diff options
| author | Arun Easi <aeasi@marvell.com> | 2022-08-26 13:25:54 +0300 |
|---|---|---|
| committer | Martin K. Petersen <martin.petersen@oracle.com> | 2022-09-01 07:30:55 +0300 |
| commit | e4f8a29deb3ba30e414dfb6b09e3ae3bf6dbe74a (patch) | |
| tree | 5119f03677fbd9bfccb1e38b44bc56d2b3dd593d /drivers/scsi/qla2xxx | |
| parent | 6dc45a7322cb9db48a5b6696597a00ef7c778ef9 (diff) | |
| download | linux-e4f8a29deb3ba30e414dfb6b09e3ae3bf6dbe74a.tar.xz | |
scsi: qla2xxx: Fix response queue handler reading stale packets
On some platforms, the current logic of relying on finding new packet
solely based on signature pattern can lead to driver reading stale
packets. Though this is a bug in those platforms, reduce such exposures by
limiting reading packets until the IN pointer.
Link: https://lore.kernel.org/r/20220826102559.17474-3-njavali@marvell.com
Cc: stable@vger.kernel.org
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Arun Easi <aeasi@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Diffstat (limited to 'drivers/scsi/qla2xxx')
| -rw-r--r-- | drivers/scsi/qla2xxx/qla_isr.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c index ede76357ccb6..e19fde304e5c 100644 --- a/drivers/scsi/qla2xxx/qla_isr.c +++ b/drivers/scsi/qla2xxx/qla_isr.c @@ -3763,7 +3763,8 @@ void qla24xx_process_response_queue(struct scsi_qla_host *vha, struct qla_hw_data *ha = vha->hw; struct purex_entry_24xx *purex_entry; struct purex_item *pure_item; - u16 cur_ring_index; + u16 rsp_in = 0, cur_ring_index; + int is_shadow_hba; if (!ha->flags.fw_started) return; @@ -3773,7 +3774,18 @@ void qla24xx_process_response_queue(struct scsi_qla_host *vha, qla_cpu_update(rsp->qpair, smp_processor_id()); } - while (rsp->ring_ptr->signature != RESPONSE_PROCESSED) { +#define __update_rsp_in(_is_shadow_hba, _rsp, _rsp_in) \ + do { \ + _rsp_in = _is_shadow_hba ? *(_rsp)->in_ptr : \ + rd_reg_dword_relaxed((_rsp)->rsp_q_in); \ + } while (0) + + is_shadow_hba = IS_SHADOW_REG_CAPABLE(ha); + + __update_rsp_in(is_shadow_hba, rsp, rsp_in); + + while (rsp->ring_index != rsp_in && + rsp->ring_ptr->signature != RESPONSE_PROCESSED) { pkt = (struct sts_entry_24xx *)rsp->ring_ptr; cur_ring_index = rsp->ring_index; @@ -3887,6 +3899,7 @@ process_err: } pure_item = qla27xx_copy_fpin_pkt(vha, (void **)&pkt, &rsp); + __update_rsp_in(is_shadow_hba, rsp, rsp_in); if (!pure_item) break; qla24xx_queue_purex_item(vha, pure_item, |