linux/drivers/scsi/qla2xxx
Roman Bolshakov f02d4086a8 scsi: qla2xxx: Reserve extra IRQ vectors
Commit a6dcfe0848 ("scsi: qla2xxx: Limit interrupt vectors to number of
CPUs") lowers the number of allocated MSI-X vectors to the number of CPUs.

That breaks vector allocation assumptions in qla83xx_iospace_config(),
qla24xx_enable_msix() and qla2x00_iospace_config(). Either of the functions
computes maximum number of qpairs as:

  ha->max_qpairs = ha->msix_count - 1 (MB interrupt) - 1 (default
                   response queue) - 1 (ATIO, in dual or pure target mode)

max_qpairs is set to zero in case of two CPUs and initiator mode. The
number is then used to allocate ha->queue_pair_map inside
qla2x00_alloc_queues(). No allocation happens and ha->queue_pair_map is
left NULL but the driver thinks there are queue pairs available.

qla2xxx_queuecommand() tries to find a qpair in the map and crashes:

  if (ha->mqenable) {
          uint32_t tag;
          uint16_t hwq;
          struct qla_qpair *qpair = NULL;

          tag = blk_mq_unique_tag(cmd->request);
          hwq = blk_mq_unique_tag_to_hwq(tag);
          qpair = ha->queue_pair_map[hwq]; # <- HERE

          if (qpair)
                  return qla2xxx_mqueuecommand(host, cmd, qpair);
  }

  BUG: kernel NULL pointer dereference, address: 0000000000000000
  #PF: supervisor read access in kernel mode
  #PF: error_code(0x0000) - not-present page
  PGD 0 P4D 0
  Oops: 0000 [#1] SMP PTI
  CPU: 0 PID: 72 Comm: kworker/u4:3 Tainted: G        W         5.10.0-rc1+ #25
  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014
  Workqueue: scsi_wq_7 fc_scsi_scan_rport [scsi_transport_fc]
  RIP: 0010:qla2xxx_queuecommand+0x16b/0x3f0 [qla2xxx]
  Call Trace:
   scsi_queue_rq+0x58c/0xa60
   blk_mq_dispatch_rq_list+0x2b7/0x6f0
   ? __sbitmap_get_word+0x2a/0x80
   __blk_mq_sched_dispatch_requests+0xb8/0x170
   blk_mq_sched_dispatch_requests+0x2b/0x50
   __blk_mq_run_hw_queue+0x49/0xb0
   __blk_mq_delay_run_hw_queue+0xfb/0x150
   blk_mq_sched_insert_request+0xbe/0x110
   blk_execute_rq+0x45/0x70
   __scsi_execute+0x10e/0x250
   scsi_probe_and_add_lun+0x228/0xda0
   __scsi_scan_target+0xf4/0x620
   ? __pm_runtime_resume+0x4f/0x70
   scsi_scan_target+0x100/0x110
   fc_scsi_scan_rport+0xa1/0xb0 [scsi_transport_fc]
   process_one_work+0x1ea/0x3b0
   worker_thread+0x28/0x3b0
   ? process_one_work+0x3b0/0x3b0
   kthread+0x112/0x130
   ? kthread_park+0x80/0x80
   ret_from_fork+0x22/0x30

The driver should allocate enough vectors to provide every CPU it's own HW
queue and still handle reserved (MB, RSP, ATIO) interrupts.

The change fixes the crash on dual core VM and prevents unbalanced QP
allocation where nr_hw_queues is two less than the number of CPUs.

