mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-24 01:09:38 -05:00
28027ec8e3
The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf() and then call simple_read_from_buffer(), which in turns make the copy_to_user() call. BUG: unable to handle page fault for address: 00007f4801111000 PGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0 Oops: 0002 [#1] PREEMPT SMP PTI Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023 RIP: 0010:memcpy_orig+0xcd/0x130 RSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202 RAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f RDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000 RBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572 R10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff R13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af FS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x1a/0x60 ? page_fault_oops+0x183/0x510 ? exc_page_fault+0x69/0x150 ? asm_exc_page_fault+0x22/0x30 ? memcpy_orig+0xcd/0x130 vsnprintf+0x102/0x4c0 sprintf+0x51/0x80 qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324] full_proxy_read+0x50/0x80 vfs_read+0xa5/0x2e0 ? folio_add_new_anon_rmap+0x44/0xa0 ? set_pte_at+0x15/0x30 ? do_pte_missing+0x426/0x7f0 ksys_read+0xa5/0xe0 do_syscall_64+0x58/0x80 ? __count_memcg_events+0x46/0x90 ? count_memcg_event_mm+0x3d/0x60 ? handle_mm_fault+0x196/0x2f0 ? do_user_addr_fault+0x267/0x890 ? exc_page_fault+0x69/0x150 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f4800f20b4d Tested-by: Martin Hoyer <mhoyer@redhat.com> Reviewed-by: John Meneghini <jmeneghi@redhat.com> Signed-off-by: Manish Rangankar <mrangankar@marvell.com> Link: https://lore.kernel.org/r/20240415072155.30840-1-mrangankar@marvell.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
224 lines
5.5 KiB
C
224 lines
5.5 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/*
|
|
* QLogic iSCSI Offload Driver
|
|
* Copyright (c) 2016 Cavium Inc.
|
|
*/
|
|
|
|
#include "qedi.h"
|
|
#include "qedi_dbg.h"
|
|
|
|
#include <linux/uaccess.h>
|
|
#include <linux/debugfs.h>
|
|
#include <linux/module.h>
|
|
|
|
int qedi_do_not_recover;
|
|
static struct dentry *qedi_dbg_root;
|
|
|
|
void
|
|
qedi_dbg_host_init(struct qedi_dbg_ctx *qedi,
|
|
const struct qedi_debugfs_ops *dops,
|
|
const struct file_operations *fops)
|
|
{
|
|
char host_dirname[32];
|
|
|
|
sprintf(host_dirname, "host%u", qedi->host_no);
|
|
qedi->bdf_dentry = debugfs_create_dir(host_dirname, qedi_dbg_root);
|
|
|
|
while (dops) {
|
|
if (!(dops->name))
|
|
break;
|
|
|
|
debugfs_create_file(dops->name, 0600, qedi->bdf_dentry, qedi,
|
|
fops);
|
|
dops++;
|
|
fops++;
|
|
}
|
|
}
|
|
|
|
void
|
|
qedi_dbg_host_exit(struct qedi_dbg_ctx *qedi)
|
|
{
|
|
debugfs_remove_recursive(qedi->bdf_dentry);
|
|
qedi->bdf_dentry = NULL;
|
|
}
|
|
|
|
void
|
|
qedi_dbg_init(char *drv_name)
|
|
{
|
|
qedi_dbg_root = debugfs_create_dir(drv_name, NULL);
|
|
}
|
|
|
|
void
|
|
qedi_dbg_exit(void)
|
|
{
|
|
debugfs_remove_recursive(qedi_dbg_root);
|
|
qedi_dbg_root = NULL;
|
|
}
|
|
|
|
static ssize_t
|
|
qedi_dbg_do_not_recover_enable(struct qedi_dbg_ctx *qedi_dbg)
|
|
{
|
|
if (!qedi_do_not_recover)
|
|
qedi_do_not_recover = 1;
|
|
|
|
QEDI_INFO(qedi_dbg, QEDI_LOG_DEBUGFS, "do_not_recover=%d\n",
|
|
qedi_do_not_recover);
|
|
return 0;
|
|
}
|
|
|
|
static ssize_t
|
|
qedi_dbg_do_not_recover_disable(struct qedi_dbg_ctx *qedi_dbg)
|
|
{
|
|
if (qedi_do_not_recover)
|
|
qedi_do_not_recover = 0;
|
|
|
|
QEDI_INFO(qedi_dbg, QEDI_LOG_DEBUGFS, "do_not_recover=%d\n",
|
|
qedi_do_not_recover);
|
|
return 0;
|
|
}
|
|
|
|
static struct qedi_list_of_funcs qedi_dbg_do_not_recover_ops[] = {
|
|
{ "enable", qedi_dbg_do_not_recover_enable },
|
|
{ "disable", qedi_dbg_do_not_recover_disable },
|
|
{ NULL, NULL }
|
|
};
|
|
|
|
const struct qedi_debugfs_ops qedi_debugfs_ops[] = {
|
|
{ "gbl_ctx", NULL },
|
|
{ "do_not_recover", qedi_dbg_do_not_recover_ops},
|
|
{ "io_trace", NULL },
|
|
{ NULL, NULL }
|
|
};
|
|
|
|
static ssize_t
|
|
