* [PATCH] qla2xxx: setup data needed in ISR before setting up the ISR
@ 2016-07-06 7:51 Johannes Thumshirn
2016-07-06 9:43 ` Hannes Reinecke
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Johannes Thumshirn @ 2016-07-06 7:51 UTC (permalink / raw)
To: James Bottomley, Martin K . Petersen
Cc: Linux SCSI Mailinglist, Linux Kernel Mailinglist, Johannes Thumshirn
qla2xxx first calls request_irq() and then does the setup of the queue
entry data needed in the interrupt handlers in when using MSI-X. This
could lead to a NULL pointer dereference when an IRQ fires between the
request_irq() call and the assignment of the qentry data structure to the
rsp->msix field. A possible case for such a race would be in the kdump
case when the HBA's IRQs are still enabled but the driver is undergoing
a new initialisation and thus is not aware of already activated IRQs in
the HBA.
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
---
drivers/scsi/qla2xxx/qla_isr.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c
index 5649c20..20743a3 100644
--- a/drivers/scsi/qla2xxx/qla_isr.c
+++ b/drivers/scsi/qla2xxx/qla_isr.c
@@ -3086,6 +3086,8 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp)
/* Enable MSI-X vectors for the base queue */
for (i = 0; i < 2; i++) {
qentry = &ha->msix_entries[i];
+ qentry->rsp = rsp;
+ rsp->msix = qentry;
if (IS_P3P_TYPE(ha))
ret = request_irq(qentry->vector,
qla82xx_msix_entries[i].handler,
@@ -3097,8 +3099,6 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp)
if (ret)
goto msix_register_fail;
qentry->have_irq = 1;
- qentry->rsp = rsp;
- rsp->msix = qentry;
/* Register for CPU affinity notification. */
irq_set_affinity_notifier(qentry->vector, &qentry->irq_notify);
@@ -3119,12 +3119,12 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp)
*/
if (QLA_TGT_MODE_ENABLED() && IS_ATIO_MSIX_CAPABLE(ha)) {
qentry = &ha->msix_entries[ATIO_VECTOR];
+ qentry->rsp = rsp;
+ rsp->msix = qentry;
ret = request_irq(qentry->vector,
qla83xx_msix_entries[ATIO_VECTOR].handler,
0, qla83xx_msix_entries[ATIO_VECTOR].name, rsp);
qentry->have_irq = 1;
- qentry->rsp = rsp;
- rsp->msix = qentry;
}
msix_register_fail:
--
1.8.5.6
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] qla2xxx: setup data needed in ISR before setting up the ISR
2016-07-06 7:51 [PATCH] qla2xxx: setup data needed in ISR before setting up the ISR Johannes Thumshirn
@ 2016-07-06 9:43 ` Hannes Reinecke
2016-07-14 4:28 ` Martin K. Petersen
2016-07-15 19:00 ` Martin K. Petersen
2 siblings, 0 replies; 5+ messages in thread
From: Hannes Reinecke @ 2016-07-06 9:43 UTC (permalink / raw)
To: Johannes Thumshirn, James Bottomley, Martin K . Petersen
Cc: Linux SCSI Mailinglist, Linux Kernel Mailinglist
On 07/06/2016 09:51 AM, Johannes Thumshirn wrote:
> qla2xxx first calls request_irq() and then does the setup of the queue
> entry data needed in the interrupt handlers in when using MSI-X. This
> could lead to a NULL pointer dereference when an IRQ fires between the
> request_irq() call and the assignment of the qentry data structure to the
> rsp->msix field. A possible case for such a race would be in the kdump
> case when the HBA's IRQs are still enabled but the driver is undergoing
> a new initialisation and thus is not aware of already activated IRQs in
> the HBA.
