lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <c4e0c5db-2743-ea2e-8dd4-6dc4bdc9d572@linux.ibm.com>
Date:   Thu, 25 Feb 2021 14:13:29 -0800
From:   Tyrel Datwyler <tyreld@...ux.ibm.com>
To:     james.bottomley@...senpartnership.com
Cc:     martin.petersen@...cle.com, linux-scsi@...r.kernel.org,
        linuxppc-dev@...ts.ozlabs.org, linux-kernel@...r.kernel.org,
        brking@...ux.ibm.com
Subject: Re: [PATCH v3 2/5] ibmvfc: fix invalid sub-CRQ handles after hard
 reset

On 2/25/21 1:42 PM, Tyrel Datwyler wrote:
> A hard reset results in a complete transport disconnect such that the
> CRQ connection with the partner VIOS is broken. This has the side effect
> of also invalidating the associated sub-CRQs. The current code assumes
> that the sub-CRQs are perserved resulting in a protocol violation after
> trying to reconnect them with the VIOS. This introduces an infinite loop
> such that the VIOS forces a disconnect after each subsequent attempt to
> re-register with invalid handles.
> 
> Avoid the aforementioned issue by releasing the sub-CRQs prior to CRQ
> disconnect, and driving a reinitialization of the sub-CRQs once a new
> CRQ is registered with the hypervisor.
> 
> fixes: faacf8c5f1d5 ("ibmvfc: add alloc/dealloc routines for SCSI Sub-CRQ Channels")
> Signed-off-by: Tyrel Datwyler <tyreld@...ux.ibm.com>
> Reviewed-by: Brian King <brking@...ux.ibm.com>
> ---
>  drivers/scsi/ibmvscsi/ibmvfc.c | 21 +++++++++------------
>  1 file changed, 9 insertions(+), 12 deletions(-)
> 
> diff --git a/drivers/scsi/ibmvscsi/ibmvfc.c b/drivers/scsi/ibmvscsi/ibmvfc.c
> index 384960036f8b..2cca55f2e464 100644
> --- a/drivers/scsi/ibmvscsi/ibmvfc.c
> +++ b/drivers/scsi/ibmvscsi/ibmvfc.c
> @@ -158,6 +158,9 @@ static void ibmvfc_npiv_logout(struct ibmvfc_host *);
>  static void ibmvfc_tgt_implicit_logout_and_del(struct ibmvfc_target *);
>  static void ibmvfc_tgt_move_login(struct ibmvfc_target *);
>  
> +static void ibmvfc_release_sub_crqs(struct ibmvfc_host *);
> +static void ibmvfc_init_sub_crqs(struct ibmvfc_host *);
> +
>  static const char *unknown_error = "unknown error";
>  
>  static long h_reg_sub_crq(unsigned long unit_address, unsigned long ioba,
> @@ -926,8 +929,8 @@ static int ibmvfc_reset_crq(struct ibmvfc_host *vhost)
>  	unsigned long flags;
>  	struct vio_dev *vdev = to_vio_dev(vhost->dev);
>  	struct ibmvfc_queue *crq = &vhost->crq;
> -	struct ibmvfc_queue *scrq;
> -	int i;
> +
> +	ibmvfc_release_sub_crqs(vhost);
>  
>  	/* Close the CRQ */
>  	do {
> @@ -936,6 +939,8 @@ static int ibmvfc_reset_crq(struct ibmvfc_host *vhost)
>  		rc = plpar_hcall_norets(H_FREE_CRQ, vdev->unit_address);
>  	} while (rc == H_BUSY || H_IS_LONG_BUSY(rc));
>  
> +	ibmvfc_init_sub_crqs(vhost);

This has the same issue as patch 5 in that if fail to set up sub-crqs do_enquiry
will be set to zero, but the locked code region below will then flip it back to
one which we don't want.

-T

> +
>  	spin_lock_irqsave(vhost->host->host_lock, flags);
>  	spin_lock(vhost->crq.q_lock);
>  	vhost->state = IBMVFC_NO_CRQ;
> @@ -947,16 +952,6 @@ static int ibmvfc_reset_crq(struct ibmvfc_host *vhost)
>  	memset(crq->msgs.crq, 0, PAGE_SIZE);
>  	crq->cur = 0;
>  
> -	if (vhost->scsi_scrqs.scrqs) {
> -		for (i = 0; i < nr_scsi_hw_queues; i++) {
> -			scrq = &vhost->scsi_scrqs.scrqs[i];
> -			spin_lock(scrq->q_lock);
> -			memset(scrq->msgs.scrq, 0, PAGE_SIZE);
> -			scrq->cur = 0;
> -			spin_unlock(scrq->q_lock);
> -		}
> -	}
> -
>  	/* And re-open it again */
>  	rc = plpar_hcall_norets(H_REG_CRQ, vdev->unit_address,
>  				crq->msg_token, PAGE_SIZE);
> @@ -966,6 +961,7 @@ static int ibmvfc_reset_crq(struct ibmvfc_host *vhost)
>  		dev_warn(vhost->dev, "Partner adapter not ready\n");
>  	else if (rc != 0)
>  		dev_warn(vhost->dev, "Couldn't register crq (rc=%d)\n", rc);
> +
>  	spin_unlock(vhost->crq.q_lock);
>  	spin_unlock_irqrestore(vhost->host->host_lock, flags);
>  
> @@ -5692,6 +5688,7 @@ static void ibmvfc_deregister_scsi_channel(struct ibmvfc_host *vhost, int index)
>  
>  	free_irq(scrq->irq, scrq);
>  	irq_dispose_mapping(scrq->irq);
> +	scrq->irq = 0;
>  
>  	do {
>  		rc = plpar_hcall_norets(H_FREE_SUB_CRQ, vdev->unit_address,
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