qedi_dbg_do_not_recover_cmd_write(struct file *filp, const char __user *buffer,
|
|
size_t count, loff_t *ppos)
|
|
{
|
|
size_t cnt = 0;
|
|
struct qedi_dbg_ctx *qedi_dbg =
|
|
(struct qedi_dbg_ctx *)filp->private_data;
|
|
struct qedi_list_of_funcs *lof = qedi_dbg_do_not_recover_ops;
|
|
|
|
if (*ppos)
|
|
return 0;
|
|
|
|
while (lof) {
|
|
if (!(lof->oper_str))
|
|
break;
|
|
|
|
if (!strncmp(lof->oper_str, buffer, strlen(lof->oper_str))) {
|
|
cnt = lof->oper_func(qedi_dbg);
|
|
break;
|
|
}
|
|
|
|
lof++;
|
|
}
|
|
return (count - cnt);
|
|
}
|
|
|
|
static ssize_t
|
|
qedi_dbg_do_not_recover_cmd_read(struct file *filp, char __user *buffer,
|
|
size_t count, loff_t *ppos)
|
|
{
|
|
char buf[64];
|
|
int len;
|
|
|
|
len = sprintf(buf, "do_not_recover=%d\n", qedi_do_not_recover);
|
|
return simple_read_from_buffer(buffer, count, ppos, buf, len);
|
|
}
|
|
|
|
static int
|
|
qedi_gbl_ctx_show(struct seq_file *s, void *unused)
|
|
{
|
|
struct qedi_fastpath *fp = NULL;
|
|
struct qed_sb_info *sb_info = NULL;
|
|
struct status_block *sb = NULL;
|
|
struct global_queue *que = NULL;
|
|
int id;
|
|
u16 prod_idx;
|
|
struct qedi_ctx *qedi = s->private;
|
|
unsigned long flags;
|
|
|
|
seq_puts(s, " DUMP CQ CONTEXT:\n");
|
|
|
|
for (id = 0; id < MIN_NUM_CPUS_MSIX(qedi); id++) {
|
|
spin_lock_irqsave(&qedi->hba_lock, flags);
|
|
seq_printf(s, "=========FAST CQ PATH [%d] ==========\n", id);
|
|
fp = &qedi->fp_array[id];
|
|
sb_info = fp->sb_info;
|
|
sb = sb_info->sb_virt;
|
|
prod_idx = (sb->pi_array[QEDI_PROTO_CQ_PROD_IDX] &
|
|
STATUS_BLOCK_PROD_INDEX_MASK);
|
|
seq_printf(s, "SB PROD IDX: %d\n", prod_idx);
|
|
que = qedi->global_queues[fp->sb_id];
|
|
seq_printf(s, "DRV CONS IDX: %d\n", que->cq_cons_idx);
|
|
seq_printf(s, "CQ complete host memory: %d\n", fp->sb_id);
|
|
seq_puts(s, "=========== END ==================\n\n\n");
|
|
spin_unlock_irqrestore(&qedi->hba_lock, flags);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
qedi_dbg_gbl_ctx_open(struct inode *inode, struct file *file)
|
|
{
|
|
struct qedi_dbg_ctx *qedi_dbg = inode->i_private;
|
|
struct qedi_ctx *qedi = container_of(qedi_dbg, struct qedi_ctx,
|
|
dbg_ctx);
|
|
|
|
return single_open(file, qedi_gbl_ctx_show, qedi);
|
|
}
|
|
|
|
static int
|
|
qedi_io_trace_show(struct seq_file *s, void *unused)
|
|
{
|
|
int id, idx = 0;
|
|
struct qedi_ctx *qedi = s->private;
|
|
struct qedi_io_log *io_log;
|
|
unsigned long flags;
|
|
|
|
seq_puts(s, " DUMP IO LOGS:\n");
|
|
spin_lock_irqsave(&qedi->io_trace_lock, flags);
|
|
idx = qedi->io_trace_idx;
|
|
for (id = 0; id < QEDI_IO_TRACE_SIZE; id++) {
|
|
io_log = &qedi->io_trace_buf[idx];
|
|
seq_printf(s, "iodir-%d:", io_log->direction);
|
|
seq_printf(s, "tid-0x%x:", io_log->task_id);
|
|
seq_printf(s, "cid-0x%x:", io_log->cid);
|
|
seq_printf(s, "lun-%d:", io_log->lun);
|
|
seq_printf(s, "op-0x%02x:", io_log->op);
|
|
seq_printf(s, "0x%02x%02x%02x%02x:", io_log->lba[0],
|
|
io_log->lba[1], io_log->lba[2], io_log->lba[3]);
|
|
seq_printf(s, "buflen-%d:", io_log->bufflen);
|
|
seq_printf(s, "sgcnt-%d:", io_log->sg_count);
|
|
seq_printf(s, "res-0x%08x:", io_log->result);
|
|
seq_printf(s, "jif-%lu:", io_log->jiffies);
|
|
seq_printf(s, "blk_req_cpu-%d:", io_log->blk_req_cpu);
|
|
seq_printf(s, "req_cpu-%d:", io_log->req_cpu);
|
|
seq_printf(s, "intr_cpu-%d:", io_log->intr_cpu);
|
|
seq_printf(s, "blk_rsp_cpu-%d\n", io_log->blk_rsp_cpu);
|
|
|
|
idx++;
|
|
if (idx == QEDI_IO_TRACE_SIZE)
|
|
idx = 0;
|
|
}
|
|
spin_unlock_irqrestore(&qedi->io_trace_lock, flags);
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
qedi_dbg_io_trace_open(struct inode *inode, struct file *file)
|
|
{
|
|
struct qedi_dbg_ctx *qedi_dbg = inode->i_private;
|
|
struct qedi_ctx *qedi = container_of(qedi_dbg, struct qedi_ctx,
|
|
dbg_ctx);
|
|
|
|
return single_open(file, qedi_io_trace_show, qedi);
|
|
}
|
|
|
|
const struct file_operations qedi_dbg_fops[] = {
|
|
qedi_dbg_fileops_seq(qedi, gbl_ctx),
|
|
qedi_dbg_fileops(qedi, do_not_recover),
|
|
qedi_dbg_fileops_seq(qedi, io_trace),
|
|
{ },
|
|
};
|