[PATCH 5.15 019/136] scsi: qla2xxx: Fix response queue handler reading stale packets

From: Greg Kroah-Hartman
Date: Mon Aug 29 2022 - 07:02:57 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.15 020/136] scsi: qla2xxx: edif: Fix dropped IKE message"
Previous message: Greg Kroah-Hartman: "[PATCH 5.15 018/136] drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist"
In reply to: Greg Kroah-Hartman: "[PATCH 5.15 018/136] drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.15 020/136] scsi: qla2xxx: edif: Fix dropped IKE message"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Arun Easi <aeasi@xxxxxxxxxxx>

[ Upstream commit b1f707146923335849fb70237eec27d4d1ae7d62 ]

On some platforms, the current logic of relying on finding new packet
solely based on signature pattern can lead to driver reading stale
packets. Though this is a bug in those platforms, reduce such exposures by
limiting reading packets until the IN pointer.

Two module parameters are introduced:

ql2xrspq_follow_inptr:

When set, on newer adapters that has queue pointer shadowing, look for
response packets only until response queue in pointer.

When reset, response packets are read based on a signature pattern
logic (old way).

ql2xrspq_follow_inptr_legacy:

Like ql2xrspq_follow_inptr, but for those adapters where there is no
queue pointer shadowing.

Link: https://lore.kernel.org/r/20220713052045.10683-5-njavali@xxxxxxxxxxx
Cc: stable@xxxxxxxxxxxxxxx
Reviewed-by: Himanshu Madhani <himanshu.madhani@xxxxxxxxxx>
Signed-off-by: Arun Easi <aeasi@xxxxxxxxxxx>
Signed-off-by: Nilesh Javali <njavali@xxxxxxxxxxx>
Signed-off-by: Martin K. Petersen <martin.petersen@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
drivers/scsi/qla2xxx/qla_gbl.h | 2 ++
drivers/scsi/qla2xxx/qla_isr.c | 24 +++++++++++++++++++++++-
drivers/scsi/qla2xxx/qla_os.c | 10 ++++++++++
3 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h
index 2a6d613a76cf3..f82e4a348330a 100644
--- a/drivers/scsi/qla2xxx/qla_gbl.h
+++ b/drivers/scsi/qla2xxx/qla_gbl.h
@@ -192,6 +192,8 @@ extern int ql2xfulldump_on_mpifail;
extern int ql2xsecenable;
extern int ql2xenforce_iocb_limit;
extern int ql2xabts_wait_nvme;
+extern int ql2xrspq_follow_inptr;
+extern int ql2xrspq_follow_inptr_legacy;

extern int qla2x00_loop_reset(scsi_qla_host_t *);
extern void qla2x00_abort_all_cmds(scsi_qla_host_t *, int);
diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c
index b218f97396195..ecbc0a5ffb3f5 100644
--- a/drivers/scsi/qla2xxx/qla_isr.c
+++ b/drivers/scsi/qla2xxx/qla_isr.c
@@ -3767,6 +3767,8 @@ void qla24xx_process_response_queue(struct scsi_qla_host *vha,
struct qla_hw_data *ha = vha->hw;
struct purex_entry_24xx *purex_entry;
struct purex_item *pure_item;
+ u16 rsp_in = 0;
+ int follow_inptr, is_shadow_hba;

if (!ha->flags.fw_started)
return;
@@ -3776,7 +3778,25 @@ void qla24xx_process_response_queue(struct scsi_qla_host *vha,
qla_cpu_update(rsp->qpair, smp_processor_id());
}

- while (rsp->ring_ptr->signature != RESPONSE_PROCESSED) {
+#define __update_rsp_in(_update, _is_shadow_hba, _rsp, _rsp_in) \
+ do { \
+ if (_update) { \
+ _rsp_in = _is_shadow_hba ? *(_rsp)->in_ptr : \
+ rd_reg_dword_relaxed((_rsp)->rsp_q_in); \
+ } \
+ } while (0)
+
+ is_shadow_hba = IS_SHADOW_REG_CAPABLE(ha);
+ follow_inptr = is_shadow_hba ? ql2xrspq_follow_inptr :
+ ql2xrspq_follow_inptr_legacy;
+
+ __update_rsp_in(follow_inptr, is_shadow_hba, rsp, rsp_in);
+
+ while ((likely(follow_inptr &&
+ rsp->ring_index != rsp_in &&
+ rsp->ring_ptr->signature != RESPONSE_PROCESSED)) ||
+ (!follow_inptr &&
+ rsp->ring_ptr->signature != RESPONSE_PROCESSED)) {
pkt = (struct sts_entry_24xx *)rsp->ring_ptr;

rsp->ring_index++;
@@ -3889,6 +3909,8 @@ void qla24xx_process_response_queue(struct scsi_qla_host *vha,
}
pure_item = qla27xx_copy_fpin_pkt(vha,
(void **)&pkt, &rsp);
+ __update_rsp_in(follow_inptr, is_shadow_hba,
+ rsp, rsp_in);
if (!pure_item)
break;
qla24xx_queue_purex_item(vha, pure_item,
diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
index 6542a258cb751..00e97f0a07ebe 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -338,6 +338,16 @@ module_param(ql2xdelay_before_pci_error_handling, uint, 0644);
MODULE_PARM_DESC(ql2xdelay_before_pci_error_handling,
"Number of seconds delayed before qla begin PCI error self-handling (default: 5).\n");

+int ql2xrspq_follow_inptr = 1;
+module_param(ql2xrspq_follow_inptr, int, 0644);
+MODULE_PARM_DESC(ql2xrspq_follow_inptr,
+ "Follow RSP IN pointer for RSP updates for HBAs 27xx and newer (default: 1).");
+
+int ql2xrspq_follow_inptr_legacy = 1;
+module_param(ql2xrspq_follow_inptr_legacy, int, 0644);
+MODULE_PARM_DESC(ql2xrspq_follow_inptr_legacy,
+ "Follow RSP IN pointer for RSP updates for HBAs older than 27XX. (default: 1).");
+
static void qla2x00_clear_drv_active(struct qla_hw_data *);
static void qla2x00_free_device(scsi_qla_host_t *);
static int qla2xxx_map_queues(struct Scsi_Host *shost);
--
2.35.1

Next message: Greg Kroah-Hartman: "[PATCH 5.15 020/136] scsi: qla2xxx: edif: Fix dropped IKE message"
Previous message: Greg Kroah-Hartman: "[PATCH 5.15 018/136] drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist"
In reply to: Greg Kroah-Hartman: "[PATCH 5.15 018/136] drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.15 020/136] scsi: qla2xxx: edif: Fix dropped IKE message"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]