diff mbox series

lpfc: size cpu map by last cpu id set

Message ID 20191121175556.18953-1-jsmart2021@gmail.com (mailing list archive)
State Mainlined
Commit eede4970fb6c29f2056d7d016a3764c90e9d8a65
Headers show
Series lpfc: size cpu map by last cpu id set | expand

Commit Message

James Smart Nov. 21, 2019, 5:55 p.m. UTC 
Currently the lpfc driver sizes its cpu_map array based on
num_possible_cpus(). However, that can be a value that is less
than the highest cpu id bit that is set. As such, if a thread
runs on a cpu with a larger cpu id, or for_each_possible_cpu()
is used, the driver could index off the end of the array and
return garbage or GPF.

The driver maintains it's own internal copy of the "num_possible"
cpu value and sizes arrays by it.

Fix by setting the driver's value to the value of the last cpu id
bit set in the possible_mask - plus 1. Thus cpu_map will be sized
to allow access by any cpu id possible.

Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <jsmart2021@gmail.com>
---
 drivers/scsi/lpfc/lpfc_init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Ewan Milne Nov. 21, 2019, 10:11 p.m. UTC | #1 
On Thu, 2019-11-21 at 09:55 -0800, James Smart wrote:
> Currently the lpfc driver sizes its cpu_map array based on
> num_possible_cpus(). However, that can be a value that is less
> than the highest cpu id bit that is set. As such, if a thread
> runs on a cpu with a larger cpu id, or for_each_possible_cpu()
> is used, the driver could index off the end of the array and
> return garbage or GPF.
> 
> The driver maintains it's own internal copy of the "num_possible"
> cpu value and sizes arrays by it.
> 
> Fix by setting the driver's value to the value of the last cpu id
> bit set in the possible_mask - plus 1. Thus cpu_map will be sized
> to allow access by any cpu id possible.
> 
> Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
> Signed-off-by: James Smart <jsmart2021@gmail.com>
> ---
>  drivers/scsi/lpfc/lpfc_init.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
> index e9323889f199..cd83617354a1 100644
> --- a/drivers/scsi/lpfc/lpfc_init.c
> +++ b/drivers/scsi/lpfc/lpfc_init.c
> @@ -6460,7 +6460,7 @@ lpfc_sli4_driver_resource_setup(struct lpfc_hba *phba)
>  	u32 if_fam;
>  
>  	phba->sli4_hba.num_present_cpu = lpfc_present_cpu;
> -	phba->sli4_hba.num_possible_cpu = num_possible_cpus();
> +	phba->sli4_hba.num_possible_cpu = cpumask_last(cpu_possible_mask) + 1;
>  	phba->sli4_hba.curr_disp_cpu = 0;
>  	lpfc_cpumask_of_node_init(phba);
>  

Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Martin K. Petersen Nov. 22, 2019, 1:51 a.m. UTC | #2 
James,

> Currently the lpfc driver sizes its cpu_map array based on
> num_possible_cpus(). However, that can be a value that is less than
> the highest cpu id bit that is set. As such, if a thread runs on a cpu
> with a larger cpu id, or for_each_possible_cpu() is used, the driver
> could index off the end of the array and return garbage or GPF.

Applied to 5.5/scsi-queue, thanks.
diff mbox series

Patch

diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
index e9323889f199..cd83617354a1 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -6460,7 +6460,7 @@  lpfc_sli4_driver_resource_setup(struct lpfc_hba *phba)
 	u32 if_fam;
 
 	phba->sli4_hba.num_present_cpu = lpfc_present_cpu;
-	phba->sli4_hba.num_possible_cpu = num_possible_cpus();
+	phba->sli4_hba.num_possible_cpu = cpumask_last(cpu_possible_mask) + 1;
 	phba->sli4_hba.curr_disp_cpu = 0;
 	lpfc_cpumask_of_node_init(phba);