From patchwork Wed May 31 06:04:35 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Smart <jsmart2021@gmail.com>
X-Patchwork-Id: 9755863
Return-Path: <linux-scsi-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	46805602CC for <patchwork-linux-scsi@patchwork.kernel.org>;
	Wed, 31 May 2017 06:05:11 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 396352654B
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Wed, 31 May 2017 06:05:11 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2E57028307; Wed, 31 May 2017 06:05:11 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.5 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C0273265B9
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Wed, 31 May 2017 06:05:10 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751078AbdEaGFK (ORCPT
	<rfc822;patchwork-linux-scsi@patchwork.kernel.org>);
	Wed, 31 May 2017 02:05:10 -0400
Received: from mail-qk0-f195.google.com ([209.85.220.195]:36486 "EHLO
	mail-qk0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751069AbdEaGFH (ORCPT
	<rfc822; linux-scsi@vger.kernel.org>); Wed, 31 May 2017 02:05:07 -0400
Received: by mail-qk0-f195.google.com with SMTP id y128so733425qka.3
	for <linux-scsi@vger.kernel.org>;
	Tue, 30 May 2017 23:05:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=vlXTW3RSfNy2XfXhzqs43EFgtCUMtZ404/Mp3sHqsaI=;
	b=nTlC57wClLPnVqBUTNThGPtjQH/MTRwgmydIaLlPVCvV+kAj5eC62kxGDCgam9Ax9k
	7w/uorfmDogbwU+CRQFz0E/SGSinhTRq9RzY6la+cPiCxxBv/aJ66RZRfkzy/8+/isMK
	gO7jXN6nCo5PGa5+Z4v71CSW0k5Y3SP01d+ljmTe+6ueYFMIRLUIUxOMh0auUjwaKjhX
	oTYd8AwBAbtCXXhSOnYa4I2+6WWxtERnArNvjvJirAXQI/vy5MEjDGPPCF8YIfV160s2
	NlzMTz1pN7G1+ZQefo9vLF03m+qvS5i9Zeh1GfiQi9aT24QdzDl1QR4k/rj6DFpWMGFp
	ZfJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=vlXTW3RSfNy2XfXhzqs43EFgtCUMtZ404/Mp3sHqsaI=;
	b=az9U3yRItH8aGU2Gh0a6BlRBlwzN4J2kLV1c0wjuC7FOMjiuizcaubcIoxSwf89Vkd
	TWQ8YAbTkyhFTc5Kq89QArHZjwXYghJX1YnJT6NeSsKYaf3Le2xN6rKWYjQmkVD0dw6M
	iVLD7U697yMdyygfk62XApr2owcx94AWNCrxiyK3w+XeW7KWUlFa7ZleN5fTK/h/ZtlI
	LiPkYN5AapNax6YAWlPOCQFEFgctRRG4VzeBDAenRn3NLHZtIte+DhbYLGWH2LQDw7dK
	HrJpyEmPIvEdhUwPY6dfbaN/gFPAZz3Md0s68dVfpA1DJZa36+4sr+TYzETeXOwSV4wt
	Be/g==
X-Gm-Message-State: AODbwcC39xeHGGEqAgtCCAtMvNEbJUMF2SRgzUm+ipBRsDyDYRzLsta7
	Ei1OsF53EmDYM2ed
X-Received: by 10.55.69.72 with SMTP id s69mr26354634qka.175.1496210706890;
	Tue, 30 May 2017 23:05:06 -0700 (PDT)
Received: from localhost.localdomain ([192.19.224.250])
	by smtp.gmail.com with ESMTPSA id
	28sm10066433qtm.47.2017.05.30.23.05.05
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 30 May 2017 23:05:06 -0700 (PDT)
From: James Smart <jsmart2021@gmail.com>
To: linux-scsi@vger.kernel.org
Cc: James Smart <jsmart2021@gmail.com>,
	Dick Kennedy <dick.kennedy@broadcom.com>,
	James Smart <james.smart@broadcom.com>
Subject: [PATCH 11/15] lpfc: Fix System panic after loading the driver
Date: Tue, 30 May 2017 23:04:35 -0700
Message-Id: <20170531060439.2073-12-jsmart2021@gmail.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20170531060439.2073-1-jsmart2021@gmail.com>
References: <20170531060439.2073-1-jsmart2021@gmail.com>
Sender: linux-scsi-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-scsi.vger.kernel.org>
X-Mailing-List: linux-scsi@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

System panic with general protection fault during driver load

The driver uses a static array sli4_hba.handler_name
to store the irq handler names. If the io_channel_irqs
exceeds the pre-allocated size (32+1), then the driver
will overwrite other fields of sli4_hba.