Link: https://lore.kernel.org/r/20210412165740.39318-1-r.bolshakov@yadro.com
Fixes: a6dcfe0848 ("scsi: qla2xxx: Limit interrupt vectors to number of CPUs")
Cc: Daniel Wagner <daniel.wagner@suse.com>
Cc: Himanshu Madhani <himanshu.madhani@oracle.com>
Cc: Quinn Tran <qutran@marvell.com>
Cc: Nilesh Javali <njavali@marvell.com>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: stable@vger.kernel.org # 5.11+
Reported-by: Aleksandr Volkov <a.y.volkov@yadro.com>
Reported-by: Aleksandr Miloserdov <a.miloserdov@yadro.com>
Reviewed-by: Daniel Wagner <dwagner@suse.de>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2021-04-15 22:06:03 -04:00
..
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile
qla_attr.c scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() 2021-03-24 21:47:21 -04:00
qla_bsg.c scsi: qla2xxx: Reuse existing error handling path 2021-04-13 00:38:58 -04:00
qla_bsg.h scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port 2021-01-13 00:25:19 -05:00
qla_dbg.c scsi: qla2xxx: Fix crash in PCIe error handling 2021-03-29 22:38:58 -04:00
qla_dbg.h scsi: qla2xxx: Update default AER debug mask 2021-03-29 22:38:58 -04:00
qla_def.h scsi: qla2xxx: Fix crash in PCIe error handling 2021-03-29 22:38:58 -04:00
qla_devtbl.h
qla_dfs.c scsi: qla2xxx: Remove unnecessary NULL check 2021-01-22 22:04:16 -05:00
qla_dsd.h scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h 2019-08-12 21:34:04 -04:00
qla_fw.h scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe 2021-01-13 00:25:20 -05:00
qla_gbl.h scsi: qla2xxx: Fix crash in PCIe error handling 2021-03-29 22:38:58 -04:00
qla_gs.c scsi: qla2xxx: Do logout even if fabric scan retries got exhausted 2021-03-29 22:38:59 -04:00
qla_init.c scsi: qla2xxx: Fix crash in PCIe error handling 2021-03-29 22:38:58 -04:00
qla_inline.h scsi: qla2xxx: Fix crash in PCIe error handling 2021-03-29 22:38:58 -04:00
qla_iocb.c scsi: qla2xxx: Fix crash in PCIe error handling 2021-03-29 22:38:58 -04:00
qla_isr.c scsi: qla2xxx: Reserve extra IRQ vectors 2021-04-15 22:06:03 -04:00
qla_mbx.c scsi: qla2xxx: Fix mailbox recovery during PCIe error 2021-03-29 22:38:58 -04:00
qla_mid.c SPDX patches for 5.10-rc1 2020-10-14 16:19:42 -07:00
qla_mr.c scsi: qla2xxx: Suppress Coverity complaints about dseg_r* 2021-03-24 21:47:20 -04:00
qla_mr.h scsi: qla2xxx: Suppress Coverity complaints about dseg_r* 2021-03-24 21:47:20 -04:00
qla_nvme.c scsi: qla2xxx: Fix crash in PCIe error handling 2021-03-29 22:38:58 -04:00
qla_nvme.h SPDX patches for 5.10-rc1 2020-10-14 16:19:42 -07:00
qla_nx2.c scsi: qla2xxx: Simplify qla8044_minidump_process_control() 2021-03-24 21:47:21 -04:00
qla_nx2.h scsi/qla2xxx: Convert to SPDX license identifiers 2020-09-16 14:31:50 +02:00
qla_nx.c scsi: qla2xxx: Fix compilation issue in PPC systems 2020-12-09 11:34:17 -05:00
qla_nx.h scsi/qla2xxx: Convert to SPDX license identifiers 2020-09-16 14:31:50 +02:00
qla_os.c scsi: qla2xxx: Remove unneeded if-null-free check 2021-04-13 00:35:27 -04:00
qla_settings.h scsi/qla2xxx: Convert to SPDX license identifiers 2020-09-16 14:31:50 +02:00
qla_sup.c scsi: qla2xxx: Fix endianness annotations 2021-03-24 21:47:20 -04:00
qla_target.c Merge branch '5.12/scsi-fixes' into 5.13/scsi-staging 2021-04-05 22:57:29 -04:00
qla_target.h scsi: qla2xxx: Fix broken #endif placement 2021-03-15 22:53:24 -04:00
qla_tmpl.c SCSI misc on 20201216 2020-12-16 13:34:31 -08:00
qla_tmpl.h scsi: qla2xxx: Fix crash during driver load on big endian machines 2020-12-09 11:34:17 -05:00
qla_version.h scsi: qla2xxx: Update version to 10.02.00.106-k 2021-03-29 22:38:59 -04:00
tcm_qla2xxx.c Merge branch '5.12/scsi-fixes' into 5.13/scsi-staging 2021-04-05 22:57:29 -04:00
tcm_qla2xxx.h