lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAK=zhgpD=+LFReApyqN3X_0LKoMOdsEivQD6ehQf4zQkFa5o_w@mail.gmail.com>
Date:   Mon, 25 Jul 2022 15:34:41 +0530
From:   Sreekanth Reddy <sreekanth.reddy@...adcom.com>
To:     Fengfei Xi <xi.fengfei@....com>
Cc:     Sathya Prakash Veerichetty <sathya.prakash@...adcom.com>,
        Suganath Prabu Subramani 
        <suganath-prabu.subramani@...adcom.com>,
        "James E.J. Bottomley" <jejb@...ux.ibm.com>,
        "Martin K. Petersen" <martin.petersen@...cle.com>,
        PDL-MPT-FUSIONLINUX <MPT-FusionLinux.pdl@...adcom.com>,
        linux-scsi <linux-scsi@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        zhou.kete@....com
Subject: Re: [PATCH] scsi: mpt3sas: fix kernel panic in scsih_qcmd after shutdown/unload

Hi Fengfei,

Driver is already returinging the SCSI IO commands (except for
SYNCHRONIZE_CACHE & START_STOP) with DID_NO_CONNECT when remove_host
is set to one.

Also during the shutdown driver is not freeing any controller memory
pools. And during driver unload driver is freeing the memory pools
only after target devices are unregistered with SML.

Can you please share the kernel panic call trace once. Also please let
me know which driver version is used.

Thanks,
Sreekanth

On Mon, Jul 25, 2022 at 1:01 PM Fengfei Xi <xi.fengfei@....com> wrote:
>
> We encountered a kernel crash problem after the user performed a
> shutdown operation. By analyzing the vmcore file, it is confirmed
> that it is scsih_qcmd called memset to access ioc->request resources
> that have been released in shutdown/module unload path.
>
> crash> struct MPT3SAS_ADAPTER 0xffff00ff85806880
> struct MPT3SAS_ADAPTER {
>   list = {
>     next = 0xffff800008eb8038 <mpt3sas_ioc_list>,
>     prev = 0xffff800008eb8038 <mpt3sas_ioc_list>
>   },
>   ...
>   name = "mpt3sas_cm0\000\000\000\000\000\000\000\
>   ...
>   remove_host = 1 '\001',
>   ...
>   request_sz = 128,
>   request = 0x0,
>   ...
>   sense = 0x0,
>
> The SCSI queuecommand handlers(scsih_qcmd) may be invoked after
> shutdown/unload, depending on other components. So we should add
> checks for 'ioc->remove_host' in scsih_qcmd, so not to access
> pointers/resources potentially freed in the PCI shutdown/module
> unload path.
>
> Just like the following commit:
>   9ff549ffb4fb4cc9a4b24d1de9dc3e68287797c4
>   scsi: mpt3sas: fix oops in error handlers after shutdown/unload
>
> Signed-off-by: Fengfei Xi <xi.fengfei@....com>
> ---
>  drivers/scsi/mpt3sas/mpt3sas_scsih.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
> index b519f4b59..d8994eaec 100644
> --- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
> +++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
> @@ -5140,7 +5140,8 @@ scsih_qcmd(struct Scsi_Host *shost, struct scsi_cmnd *scmd)
>                 scsi_print_command(scmd);
>
>         sas_device_priv_data = scmd->device->hostdata;
> -       if (!sas_device_priv_data || !sas_device_priv_data->sas_target) {
> +       if (!sas_device_priv_data || !sas_device_priv_data->sas_target ||
> +           ioc->remove_host) {
>                 scmd->result = DID_NO_CONNECT << 16;
>                 scsi_done(scmd);
>                 return 0;
> --
> 2.17.1
>

Download attachment "smime.p7s" of type "application/pkcs7-signature" (4218 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