From: Greg Kroah-Hartman Date: Mon, 27 Mar 2023 08:56:59 +0000 (+0200) Subject: 6.2-stable patches X-Git-Tag: v5.15.105~58 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f645e77a3b433f4f418e2e8f787bb30dba1bac14;p=thirdparty%2Fkernel%2Fstable-queue.git 6.2-stable patches added patches: scsi-qla2xxx-perform-lockless-command-completion-in-abort-path.patch scsi-qla2xxx-synchronize-the-iocb-count-to-be-in-order.patch --- diff --git a/queue-6.2/scsi-qla2xxx-perform-lockless-command-completion-in-abort-path.patch b/queue-6.2/scsi-qla2xxx-perform-lockless-command-completion-in-abort-path.patch new file mode 100644 index 00000000000..0349fcb9781 --- /dev/null +++ b/queue-6.2/scsi-qla2xxx-perform-lockless-command-completion-in-abort-path.patch @@ -0,0 +1,78 @@ +From 0367076b0817d5c75dfb83001ce7ce5c64d803a9 Mon Sep 17 00:00:00 2001 +From: Nilesh Javali +Date: Sun, 12 Mar 2023 21:37:10 -0700 +Subject: scsi: qla2xxx: Perform lockless command completion in abort path + +From: Nilesh Javali + +commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9 upstream. + +While adding and removing the controller, the following call trace was +observed: + +WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_free_attrs+0x33/0x50 +CPU: 3 PID: 623596 Comm: sh Kdump: loaded Not tainted 5.14.0-96.el9.x86_64 #1 +RIP: 0010:dma_free_attrs+0x33/0x50 + +Call Trace: + qla2x00_async_sns_sp_done+0x107/0x1b0 [qla2xxx] + qla2x00_abort_srb+0x8e/0x250 [qla2xxx] + ? ql_dbg+0x70/0x100 [qla2xxx] + __qla2x00_abort_all_cmds+0x108/0x190 [qla2xxx] + qla2x00_abort_all_cmds+0x24/0x70 [qla2xxx] + qla2x00_abort_isp_cleanup+0x305/0x3e0 [qla2xxx] + qla2x00_remove_one+0x364/0x400 [qla2xxx] + pci_device_remove+0x36/0xa0 + __device_release_driver+0x17a/0x230 + device_release_driver+0x24/0x30 + pci_stop_bus_device+0x68/0x90 + pci_stop_and_remove_bus_device_locked+0x16/0x30 + remove_store+0x75/0x90 + kernfs_fop_write_iter+0x11c/0x1b0 + new_sync_write+0x11f/0x1b0 + vfs_write+0x1eb/0x280 + ksys_write+0x5f/0xe0 + do_syscall_64+0x5c/0x80 + ? do_user_addr_fault+0x1d8/0x680 + ? do_syscall_64+0x69/0x80 + ? exc_page_fault+0x62/0x140 + ? asm_exc_page_fault+0x8/0x30 + entry_SYSCALL_64_after_hwframe+0x44/0xae + +The command was completed in the abort path during driver unload with a +lock held, causing the warning in abort path. Hence complete the command +without any lock held. + +Reported-by: Lin Li +Tested-by: Lin Li +Cc: stable@vger.kernel.org +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20230313043711.13500-2-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Reviewed-by: John Meneghini +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_os.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -1848,6 +1848,17 @@ __qla2x00_abort_all_cmds(struct qla_qpai + for (cnt = 1; cnt < req->num_outstanding_cmds; cnt++) { + sp = req->outstanding_cmds[cnt]; + if (sp) { ++ /* ++ * perform lockless completion during driver unload ++ */ ++ if (qla2x00_chip_is_down(vha)) { ++ req->outstanding_cmds[cnt] = NULL; ++ spin_unlock_irqrestore(qp->qp_lock_ptr, flags); ++ sp->done(sp, res); ++ spin_lock_irqsave(qp->qp_lock_ptr, flags); ++ continue; ++ } ++ + switch (sp->cmd_type) { + case TYPE_SRB: + qla2x00_abort_srb(qp, sp, res, &flags); diff --git a/queue-6.2/scsi-qla2xxx-synchronize-the-iocb-count-to-be-in-order.patch b/queue-6.2/scsi-qla2xxx-synchronize-the-iocb-count-to-be-in-order.patch new file mode 100644 index 00000000000..32cdb51c02c --- /dev/null +++ b/queue-6.2/scsi-qla2xxx-synchronize-the-iocb-count-to-be-in-order.patch @@ -0,0 +1,94 @@ +From d3affdeb400f3adc925bd996f3839481f5291839 Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Sun, 12 Mar 2023 21:37:11 -0700 +Subject: scsi: qla2xxx: