Received: by 10.223.176.46 with SMTP id f43csp272701wra;
        Tue, 23 Jan 2018 20:47:08 -0800 (PST)
X-Google-Smtp-Source: AH8x2265oWiY9zpSoTi1f8WwVlRrzIYyhZ3NlV49E0EARFtn1DUJsNLPqFiSozUCB5E6LC1nB3jD
X-Received: by 10.99.126.73 with SMTP id o9mr824052pgn.429.1516769228534;
        Tue, 23 Jan 2018 20:47:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516769228; cv=none;
        d=google.com; s=arc-20160816;
        b=UOQdIZ6u5WtoaIEmnBcoFqw41+wAWxfoLPy+3a2i8EvWNyPhLqNgYwwUe9QPoAPNm+
         YclodQaAXp647bruuKFGY2aFfg9/qoluEPmObhHYp7rj5PQ0Ls9NVz80Tn7p5JH6BNhh
         XMclUszg9eN2UEYXXXB6BqgW/KTw7UOiZR/8/yI9L58AzOqEDz5Oo+npx44XTpkLuFHw
         3XRtEyc764LPeTHYvAFUgmoRVqDRy/SsenHQwEOnY2jZWoV0TkgpZnKyP0LRgdP1vuJ/
         +hJgkhHK19F2xGLEWj1+x3XlyKeqLYBedKj/BCAz5dJFJJpa10bO0HB37rRTPuGIZRB2
         d5xQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:content-transfer-encoding
         :spamdiagnosticmetadata:spamdiagnosticoutput:content-language
         :accept-language:in-reply-to:references:message-id:date:thread-index
         :thread-topic:subject:cc:to:from:dkim-signature
         :arc-authentication-results;
        bh=v2HfofydAEyXhJ/boGth5YBv65zsr7Ja4W7V1e7L3Hs=;
        b=SDO1PeXrwxdCXqa8PgDpTEHExc1u/YyfiN1Y/qw//B8+k3i7V4hu9dowxMY1kB5lK1
         Ra8oSc2tO1Uq+niL2kVuKhwMmo23oNpAk5v4T+XveyC0mWO8A5BqO61ZfKaxdiYZawSn
         RD3Bkn5l1KAHVmthsDYHbgB50poY3mMDhHzLmf74+urxs2qla3HQMmOkluRlkh/vN2t0
         89u3iZAREXHZ7gdgmhyazsbmv9JxjQzUxbzLobzRkspg70JKs4wpA6BfS/p/W/4QAQBX
         j4PPPtS4WQpDobkRfwBaWRECCSL4VzcNyliY9yPJ6jgt8gts79lH2nmNG5viHH9Xn6y3
         JbnQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@microsoft.com header.s=selector1 header.b=WxgyqqkE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j22-v6si565096pli.788.2018.01.23.20.46.55;
        Tue, 23 Jan 2018 20:47:08 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@microsoft.com header.s=selector1 header.b=WxgyqqkE;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=microsoft.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932615AbeAXEQm (ORCPT <rfc822;xuyizhaos@gmail.com> + 99 others);
        Tue, 23 Jan 2018 23:16:42 -0500
Received: from mail-sn1nam01on0139.outbound.protection.outlook.com ([104.47.32.139]:26809
        "EHLO NAM01-SN1-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S932430AbeAXEQj (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 23 Jan 2018 23:16:39 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=v2HfofydAEyXhJ/boGth5YBv65zsr7Ja4W7V1e7L3Hs=;
 b=WxgyqqkETNjWCTUQP70DiGfqSmsO/6CQC/iyeTH+RdkLTJ4p1a74+u++8r2Ys5NS2rJlY8O5VQGkh2ChjaMyH33aHGjG0NrbUbDRms7TbtVl//+QWB7Zk9BQ2CIPq3QR7qbVyBc2fbcF7a7NHNgCNOgMMSJU4ql20zV3u2mXCUo=
Received: from DM5PR2101MB1032.namprd21.prod.outlook.com (52.132.128.13) by
 DM5PR2101MB0727.namprd21.prod.outlook.com (10.167.110.39) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.464.1; Wed, 24 Jan 2018 04:16:37 +0000
Received: from DM5PR2101MB1032.namprd21.prod.outlook.com
 ([fe80::6485:b98:d15e:9da7]) by DM5PR2101MB1032.namprd21.prod.outlook.com
 ([fe80::6485:b98:d15e:9da7%2]) with mapi id 15.20.0464.000; Wed, 24 Jan 2018
 04:16:37 +0000
From:   Sasha Levin <Alexander.Levin@microsoft.com>
To:     "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "stable@vger.kernel.org" <stable@vger.kernel.org>
CC:     "Guilherme G. Piccoli" <gpiccoli@linux.vnet.ibm.com>,
        "Martin K . Petersen" <martin.petersen@oracle.com>,
        Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [PATCH AUTOSEL for 4.14 091/100] scsi: aacraid: Prevent crash in case
 of free interrupt during scsi EH path
