• Hariprasad S's avatar
    RDMA/iw_cxgb4: Fix bar2 virt addr calculation for T4 chips · 2b2da6e1
    Hariprasad S authored
    commit 32cc92c7 upstream.
    
    For T4, kernel mode qps don't use the user doorbell. User mode qps during
    flow control db ringing are forced into kernel, where user doorbell is
    treated as kernel doorbell and proper bar2 offset in bar2 virtual space is
    calculated, which incase of T4 is a bogus address, causing a kernel panic
    due to illegal write during doorbell ringing.
    In case of T4, kernel mode qp bar2 virtual address should be 0. Added T4
    check during bar2 virtual address calculation to return 0. Fixed Bar2
    range checks based on bar2 physical address.
    
    The below oops will be fixed
    
      <1>BUG: unable to handle kernel paging request at 000000000002aa08
      <1>IP: [<ffffffffa011d800>] c4iw_uld_control+0x4e0/0x880 [iw_cxgb4]
      <4>PGD 1416a8067 PUD 15bf35067 PMD 0
      <4>Oops: 0002 [#1] SMP
      <4>last sysfs file:
      /sys/devices/pci0000:00/0000:00:03.0/0000:02:00.4/infiniband/cxgb4_0/node_guid
      <4>CPU 5
      <4>Modules linked in: rdma_ucm rdma_cm ib_cm ib_sa ib_mad ib_uverbs
      ip6table_filter ip6_tables ebtable_nat ebtables ipt_MASQUERADE
      iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack
      ipt_REJECT xt_CHECKSUM iptable_mangle iptable_filter ip_tables bridge autofs4
      target_core_iblock target_core_file target_core_pscsi target_core_mod
      configfs bnx2fc cnic uio fcoe libfcoe libfc scsi_transport_fc scsi_tgt 8021q
      garp stp llc cpufreq_ondemand acpi_cpufreq freq_table mperf vhost_net macvtap
      macvlan tun kvm uinput microcode iTCO_wdt iTCO_vendor_support sg joydev
      serio_raw i2c_i801 i2c_core lpc_ich mfd_core e1000e ptp pps_core ioatdma dca
      i7core_edac edac_core shpchp ext3 jbd mbcache sd_mod crc_t10dif pata_acpi
      ata_generic ata_piix iw_cxgb4 iw_cm ib_core ib_addr cxgb4 ipv6 dm_mirror
      dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan]
      <4>
      Supermicro X8ST3/X8ST3
      <4>RIP: 0010:[<ffffffffa011d800>]  [<ffffffffa011d800>]
      c4iw_uld_control+0x4e0/0x880 [iw_cxgb4]
      <4>RSP: 0000:ffff880155a03db0  EFLAGS: 00010006
      <4>RAX: 000000000000001d RBX: ffff88013ae5fc00 RCX: ffff880155adb180
      <4>RDX: 000000000002aa00 RSI: 0000000000000001 RDI: ffff88013ae5fdf8
      <4>RBP: ffff880155a03e10 R08: 0000000000000000 R09: 0000000000000001
      <4>R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
      <4>R13: 000000000000001d R14: ffff880156414ab0 R15: ffffe8ffffc05b88
      <4>FS:  0000000000000000(0000) GS:ffff8800282a0000(0000) knlGS:0000000000000000
      <4>CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
      <4>CR2: 000000000002aa08 CR3: 000000015bd0e000 CR4: 00000000000007e0
      <4>DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      <4>DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
      <4>Process cxgb4 (pid: 394, threadinfo ffff880155a00000, task ffff880156414ab0)
      <4>Stack:
      <4> ffff880156415068 ffff880155adb180 ffff880155a03df0 ffffffffa00a344b
      <4><d> 00000000000003e8 ffff880155920000 0000000000000004 ffff880155920000
      <4><d> ffff88015592d438 ffffffffa00a3860 ffff880155a03fd8 ffffe8ffffc05b88
      <4>Call Trace:
      <4> [<ffffffffa00a344b>] ? enable_txq_db+0x2b/0x80 [cxgb4]
      <4> [<ffffffffa00a3860>] ? process_db_full+0x0/0xa0 [cxgb4]
      <4> [<ffffffffa00a38a6>] process_db_full+0x46/0xa0 [cxgb4]
      <4> [<ffffffff8109fda0>] worker_thread+0x170/0x2a0
      <4> [<ffffffff810a6aa0>] ? autoremove_wake_function+0x0/0x40
      <4> [<ffffffff8109fc30>] ? worker_thread+0x0/0x2a0
      <4> [<ffffffff810a660e>] kthread+0x9e/0xc0
      <4> [<ffffffff8100c28a>] child_rip+0xa/0x20
      <4> [<ffffffff810a6570>] ? kthread+0x0/0xc0
      <4> [<ffffffff8100c280>] ? child_rip+0x0/0x20
      <4>Code: e9 ba 00 00 00 66 0f 1f 44 00 00 44 8b 05 29 07 02 00 45 85 c0 0f 85
      71 02 00 00 8b 83 70 01 00 00 45 0f b7 ed c1 e0 0f 44 09 e8 <89> 42 08 0f ae f8
      66 c7 83 82 01 00 00 00 00 44 0f b7 ab dc 01
      <1>RIP  [<ffffffffa011d800>] c4iw_uld_control+0x4e0/0x880 [iw_cxgb4]
      <4> RSP <ffff880155a03db0>
      <4>CR2: 000000000002aa08`
    
    Based on original work by Bharat Potnuri <bharat@chelsio.com>
    
    Fixes: 74217d4c ("iw_cxgb4: support for bar2 qid densities exceeding the page size")
    Signed-off-by: default avatarSteve Wise <swise@opengridcomputing.com>
    Signed-off-by: default avatarHariprasad Shenai <hariprasad@chelsio.com>
    Reviewed-by: default avatarLeon Romanovsky <leon@leon.nu>
    Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    2b2da6e1
qp.c 50.5 KB