diff mbox

[09/11] Fix crash in lpfc_sli_ringtxcmpl_put when nvmet gets an abort request.

Message ID 20170616055651.9674-10-jsmart2021@gmail.com (mailing list archive)
State Accepted
Headers show

Commit Message

James Smart June 16, 2017, 5:56 a.m. UTC 
When running nvme detach-ns /dev/nvme0n1 -n 1 command,
the nvmet lpfc driver crashes with this stack dump:

kernel BUG at /root/NVME/lpfc_8.4/lpfc_sli.c:1393!
invalid opcode: 0000 [#1] SMP
Workqueue: nvmet-fc-cpu0 nvmet_fc_do_work_on_cpu [nvmet_fc]
 lpfc_sli4_issue_wqe+0x357/0x440 [lpfc]
 lpfc_nvmet_xmt_fcp_abort+0x36b/0x5c0 [lpfc]
 nvmet_fc_abort_op+0x30/0x50 [nvmet_fc]
 nvmet_fc_do_work_on_cpu+0xd9/0x130 [nvmet_fc]
 process_one_work+0x14e/0x410
 worker_thread+0x116/0x490
 kthread+0xc7/0xe0
 ret_from_fork+0x3f/0x70

Crash is due to an uninitialized iocbq->vport pointer.

Explicitly set the iocbq->vport field to phba->pport in
lpfc_nvmet_sol_fcp_issue_abort as it does all abort iocbq
initialization in the routine.  Using phba->pport is ok because
target does not support NPIV instances.

Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
---
 drivers/scsi/lpfc/lpfc_nvmet.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Hannes Reinecke June 16, 2017, 8:02 a.m. UTC | #1 
On 06/16/2017 07:56 AM, James Smart wrote:
> When running nvme detach-ns /dev/nvme0n1 -n 1 command,
> the nvmet lpfc driver crashes with this stack dump:
> 
> kernel BUG at /root/NVME/lpfc_8.4/lpfc_sli.c:1393!
> invalid opcode: 0000 [#1] SMP
> Workqueue: nvmet-fc-cpu0 nvmet_fc_do_work_on_cpu [nvmet_fc]
>  lpfc_sli4_issue_wqe+0x357/0x440 [lpfc]
>  lpfc_nvmet_xmt_fcp_abort+0x36b/0x5c0 [lpfc]
>  nvmet_fc_abort_op+0x30/0x50 [nvmet_fc]
>  nvmet_fc_do_work_on_cpu+0xd9/0x130 [nvmet_fc]
>  process_one_work+0x14e/0x410
>  worker_thread+0x116/0x490
>  kthread+0xc7/0xe0
>  ret_from_fork+0x3f/0x70
> 
> Crash is due to an uninitialized iocbq->vport pointer.
> 
> Explicitly set the iocbq->vport field to phba->pport in
> lpfc_nvmet_sol_fcp_issue_abort as it does all abort iocbq
> initialization in the routine.  Using phba->pport is ok because
> target does not support NPIV instances.
> 
> Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
> Signed-off-by: James Smart <james.smart@broadcom.com>
> ---
>  drivers/scsi/lpfc/lpfc_nvmet.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/drivers/scsi/lpfc/lpfc_nvmet.c b/drivers/scsi/lpfc/lpfc_nvmet.c
> index 5fb29735e236..7dc061a14f95 100644
> --- a/drivers/scsi/lpfc/lpfc_nvmet.c
> +++ b/drivers/scsi/lpfc/lpfc_nvmet.c
> @@ -2523,6 +2523,7 @@ lpfc_nvmet_sol_fcp_issue_abort(struct lpfc_hba *phba,
>  	abts_wqeq->iocb_cmpl = 0;
>  	abts_wqeq->iocb_flag |= LPFC_IO_NVME;
>  	abts_wqeq->context2 = ctxp;
> +	abts_wqeq->vport = phba->pport;
>  	rc = lpfc_sli4_issue_wqe(phba, LPFC_FCP_RING, abts_wqeq);
>  	spin_unlock_irqrestore(&phba->hbalock, flags);
>  	if (rc == WQE_SUCCESS) {
> 
Reviewed-by: Hannes Reinecke <hare@suse.com>

Cheers,

Hannes
diff mbox

Patch

diff --git a/drivers/scsi/lpfc/lpfc_nvmet.c b/drivers/scsi/lpfc/lpfc_nvmet.c
index 5fb29735e236..7dc061a14f95 100644
--- a/drivers/scsi/lpfc/lpfc_nvmet.c
+++ b/drivers/scsi/lpfc/lpfc_nvmet.c
@@ -2523,6 +2523,7 @@  lpfc_nvmet_sol_fcp_issue_abort(struct lpfc_hba *phba,
 	abts_wqeq->iocb_cmpl = 0;
 	abts_wqeq->iocb_flag |= LPFC_IO_NVME;
 	abts_wqeq->context2 = ctxp;
+	abts_wqeq->vport = phba->pport;
 	rc = lpfc_sli4_issue_wqe(phba, LPFC_FCP_RING, abts_wqeq);
 	spin_unlock_irqrestore(&phba->hbalock, flags);
 	if (rc == WQE_SUCCESS) {