Thread-Topic: [PATCH AUTOSEL for 4.14 091/100] scsi: aacraid: Prevent crash in
 case of free interrupt during scsi EH path
Thread-Index: AQHTlMnu5KngMhQmKUama5l0YiYVUg==
Date:   Wed, 24 Jan 2018 04:15:12 +0000
Message-ID: <20180124041414.32065-91-alexander.levin@microsoft.com>
References: <20180124041414.32065-1-alexander.levin@microsoft.com>
In-Reply-To: <20180124041414.32065-1-alexander.levin@microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [52.168.54.252]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;DM5PR2101MB0727;6:hRyAwgi3ioLWH1qeeQyHHq9nmFV7Eo0bTFLe7BpiPd7iYq0gmJ8djiZRnAHMVPftDytBfQVvCy9FaF4IJFQs8DhOYQyNbrt0ec0GGNtiDgW7uK6ykx+ULHRyNiyEWIeQHI4WjjncuQCCZ6hGXAUR9RQslpX0ITqoW6DDZ8m9ecUKzXSA9chx+APxs/pIsU06z8hzVXBqBypfpGKsafHo5r7YgfDtSd8hDkl4BDbcHMbHQg8s5I4dCeuffoej7RyCjjqz+H7k2Wwni5r5ZWsULNDGCVmvPU4DFHO0tJdo0UklFlwDwtYmKDK3eQO70Zw5PXpsLUJubmi6gyqoAdYcJPr/akBwgGJBhKIVcT+z8BY9qh23iwAV7GyMWtwS7mfN;5:ZaqYDLlelkyQ6dQK+ZDOXCNxyGVBtwGxWHzCS5ShK5GsPdRi8Zdue+U6UwZzmx8cO7t1E7fIOlqTTl+fA+yTxtx1LRLwdKDLzhCRqihfJzfXh6INpKRovcJxFESDD/WE2p3tapxIGOMId7a3LDQfU0ZAQw/Dy6P5CPSP/fZJOXc=;24:ed330u/B/FkYjnXeS+vpaX0gTrPh8gnqKcXWJ9OoMSNoZhxm2Sef2QEqHRrbQMpcH/Ot/TkBanUzBE3K1murugYk0OrpukIU8dfsz1uF1fU=;7:7Ar+mydPA233mixY/xogylYsQUy2TTD0LScgUifwQbWLkK8KNX6mXj2N6TDnfhWuUop7LSMoIJqtZdUEfvIhS+fvyRxs+rVTMYg/Bfrrds6L0Lg1rS1Wi4HQqOFx0irzD0Va0JjNv3DlfliOx1qsRD0jJbhY0cf9D/ZcoLgkhixcepUIsZVdX/VN7madaP/ECpH3m8DqNmelioR/LYGhS5tMWco6OBOXmqewCJj8tP3VJU3fTnf18PqTM4UrQros
x-ms-office365-filtering-correlation-id: 6dc9989b-56f3-422a-75c2-08d562e14340
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(2017052603307)(7193020);SRVR:DM5PR2101MB0727;
x-ms-traffictypediagnostic: DM5PR2101MB0727:
x-microsoft-antispam-prvs: <DM5PR2101MB0727929BB976020076BE4086FBE20@DM5PR2101MB0727.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(89211679590171)(72170198267865)(104084551191319)(146099531331640);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(61425038)(6040501)(2401047)(5005006)(8121501046)(3231046)(2400081)(944501161)(3002001)(93006095)(93001095)(10201501046)(6055026)(61426038)(61427038)(6041288)(20161123560045)(20161123558120)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011);SRVR:DM5PR2101MB0727;BCL:0;PCL:0;RULEID:;SRVR:DM5PR2101MB0727;
x-forefront-prvs: 056297E276
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(346002)(396003)(366004)(39380400002)(39860400002)(376002)(189003)(199004)(86612001)(6506007)(106356001)(76176011)(59450400001)(6346003)(54906003)(86362001)(2501003)(110136005)(1076002)(7736002)(5250100002)(3660700001)(316002)(26005)(102836004)(2950100002)(6666003)(99286004)(97736004)(22452003)(107886003)(6436002)(53936002)(478600001)(66066001)(14454004)(2900100001)(6512007)(2906002)(5660300001)(8936002)(4326008)(10290500003)(305945005)(10090500001)(68736007)(25786009)(81166006)(72206003)(36756003)(8676002)(81156014)(3846002)(6116002)(3280700002)(105586002)(6486002)(22906009)(217873001);DIR:OUT;SFP:1102;SCL:1;SRVR:DM5PR2101MB0727;H:DM5PR2101MB1032.namprd21.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate
 permitted sender hosts)
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=Alexander.Levin@microsoft.com; 
x-microsoft-antispam-message-info: iC/EAXvAlfrXLKsjeyGkZlR9LFR+L3aMfbYbcshMPfgLecTlPjfy8ZSN/WwPVF1Zrcx0r4xawoASU5RhpqAzUQ==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6dc9989b-56f3-422a-75c2-08d562e14340
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Jan 2018 04:15:12.9242
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR2101MB0727
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: "Guilherme G. Piccoli" <gpiccoli@linux.vnet.ibm.com>