>
> Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
> ---
> drivers/scsi/qla2xxx/qla_isr.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
Reviewed-by: Hannes Reinecke <hare@suse.com>
Cheers,
Hannes
--
Dr. Hannes Reinecke Teamlead Storage & Networking
hare@suse.de +49 911 74053 688
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: F. Imendörffer, J. Smithard, J. Guild, D. Upmanyu, G. Norton
HRB 21284 (AG Nürnberg)
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] qla2xxx: setup data needed in ISR before setting up the ISR
2016-07-06 7:51 [PATCH] qla2xxx: setup data needed in ISR before setting up the ISR Johannes Thumshirn
2016-07-06 9:43 ` Hannes Reinecke
@ 2016-07-14 4:28 ` Martin K. Petersen
2016-07-14 13:50 ` Himanshu Madhani
2016-07-15 19:00 ` Martin K. Petersen
2 siblings, 1 reply; 5+ messages in thread
From: Martin K. Petersen @ 2016-07-14 4:28 UTC (permalink / raw)
To: Johannes Thumshirn
Cc: James Bottomley, Martin K . Petersen, Linux SCSI Mailinglist,
Linux Kernel Mailinglist, Giridhar Malavali, Quinn Tran,
Himanshu Madhani
>>>>> "Johannes" == Johannes Thumshirn <jthumshirn@suse.de> writes:
Johannes> qla2xxx first calls request_irq() and then does the setup of
Johannes> the queue entry data needed in the interrupt handlers in when
Johannes> using MSI-X. This could lead to a NULL pointer dereference
Johannes> when an IRQ fires between the request_irq() call and the
Johannes> assignment of the qentry data structure to the
rsp-> msix field. A possible case for such a race would be in the kdump
Johannes> case when the HBA's IRQs are still enabled but the driver is
Johannes> undergoing a new initialisation and thus is not aware of
Johannes> already activated IRQs in the HBA.
Qlogic folks: Please review!
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] qla2xxx: setup data needed in ISR before setting up the ISR
2016-07-14 4:28 ` Martin K. Petersen
@ 2016-07-14 13:50 ` Himanshu Madhani
0 siblings, 0 replies; 5+ messages in thread
From: Himanshu Madhani @ 2016-07-14 13:50 UTC (permalink / raw)
To: Martin K. Petersen, Johannes Thumshirn
Cc: James Bottomley, linux-scsi, linux-kernel, Giridhar Malavali, Quinn Tran
On 7/13/16, 9:28 PM, "Martin K. Petersen" <martin.petersen@oracle.com> wrote:
>>>>>> "Johannes" == Johannes Thumshirn <jthumshirn@suse.de> writes:
>
>Johannes> qla2xxx first calls request_irq() and then does the setup of
>Johannes> the queue entry data needed in the interrupt handlers in when
>Johannes> using MSI-X. This could lead to a NULL pointer dereference
>Johannes> when an IRQ fires between the request_irq() call and the
>Johannes> assignment of the qentry data structure to the
>rsp-> msix field. A possible case for such a race would be in the kdump
>Johannes> case when the HBA's IRQs are still enabled but the driver is
>Johannes> undergoing a new initialisation and thus is not aware of
>Johannes> already activated IRQs in the HBA.
>
>Qlogic folks: Please review!
Looks Good.
Reviewed-by: Himanshu Madhani <himanshu.madhani@qlogic.com>
>
>--
>Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] qla2xxx: setup data needed in ISR before setting up the ISR
2016-07-06 7:51 [PATCH] qla2xxx: setup data needed in ISR before setting up the ISR Johannes Thumshirn
2016-07-06 9:43 ` Hannes Reinecke
2016-07-14 4:28 ` Martin K. Petersen
@ 2016-07-15 19:00 ` Martin K. Petersen
2 siblings, 0 replies; 5+ messages in thread
From: Martin K. Petersen @ 2016-07-15 19:00 UTC (permalink / raw)
To: Johannes Thumshirn
Cc: James Bottomley, Martin K . Petersen, Linux SCSI Mailinglist,
Linux Kernel Mailinglist, himanshu.madhani
>>>>> "Johannes" == Johannes Thumshirn <jthumshirn@suse.de> writes:
Johannes> qla2xxx first calls request_irq() and then does the setup of
Johannes> the queue entry data needed in the interrupt handlers in when
Johannes> using MSI-X.
Applied to 4.8/scsi-queue.
--
Martin K. Petersen Oracle Linux Engineering
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-07-15 19:00 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-07-06 7:51 [PATCH] qla2xxx: setup data needed in ISR before setting up the ISR Johannes Thumshirn
2016-07-06 9:43 ` Hannes Reinecke
2016-07-14 4:28 ` Martin K. Petersen
2016-07-14 13:50 ` Himanshu Madhani
2016-07-15 19:00 ` Martin K. Petersen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).