Synchronize the IOCB count to be in order + +From: Quinn Tran + +commit d3affdeb400f3adc925bd996f3839481f5291839 upstream. + +A system hang was observed with the following call trace: + +BUG: kernel NULL pointer dereference, address: 0000000000000000 +PGD 0 P4D 0 +Oops: 0000 [#1] PREEMPT SMP NOPTI +CPU: 15 PID: 86747 Comm: nvme Kdump: loaded Not tainted 6.2.0+ #1 +Hardware name: Dell Inc. PowerEdge R6515/04F3CJ, BIOS 2.7.3 03/31/2022 +RIP: 0010:__wake_up_common+0x55/0x190 +Code: 41 f6 01 04 0f 85 b2 00 00 00 48 8b 43 08 4c 8d + 40 e8 48 8d 43 08 48 89 04 24 48 89 c6\ + 49 8d 40 18 48 39 c6 0f 84 e9 00 00 00 <49> 8b 40 18 89 6c 24 14 31 + ed 4c 8d 60 e8 41 8b 18 f6 c3 04 75 5d +RSP: 0018:ffffb05a82afbba0 EFLAGS: 00010082 +RAX: 0000000000000000 RBX: ffff8f9b83a00018 RCX: 0000000000000000 +RDX: 0000000000000001 RSI: ffff8f9b83a00020 RDI: ffff8f9b83a00018 +RBP: 0000000000000001 R08: ffffffffffffffe8 R09: ffffb05a82afbbf8 +R10: 70735f7472617473 R11: 5f30307832616c71 R12: 0000000000000001 +R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000 +FS: 00007f815cf4c740(0000) GS:ffff8f9eeed80000(0000) + knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 0000000000000000 CR3: 000000010633a000 CR4: 0000000000350ee0 +Call Trace: + + __wake_up_common_lock+0x83/0xd0 + qla_nvme_ls_req+0x21b/0x2b0 [qla2xxx] + __nvme_fc_send_ls_req+0x1b5/0x350 [nvme_fc] + nvme_fc_xmt_disconnect_assoc+0xca/0x110 [nvme_fc] + nvme_fc_delete_association+0x1bf/0x220 [nvme_fc] + ? nvme_remove_namespaces+0x9f/0x140 [nvme_core] + nvme_do_delete_ctrl+0x5b/0xa0 [nvme_core] + nvme_sysfs_delete+0x5f/0x70 [nvme_core] + kernfs_fop_write_iter+0x12b/0x1c0 + vfs_write+0x2a3/0x3b0 + ksys_write+0x5f/0xe0 + do_syscall_64+0x5c/0x90 + ? syscall_exit_work+0x103/0x130 + ? syscall_exit_to_user_mode+0x12/0x30 + ? do_syscall_64+0x69/0x90 + ? exit_to_user_mode_loop+0xd0/0x130 + ? exit_to_user_mode_prepare+0xec/0x100 + ? syscall_exit_to_user_mode+0x12/0x30 + ? do_syscall_64+0x69/0x90 + ? syscall_exit_to_user_mode+0x12/0x30 + ? do_syscall_64+0x69/0x90 + entry_SYSCALL_64_after_hwframe+0x72/0xdc + RIP: 0033:0x7f815cd3eb97 + +The IOCB counts are out of order and that would block any commands from +going out and subsequently hang the system. Synchronize the IOCB count to +be in correct order. + +Fixes: 5f63a163ed2f ("scsi: qla2xxx: Fix exchange oversubscription for management commands") +Cc: stable@vger.kernel.org +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20230313043711.13500-3-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Reviewed-by: John Meneghini +Tested-by: Lin Li +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_isr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/qla2xxx/qla_isr.c ++++ b/drivers/scsi/qla2xxx/qla_isr.c +@@ -1900,6 +1900,8 @@ qla2x00_get_sp_from_handle(scsi_qla_host + } + + req->outstanding_cmds[index] = NULL; ++ ++ qla_put_fw_resources(sp->qpair, &sp->iores); + return sp; + } + +@@ -3112,7 +3114,6 @@ qla25xx_process_bidir_status_iocb(scsi_q + } + bsg_reply->reply_payload_rcv_len = 0; + +- qla_put_fw_resources(sp->qpair, &sp->iores); + done: + /* Return the vendor specific reply to API */ + bsg_reply->reply_data.vendor_reply.vendor_rsp[0] = rval; diff --git a/queue-6.2/series b/queue-6.2/series index ace7afa9d61..e5589785b37 100644 --- a/queue-6.2/series +++ b/queue-6.2/series @@ -110,3 +110,5 @@ perf-x86-amd-core-always-clear-status-for-idx.patch entry-rcu-check-tif_resched-_after_-delayed-rcu-wake.patch hwmon-fix-potential-sensor-registration-fail-if-of_n.patch hwmon-it87-fix-voltage-scaling-for-chips-with-10.9mv.patch +scsi-qla2xxx-synchronize-the-iocb-count-to-be-in-order.patch +scsi-qla2xxx-perform-lockless-command-completion-in-abort-path.patch