Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Not a Bug
Priority: Critical
Fix Version/s: rhel-8.10.z
Affects Version/s: rhel-8.10
Component/s: iscsi-initiator-utils
Labels:
None

Regression:
No
Severity:
None
Commit Hashes:

Hide
commit db22de3eb0352d2f8e7cda08f3fa65690e3fd64d
Author: Bart Van Assche <bvanassche@acm.org>
Date: Fri Feb 18 11:50:53 2022 -0800

    scsi: iscsi: Stop using the SCSI pointer

    Instead of storing the iSCSI task pointer and the session age in the SCSI
    pointer, use command-private variables. This patch prepares for removal of
    the SCSI pointer from struct scsi_cmnd.

    The list of iSCSI drivers has been obtained as follows:
    $ git grep -lw iscsi_host_alloc
    drivers/infiniband/ulp/iser/iscsi_iser.c
    drivers/scsi/be2iscsi/be_main.c
    drivers/scsi/bnx2i/bnx2i_iscsi.c
    drivers/scsi/cxgbi/libcxgbi.c
    drivers/scsi/iscsi_tcp.c
    drivers/scsi/libiscsi.c
    drivers/scsi/qedi/qedi_main.c
    drivers/scsi/qla4xxx/ql4_os.c
    include/scsi/libiscsi.h

    Note: it is not clear to me how the qla4xxx driver can work without this
    patch since it uses the scsi_cmnd::SCp.ptr member for two different
    purposes:
    - The qla4xxx driver uses this member to store a struct srb pointer.
    - libiscsi uses this member to store a struct iscsi_task pointer.

    Reviewed-by: Lee Duncan <lduncan@suse.com>
    Reviewed-by: Hannes Reinecke <hare@suse.de>
    Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
    Cc: Chris Leech <cleech@redhat.com>
    Cc: Sagi Grimberg <sagi@grimberg.me>
    Cc: Nilesh Javali <njavali@marvell.com>
    Cc: Manish Rangankar <mrangankar@marvell.com>
    Cc: Karen Xie <kxie@chelsio.com>
    Cc: Ketan Mukadam <ketan.mukadam@broadcom.com>
    Signed-off-by: Bart Van Assche <bvanassche@acm.org>

    iscsi

    Link: https://lore.kernel.org/r/20220218195117.25689-26-bvanassche@acm.org
    Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

Show
commit db22de3eb0352d2f8e7cda08f3fa65690e3fd64d Author: Bart Van Assche < bvanassche@acm.org > Date: Fri Feb 18 11:50:53 2022 -0800     scsi: iscsi: Stop using the SCSI pointer     Instead of storing the iSCSI task pointer and the session age in the SCSI     pointer, use command-private variables. This patch prepares for removal of     the SCSI pointer from struct scsi_cmnd.     The list of iSCSI drivers has been obtained as follows:     $ git grep -lw iscsi_host_alloc     drivers/infiniband/ulp/iser/iscsi_iser.c     drivers/scsi/be2iscsi/be_main.c     drivers/scsi/bnx2i/bnx2i_iscsi.c     drivers/scsi/cxgbi/libcxgbi.c     drivers/scsi/iscsi_tcp.c     drivers/scsi/libiscsi.c     drivers/scsi/qedi/qedi_main.c     drivers/scsi/qla4xxx/ql4_os.c     include/scsi/libiscsi.h     Note: it is not clear to me how the qla4xxx driver can work without this     patch since it uses the scsi_cmnd::SCp.ptr member for two different     purposes:     - The qla4xxx driver uses this member to store a struct srb pointer.     - libiscsi uses this member to store a struct iscsi_task pointer.     Reviewed-by: Lee Duncan < lduncan@suse.com >     Reviewed-by: Hannes Reinecke < hare@suse.de >     Reviewed-by: Himanshu Madhani < himanshu.madhani@oracle.com >     Cc: Chris Leech < cleech@redhat.com >     Cc: Sagi Grimberg < sagi@grimberg.me >     Cc: Nilesh Javali < njavali@marvell.com >     Cc: Manish Rangankar < mrangankar@marvell.com >     Cc: Karen Xie < kxie@chelsio.com >     Cc: Ketan Mukadam < ketan.mukadam@broadcom.com >     Signed-off-by: Bart Van Assche < bvanassche@acm.org >     iscsi     Link: https://lore.kernel.org/r/20220218195117.25689-26-bvanassche@acm.org     Signed-off-by: Martin K. Petersen < martin.petersen@oracle.com >

AssignedTeam:
rhel-storage-io-1
Sub-System Group:

ssg_platform_storage

Story Points:
None
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

After discovery of target tried to login to the target using "PDU offload initiator"

What is the impact of this issue to you?