[ Upstream commit e4717292ddebcfe231651b5aff9fa19ca158d178 ]

As part of the scsi EH path, aacraid performs a reinitialization of the
adapter, which encompass freeing resources and IRQs, NULLifying lots of
pointers, and then initialize it all over again.  We've identified a
problem during the free IRQ portion of this path if CONFIG_DEBUG_SHIRQ
is enabled on kernel config file.

Happens that, in case this flag was set, right after free_irq()
effectively clears the interrupt, it checks if it was requested as
IRQF_SHARED. In positive case, it performs another call to the IRQ
handler on driver. Problem is: since aacraid currently free some
resources *before* freeing the IRQ, once free_irq() path calls the
handler again (due to CONFIG_DEBUG_SHIRQ), aacraid crashes due to NULL
pointer dereference with the following trace:

  aac_src_intr_message+0xf8/0x740 [aacraid]
  __free_irq+0x33c/0x4a0
  free_irq+0x78/0xb0
  aac_free_irq+0x13c/0x150 [aacraid]
  aac_reset_adapter+0x2e8/0x970 [aacraid]
  aac_eh_reset+0x3a8/0x5d0 [aacraid]
  scsi_try_host_reset+0x74/0x180
  scsi_eh_ready_devs+0xc70/0x1510
  scsi_error_handler+0x624/0xa20

This patch prevents the crash by changing the order of the
deinitialization in this path of aacraid: first we clear the IRQ, then
we free other resources. No functional change intended.

Signed-off-by: Guilherme G. Piccoli <gpiccoli@linux.vnet.ibm.com>
Reviewed-by: Raghava Aditya Renukunta <RaghavaAditya.Renukunta@microsemi.co=
m>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
 drivers/scsi/aacraid/commsup.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/scsi/aacraid/commsup.c b/drivers/scsi/aacraid/commsup.=
c
index 525a652dab48..16a200127687 100644
--- a/drivers/scsi/aacraid/commsup.c
+++ b/drivers/scsi/aacraid/commsup.c
@@ -1583,6 +1583,7 @@ static int _aac_reset_adapter(struct aac_dev *aac, in=
t forced, u8 reset_type)
 	 * will ensure that i/o is queisced and the card is flushed in that
 	 * case.
 	 */
+	aac_free_irq(aac);
 	aac_fib_map_free(aac);
 	dma_free_coherent(&aac->pdev->dev, aac->comm_size, aac->comm_addr,
 			  aac->comm_phys);
@@ -1590,7 +1591,6 @@ static int _aac_reset_adapter(struct aac_dev *aac, in=
t forced, u8 reset_type)
 	aac->comm_phys =3D 0;
 	kfree(aac->queues);
 	aac->queues =3D NULL;
-	aac_free_irq(aac);
 	kfree(aac->fsa_dev);
 	aac->fsa_dev =3D NULL;
=20
--=20
2.11.0