Fix: Dynamically allocate handler_name.

Signed-off-by: Dick Kennedy <dick.kennedy@broadcom.com>
Signed-off-by: James Smart <james.smart@broadcom.com>
---
 drivers/scsi/lpfc/lpfc_init.c | 11 ++++++-----
 drivers/scsi/lpfc/lpfc_sli4.h |  4 ++--
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
index 3064f0768033..a825806036c3 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
@@ -9665,6 +9665,7 @@ static int
 lpfc_sli4_enable_msix(struct lpfc_hba *phba)
 {
 	int vectors, rc, index;
+	char *name;
 
 	/* Set up MSI-X multi-message vectors */
 	vectors = phba->io_channel_irqs;
@@ -9683,9 +9684,9 @@ lpfc_sli4_enable_msix(struct lpfc_hba *phba)
 
 	/* Assign MSI-X vectors to interrupt handlers */
 	for (index = 0; index < vectors; index++) {
-		memset(&phba->sli4_hba.handler_name[index], 0, 16);
-		snprintf((char *)&phba->sli4_hba.handler_name[index],
-			 LPFC_SLI4_HANDLER_NAME_SZ,
+		name = phba->sli4_hba.hba_eq_hdl[index].handler_name;
+		memset(name, 0, LPFC_SLI4_HANDLER_NAME_SZ);
+		snprintf(name, LPFC_SLI4_HANDLER_NAME_SZ,
 			 LPFC_DRIVER_HANDLER_NAME"%d", index);
 
 		phba->sli4_hba.hba_eq_hdl[index].idx = index;
@@ -9694,12 +9695,12 @@ lpfc_sli4_enable_msix(struct lpfc_hba *phba)
 		if (phba->cfg_fof && (index == (vectors - 1)))
 			rc = request_irq(pci_irq_vector(phba->pcidev, index),
 				 &lpfc_sli4_fof_intr_handler, 0,
-				 (char *)&phba->sli4_hba.handler_name[index],
+				 name,
 				 &phba->sli4_hba.hba_eq_hdl[index]);
 		else
 			rc = request_irq(pci_irq_vector(phba->pcidev, index),
 				 &lpfc_sli4_hba_intr_handler, 0,
-				 (char *)&phba->sli4_hba.handler_name[index],
+				 name,
 				 &phba->sli4_hba.hba_eq_hdl[index]);
 		if (rc) {
 			lpfc_printf_log(phba, KERN_WARNING, LOG_INIT,
diff --git a/drivers/scsi/lpfc/lpfc_sli4.h b/drivers/scsi/lpfc/lpfc_sli4.h
index cf863db27700..28b75e08e044 100644
--- a/drivers/scsi/lpfc/lpfc_sli4.h
+++ b/drivers/scsi/lpfc/lpfc_sli4.h
@@ -407,8 +407,10 @@ struct lpfc_max_cfg_param {
 
 struct lpfc_hba;
 /* SLI4 HBA multi-fcp queue handler struct */
+#define LPFC_SLI4_HANDLER_NAME_SZ	16
 struct lpfc_hba_eq_hdl {
 	uint32_t idx;
+	char handler_name[LPFC_SLI4_HANDLER_NAME_SZ];
 	struct lpfc_hba *phba;
 	atomic_t hba_eq_in_use;
 	struct cpumask *cpumask;
@@ -480,7 +482,6 @@ struct lpfc_sli4_lnk_info {
 
 #define LPFC_SLI4_HANDLER_CNT		(LPFC_HBA_IO_CHAN_MAX+ \
 					 LPFC_FOF_IO_CHAN_NUM)
-#define LPFC_SLI4_HANDLER_NAME_SZ	16
 
 /* Used for IRQ vector to CPU mapping */
 struct lpfc_vector_map_info {
@@ -548,7 +549,6 @@ struct lpfc_sli4_hba {
 	uint32_t ue_to_rp;
 	struct lpfc_register sli_intf;
 	struct lpfc_pc_sli4_params pc_sli4_params;
-	uint8_t handler_name[LPFC_SLI4_HANDLER_CNT][LPFC_SLI4_HANDLER_NAME_SZ];
 	struct lpfc_hba_eq_hdl *hba_eq_hdl; /* HBA per-WQ handle */
 
 	/* Pointers to the constructed SLI4 queues */