diff mbox series

scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression

Message ID 20210104234137.438275-1-arnd@kernel.org (mailing list archive)
State Accepted
Headers show
Series scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression | expand

Commit Message

Arnd Bergmann Jan. 4, 2021, 11:41 p.m. UTC
From: Arnd Bergmann <arnd@arndb.de>

Phil Oester reported that a fix for a possible buffer overrun that I
sent caused a regression that manifests in this output:

 Event Message: A PCI parity error was detected on a component at bus 0 device 5 function 0.
 Severity: Critical
 Message ID: PCI1308

The original code tried to handle the sense data pointer differently
when using 32-bit 64-bit DMA addressing, which would lead to a 32-bit
dma_addr_t value of 0x11223344 to get stored

32-bit kernel:       44 33 22 11 ?? ?? ?? ??
64-bit LE kernel:    44 33 22 11 00 00 00 00
64-bit BE kernel:    00 00 00 00 44 33 22 11

or a 64-bit dma_addr_t value of 0x1122334455667788 to get stored as

32-bit kernel:       88 77 66 55 ?? ?? ?? ??
64-bit kernel:       88 77 66 55 44 33 22 11

In my patch, I tried to ensure that the same value is used on both
32-bit and 64-bit kernels, and picked what seemed to be the most sensible
combination, storing 32-bit addresses in the first four bytes (as 32-bit
kernels already did), and 64-bit addresses in eight consecutive bytes
(as 64-bit kernels already did), but evidently this was incorrect.

Always storing the dma_addr_t pointer as 64-bit little-endian,
i.e. initializing the second four bytes to zero in case of 32-bit
addressing, apparently solved the problem for Phil, and is consistent
with what all 64-bit little-endian machines did before.

I also checked in the history that in previous versions of the code,
the pointer was always in the first four bytes without padding, and that
previous attempts to fix 64-bit user space, big-endian architectures
and 64-bit DMA were clearly flawed and seem to have introduced made
this worse.

Reported-by: Phil Oester <kernel@linuxace.com>
Fixes: 381d34e376e3 ("scsi: megaraid_sas: Check user-provided offsets")
Fixes: 107a60dd71b5 ("scsi: megaraid_sas: Add support for 64bit consistent DMA")
Fixes: 94cd65ddf4d7 ("[SCSI] megaraid_sas: addded support for big endian architecture")
Fixes: 7b2519afa1ab ("[SCSI] megaraid_sas: fix 64 bit sense pointer truncation")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
 drivers/scsi/megaraid/megaraid_sas_base.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

Comments

Phil Oester Jan. 5, 2021, 1:52 a.m. UTC | #1
On Tue, Jan 05, 2021 at 12:41:04AM +0100, Arnd Bergmann wrote:
> Phil Oester reported that a fix for a possible buffer overrun that I
> sent caused a regression that manifests in this output:
> 
>  Event Message: A PCI parity error was detected on a component at bus 0 device 5 function 0.
>  Severity: Critical
>  Message ID: PCI1308
> 
> The original code tried to handle the sense data pointer differently
> when using 32-bit 64-bit DMA addressing, which would lead to a 32-bit
> dma_addr_t value of 0x11223344 to get stored
> 
> 32-bit kernel:       44 33 22 11 ?? ?? ?? ??
> 64-bit LE kernel:    44 33 22 11 00 00 00 00
> 64-bit BE kernel:    00 00 00 00 44 33 22 11
> 
> or a 64-bit dma_addr_t value of 0x1122334455667788 to get stored as
> 
> 32-bit kernel:       88 77 66 55 ?? ?? ?? ??
> 64-bit kernel:       88 77 66 55 44 33 22 11
> 
> In my patch, I tried to ensure that the same value is used on both
> 32-bit and 64-bit kernels, and picked what seemed to be the most sensible
> combination, storing 32-bit addresses in the first four bytes (as 32-bit
> kernels already did), and 64-bit addresses in eight consecutive bytes
> (as 64-bit kernels already did), but evidently this was incorrect.
> 
> Always storing the dma_addr_t pointer as 64-bit little-endian,
> i.e. initializing the second four bytes to zero in case of 32-bit
> addressing, apparently solved the problem for Phil, and is consistent
> with what all 64-bit little-endian machines did before.
> 
> I also checked in the history that in previous versions of the code,
> the pointer was always in the first four bytes without padding, and that
> previous attempts to fix 64-bit user space, big-endian architectures
> and 64-bit DMA were clearly flawed and seem to have introduced made
> this worse.
> 
> Reported-by: Phil Oester <kernel@linuxace.com>
> Fixes: 381d34e376e3 ("scsi: megaraid_sas: Check user-provided offsets")
> Fixes: 107a60dd71b5 ("scsi: megaraid_sas: Add support for 64bit consistent DMA")
> Fixes: 94cd65ddf4d7 ("[SCSI] megaraid_sas: addded support for big endian architecture")
> Fixes: 7b2519afa1ab ("[SCSI] megaraid_sas: fix 64 bit sense pointer truncation")
> Signed-off-by: Arnd Bergmann <arnd@arndb.de>

This solves the issue on our Dell servers, thanks Arnd.

Phil
Martin K. Petersen Jan. 8, 2021, 4:19 a.m. UTC | #2
On Tue, 5 Jan 2021 00:41:04 +0100, Arnd Bergmann wrote:

> Phil Oester reported that a fix for a possible buffer overrun that I
> sent caused a regression that manifests in this output:
> 
>  Event Message: A PCI parity error was detected on a component at bus 0 device 5 function 0.
>  Severity: Critical
>  Message ID: PCI1308
> 
> [...]

Applied to 5.11/scsi-fixes, thanks!

[1/1] scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression
      https://git.kernel.org/mkp/scsi/c/b112036535ed
diff mbox series

Patch

diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index 6e4bf05c6d77..3b574c453414 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -8205,11 +8205,9 @@  megasas_mgmt_fw_ioctl(struct megasas_instance *instance,
 			goto out;
 		}
 
+		/* always store 64 bits regardless of addressing */
 		sense_ptr = (void *)cmd->frame + ioc->sense_off;
-		if (instance->consistent_mask_64bit)
-			put_unaligned_le64(sense_handle, sense_ptr);
-		else
-			put_unaligned_le32(sense_handle, sense_ptr);
+		put_unaligned_le64(sense_handle, sense_ptr);
 	}
 
 	/*