep-alive")
Signed-off-by: Ewan D. Milne <emilne at redhat.com>
---
 drivers/nvme/host/fc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/nvme/host/fc.c b/drivers/nvme/host/fc.c
index 83131e4..240d09e 100644
--- a/drivers/nvme/host/fc.c
+++ b/drivers/nvme/host/fc.c
@@ -1746,12 +1746,12 @@ enum {
 	struct nvme_fc_queue *queue = &ctrl->queues[queue_idx];
 	int res;
 
-	nvme_req(rq)->ctrl = &ctrl->ctrl;
 	res = __nvme_fc_init_request(ctrl, queue, &op->op, rq, queue->rqcnt++);
 	if (res)
 		return res;
 	op->op.fcp_req.first_sgl = &op->sgl[0];
 	op->op.fcp_req.private = &op->priv[0];
+	nvme_req(rq)->ctrl = &ctrl->ctrl;
 	return res;
 }
 
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-11-27 17:07 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-26 17:01 [PATCH] nvme-fc: initialize nvme_req(rq)->ctrl after calling __nvme_fc_init_request() Ewan D. Milne
2018-11-26 19:45 ` Hannes Reinecke
2018-11-27  7:35 ` Christoph Hellwig
2018-11-27 17:07 ` James Smart
2018-11-26 21:26 Ewan D. Milne
2018-11-26 21:31 ` Ewan D. Milne

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.