Kernel panic observed on login attempt
[ 391.843499] cxgb4i:send_abort_req: csk 0x00000000bd525c0a,8,0x24c,64, snd_nxt 1330754164, 0x0.
[ 396.657995] libcxgbi:cxgbi_conn_alloc_pdu: conn 0x000000009d342a44. csk 0x00000000a80c1cf1, chelsio target, 0x5f465480.
[ 396.658163] general protection fault, probably for non-canonical address 0xffe7ff4e86eb0000: 0000 1 PREEMPT SMP PTI
[ 396.658170] CPU: 8 PID: 0 Comm: swapper/8 Kdump: loaded Tainted: G S OE 6.1.15 #1
[ 396.658173] Hardware name: Supermicro X10DRi/X10DRi, BIOS 2.0 12/28/2015
[ 396.658174] RIP: 0010:memcpy_erms+0x6/0x10
[ 396.658180] Code: cc cc cc cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 cc cc cc cc 66 90 48 89 f8 48 89 d1 <f3> a4 c3 cc cc cc cc 0f 1f 00 48 89 f8 48 83 fa 20 72 7e 40 38 fe
[ 396.658182] RSP: 0018:ffffba3ac6528b08 EFLAGS: 00010206
[ 396.658185] RAX: ffe7ff4e86eb0000 RBX: ffff91cdcb182508 RCX: 0000000000000024
[ 396.658186] RDX: 0000000000000024 RSI: ffff91cdc3e9c450 RDI: ffe7ff4e86eb0000
[ 396.658187] RBP: 0000000000000024 R08: 0000000000000024 R09: 0000000000000000
[ 396.658189] R10: ffffffffc0b0c9e0 R11: ffffba3ac6528b58 R12: 0000000000000024
[ 396.658190] R13: 0000000000000024 R14: ffff91cdc3e9c450 R15: ffff91cdcb182528
[ 396.658192] FS: 0000000000000000(0000) GS:ffff91d12fd00000(0000) knlGS:0000000000000000
[ 396.658193] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 396.658195] CR2: 00007f6bdd4714f4 CR3: 0000000603f90002 CR4: 00000000001706e0
[ 396.658196] Call Trace:
[ 396.658198] <IRQ>
[ 396.658200] iscsi_tcp_segment_recv+0x96/0x110 [libiscsi_tcp]
[ 396.658208] iscsi_tcp_recv_skb+0x1af/0x2c0 [libiscsi_tcp]
[ 396.658213] skb_read_pdu_data+0xb0/0x1c0 [libcxgbi]
[ 396.658223] rx_skb+0xc8/0x1d0 [libcxgbi]
[ 396.658230] cxgbi_conn_pdu_ready+0x19b/0x270 [libcxgbi]
[ 396.658236] do_rx_iscsi_cmp+0x278/0x350 [cxgb4i]
[ 396.658243] t4_uld_rx_lro_handler+0xec/0x2c0 [cxgb4i]
[ 396.658249] uldrx_handler+0x50/0xc0 [cxgb4]
[ 396.658266] process_responses+0x228/0x440 [cxgb4]
[ 396.658284] ? load_balance+0x144/0x6f0
[ 396.658289] napi_rx_handler+0x13/0x110 [cxgb4]
[ 396.658304] __napi_poll+0x2c/0x160
[ 396.658308] net_rx_action+0x296/0x350
[ 396.658311] ? __napi_schedule+0x79/0x90
[ 396.658313] __do_softirq+0xcb/0x2ac
[ 396.658317] __irq_exit_rcu+0xaf/0xe0
[ 396.658321] common_interrupt+0x80/0xa0
[ 396.658325] </IRQ>
[ 396.658326] <TASK>
[ 396.658327] asm_common_interrupt+0x22/0x40
[ 396.658329] RIP: 0010:cpuidle_enter_state+0xd8/0x400
[ 396.658332] Code: 49 89 c5 0f 1f 44 00 00 31 ff e8 33 25 8e ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 0c 03 00 00 31 ff e8 ac c0 94 ff fb 45 85 f6 <0f> 88 6e 01 00 00 49 63 d6 4c 2b 2c 24 48 8d 04 52 48 8d 04 82 49
[ 396.658334] RSP: 0018:ffffba3ac437fe80 EFLAGS: 00000202
[ 396.658335] RAX: ffff91d12fd30980 RBX: ffffda2aefd00000 RCX: 000000000000001f
[ 396.658337] RDX: 0000000000000008 RSI: 0000000024924be2 RDI: 0000000000000000
[ 396.658338] RBP: 0000000000000002 R08: 0000005c5aab0f78 R09: 0000000000000018
[ 396.658340] R10: 0000000000010e8d R11: 000000000001e237 R12: ffffffff8b2b63e0
[ 396.658341] R13: 0000005c5aab0f78 R14: 0000000000000002 R15: 0000000000000000
[ 396.658344] cpuidle_enter+0x29/0x40
[ 396.658346] cpuidle_idle_call+0x12c/0x1c0
[ 396.658349] do_idle+0x7b/0xe0
[ 396.658352] cpu_startup_entry+0x19/0x20
[ 396.658354] start_secondary+0x10f/0x130
[ 396.658357] secondary_startup_64_no_verify+0xe5/0xeb
[ 396.658362] </TASK>
[ 396.658363] Modules linked in: iscsi_tcp cxgb4i(OE) libcxgbi(OE) cxgb4(OE) libiscsi_tcp libiscsi scsi_transport_iscsi nf_tables libcrc32c nfnetlink isofs cdrom loop qrtr rfkill sunrpc dm_multipath intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp iTCO_wdt iTCO_vendor_support kvm_intel ib_uverbs kvm rdma_cm irqbypass iw_cm ipmi_ssif rapl ib_cm intel_cstate ib_core joydev intel_uncore pcspkr mei_me mei i2c_i801 mxm_wmi ioatdma i2c_smbus lpc_ich acpi_ipmi ipmi_si ipmi_devintf ipmi_msghandler acpi_pad acpi_power_meter dm_mod ext4 mbcache jbd2 sd_mod t10_pi ast sg drm_vram_helper drm_kms_helper syscopyarea crct10dif_pclmul crc32_pclmul sysfillrect crc32c_intel sysimgblt ahci fb_sys_fops libahci drm_ttm_helper ttm igb ghash_clmulni_intel drm dca libata tls scsi_transport_fc i2c_algo_bit wmi fuse [last unloaded: cxgb4]

