Re: [PATCH] qla2xxx: Fix NULL pointer deref in QLA interrupt

From: Thorsten Leemhuis
Date: Mon Jul 11 2016 - 03:30:37 EST


Bruno PrÃmont wrote on 11.07.2016 09:17:
> On Fri, 8 Jul 2016 09:27:18 +0200 Thorsten Leemhuis wrote:
>> Bruno PrÃmont wrote on 30.06.2016 17:00:
>> > In qla24xx_process_response_queue() rsp->msix->cpuid may trigger NULL
>> > pointer dereference when rsp->msix is NULL:
>> > [â]
>> > The affected code was introduced by commit cdb898c52d1dfad4b4800b83a58b3fe5d352edde
>> > (qla2xxx: Add irq affinity notification).
>> >
>> > Only dereference rsp->msix when it has been set so the machine can boot
>> > fine. Possibly rsp->msix is unset because:
>> > [ 3.479679] qla2xxx [0000:00:00.0]-0005: : QLogic Fibre Channel HBA Driver: 8.07.00.33-k.
>> > [ 3.481839] qla2xxx [0000:13:00.0]-001d: : Found an ISP2432 irq 17 iobase 0xffffc90000038000.
>> > [ 3.484081] qla2xxx [0000:13:00.0]-0035:0: MSI-X; Unsupported ISP2432 (0x2, 0x3).
>> > [ 3.485804] qla2xxx [0000:13:00.0]-0037:0: Falling back-to MSI mode -258.
>> > [ 3.890145] scsi host0: qla2xxx
>> > [ 3.891956] qla2xxx [0000:13:00.0]-00fb:0: QLogic QLE2460 - PCI-Express Single Channel 4Gb Fibre Channel HBA.
>> > [ 3.894207] qla2xxx [0000:13:00.0]-00fc:0: ISP2432: PCIe (2.5GT/s x4) @ 0000:13:00.0 hdma+ host#=0 fw=7.03.00 (9496).
>> > [ 5.714774] qla2xxx [0000:13:00.0]-500a:0: LOOP UP detected (4 Gbps).
>>
>> Bruno: Does that mean you actually tested that patch and it fixed the
>> problem for you? It looks like it, but there is some confusion about it;
>> that's one of the reasons why this patch didn't get any further yet
>> afaics, so a quick clarification might help to finally get this fixed
>> properly in mainline and stable.
> Yes, it does fix the Oops for me.

Thx for the feedback. The patch hit mainline late last week (it's
included in rc7) and should hopefully make it to the stable trees in a
week or two.

> I did not analyze the reason why rsp->msix is NULL (no idea if
> it remains NULL forever on my hardware) - I just extracted messages
> from qla driver shown during boot which seem to indicate a possible
> reason why msix is NULL.
> Further analysis should be done by someone with better knowledge of qla
> driver than mine though I would be happy to perform tests.

I have no idea about the details, but in case you missed it, this
discussion might have some more relevant details:
http://thread.gmane.org/gmane.linux.kernel/2247804/focus=2250727

Cheers, Thorsten