Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752787AbdHQQCu (ORCPT ); Thu, 17 Aug 2017 12:02:50 -0400 Received: from esa3.hgst.iphmx.com ([216.71.153.141]:38016 "EHLO esa3.hgst.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751107AbdHQQCs (ORCPT ); Thu, 17 Aug 2017 12:02:48 -0400 X-IronPort-AV: E=Sophos;i="5.41,388,1498492800"; d="scan'208";a="42840265" From: Bart Van Assche To: "chaitra.basappa@broadcom.com" , "linux-scsi@vger.kernel.org" , "linux-kernel@vger.kernel.org" CC: "sathya.prakash@broadcom.com" , "sreekanth.reddy@broadcom.com" , "suganath-prabu.subramani@broadcom.com" , "kashyap.desai@broadcom.com" Subject: Re: smp-induced oops/NULL pointer dereference in mpt3sas, from kernel >= 4.11 Thread-Topic: smp-induced oops/NULL pointer dereference in mpt3sas, from kernel >= 4.11 Thread-Index: AdMXPgSwCDHxRl7xTOKzxtB4eznNuwANCIyA Date: Thu, 17 Aug 2017 16:02:00 +0000 Message-ID: <1502985717.2615.11.camel@wdc.com> References: <155d5b2c7af4ae0cc6162baf6a52ef5b@mail.gmail.com> In-Reply-To: <155d5b2c7af4ae0cc6162baf6a52ef5b@mail.gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Bart.VanAssche@wdc.com; x-originating-ip: [63.163.107.100] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;CY1PR0401MB1178;20:VDb261Rt0Jww4MHr58iFi7BoJlA20hS2PaLdU/GOQV3zGHlAWzql+HH94WeCtmXdBx+dPb7RLXwh5u1iTgFrsB+A5wNX2vPEGI3OaQjDKrJFyp+uhlWn8EFTZupKXABXZmfoYhb2cZZVkJyIEOEPDNUUzdrbmlmKetIxAWAvafU= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 21a81644-e9e3-4b31-c742-08d4e5894b51 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:CY1PR0401MB1178; x-ms-traffictypediagnostic: CY1PR0401MB1178: wdcipoutbound: EOP-TRUE x-exchange-antispam-report-test: UriScan:; x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(6055026)(6041248)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123555025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:CY1PR0401MB1178;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:CY1PR0401MB1178; x-forefront-prvs: 0402872DA1 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(6009001)(39860400002)(189002)(24454002)(199003)(377424004)(189998001)(81156014)(6506006)(99286003)(97736004)(81166006)(7736002)(3280700002)(6512007)(3660700001)(76176999)(72206003)(54906002)(50986999)(54356999)(2201001)(4326008)(6306002)(102836003)(8936002)(6116002)(3846002)(2900100001)(86362001)(2950100002)(25786009)(2501003)(229853002)(2906002)(77096006)(6486002)(305945005)(8676002)(68736007)(36756003)(478600001)(6436002)(14454004)(66066001)(5660300001)(33646002)(53936002)(101416001)(105586002)(6246003)(103116003)(106356001)(32563001);DIR:OUT;SFP:1102;SCL:1;SRVR:CY1PR0401MB1178;H:CY1PR0401MB1536.namprd04.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-ID: <2D8D73D94E07FB46AC2D085188B39288@namprd04.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: wdc.com X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Aug 2017 16:02:00.1392 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b61c8803-16f3-4c35-9b17-6f65f441df86 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0401MB1178 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by nfs id v7HG2rsK018852 Content-Length: 1062 Lines: 31 On Thu, 2017-08-17 at 15:18 +0530, Chaitra Basappa wrote: > We analyzed this issue and could figure out it is not because of driver, > its because the "sense" field of the 'struct scsi_request' is not being > populated properly from the upper layer. > And this "sense" member is being referenced in our driver code for kernel > versions >= 4.11 as shown below in the snippet: > Whereas as for < 4.11 kernel version this "sense" member was referenced > via 'struct request' > > > static int > _transport_smp_handler (.....) { > ..... > ..... > > > memcpy(scsi_req(req)->sense, mpi_reply, sizeof(*mpi_reply)); > > ..... > ..... > } > > And hence the NULL pointer dereference call trace is seen for the above > chunk of mpt3sas. This needs to be addressed from upper layer, so please > help us in getting this resolved. Hello Chaitra, Have you noticed the following e-mail thread: "[RFC PATCH 0/6] bsg: fix regression resulting in panics when sending commands via BSG and some sanity cleanups" (http://www.spinics.net/lists/linux-scsi/msg111724.html)? Bart.