Please provide the package NVR for which the bug is seen:

How reproducible is this bug?:

everytime

Steps to reproduce

On Target

loaded cxgbit and brought up the chelsio port0 with IP assignment
$ modprobe -v cxgbit
Created a single offload target with a single lun

On Initiator

loaded cxgb4i and brought up the chelsio port0 with IP assignment.
$ modprobe -v cxgb4i
Discovered the target and tried to login to the target using "PDU offload initiator".

$ iscsiadm -m discovery -t st -p 10.1.1.85 -I cxgb4i.00:07:43:3f:65:60
10.1.1.85:3260,1 iqn.2022-07.org.chelsio.iscsi:target1

Observed kernel panic on the initiator during target login.

Expected results

No Kernel panic during initiator login

Actual results

Kernel panic during initiator login

Assignee:: Chris Leech

Reporter:: Sourabh Sagar

Need Info From:: Sourabh Sagar

Contributors:: Bharat Teja Potnuri, Showrya M N, Sourabh Sagar

Contributing Groups:: Chelsio Confidential Group

Developer:: Chris Leech

QA Contact:: Zhaojuan Guo

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/01/23 7:41 AM

Updated:: 2025/10/07 2:23 AM

Resolved:: 2025/02/17 7:42 PM

Details

Description

What were you trying to do that didn't work?

What is the impact of this issue to you?

Please provide the package NVR for which the bug is seen:

How reproducible is this bug?:

Steps to reproduce

Expected results

Actual results

Attachments

Easy Agile Planning Poker

Activity

People

Dates