On 2017年10月31日 23:23, Bart Van Assche wrote:
On Tue, 2017-10-31 at 15:39 +0800, Hongxu Jia wrote:
Since we split the scsi_request out of struct request, while the
standard prep_rq_fn builds 10 byte cmds, it missed to invoke
scsi_req_init() to initialize certain fields of a scsi_request
structure (.__cmd[], .cmd, .cmd_len and .sense_len but no other
members of struct scsi_request).
An example panic on virtual machines (qemu/virtualbox) to boot
from IDE cdrom:
...
[ 8.754381] Call Trace:
[ 8.755419] blk_peek_request+0x182/0x2e0
[ 8.755863] blk_fetch_request+0x1c/0x40
[ 8.756148] ? ktime_get+0x40/0xa0
[ 8.756385] do_ide_request+0x37d/0x660
[ 8.756704] ? cfq_group_service_tree_add+0x98/0xc0
[ 8.757011] ? cfq_service_tree_add+0x1e5/0x2c0
[ 8.757313] ? ktime_get+0x40/0xa0
[ 8.757544] __blk_run_queue+0x3d/0x60
[ 8.757837] queue_unplugged+0x2f/0xc0
[ 8.758088] blk_flush_plug_list+0x1f4/0x240
[ 8.758362] blk_finish_plug+0x2c/0x40
...
[ 8.770906] RIP: ide_cdrom_prep_fn+0x63/0x180 RSP: ffff92aec018bae8
[ 8.772329] ---[ end trace 6408481e551a85c9 ]---
...
With which kernel version did you encounter this kernel panic? IDE CD-ROM
access works fine here from inside qemu with kernel v4.14.0-rc6.
I also compiled with kernel 4.14.0-rc6, and it failed.
Ubuntu 17.10, Fedora 27 do not have the same issue,
because they disable ide and use ata piix to instead.
Ubuntu 17.10, kernel 4.13.0-16
vim /boot/config-4.13.0-16-generic
...
# CONFIG_IDE is not set
CONFIG_ATA_PIIX=y
...
Fedora 27, kernel 4.13.5
vi /boot/config-4.13.5-300.fc27.x86_64
...
# CONFIG_IDE is not set
CONFIG_ATA_PIIX=y
...
With above config, the boot log has
...
[ 4.352505] ata2.00: ATAPI: QEMU DVD-ROM, 2.5+, max UDMA/100
[ 4.354875] ata2.00: configured for MWDMA2
[ 4.385692] scsi 1:0:0:0: CD-ROM QEMU QEMU DVD-ROM
2.5+ PQ: 0 ANSI: 5
[ 4.398879] sr 1:0:0:0: [sr0] scsi3-mmc drive: 4x/4x cd/rw xa/form2 tray
[ 4.399875] cdrom: Uniform CD-ROM driver Revision: 3.20
...
If apply this fix and enable ide, the boot log has
...
[ 5.337407] hdc: QEMU DVD-ROM, ATAPI CD/DVD-ROM drive
[ 5.967310] hdc: MWDMA2 mode selected
[ 5.970682] ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
[ 5.972311] ide1 at 0x170-0x177,0x376 on irq 15
[ 5.979317] ide-gd driver 1.18
[ 5.980579] ide-cd driver 5.00
[ 5.996508] ide-cd: hdc: ATAPI 4X DVD-ROM drive, 512kB Cache
[ 5.997926] cdrom: Uniform CD-ROM driver Revision: 3.20
...
What about your kernel config and boot log?
Without this fix and enable ide, the boot log failed:
...
Loading /vmlinuz... ok
Loading /initrd...ok
[ 0.000000] Linux version 4.14.0-rc6-yocto-standard (oe-user@oe-host)
(gcc version 7.2.0 (GCC)) #112 SMP PREEMPT Wed Nov 1 09:14:09 CST 2017
[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz initrd=/initrd
LABEL=boot root=/dev/ram0 console=ttyS0,115200 debugshell
[ 0.000000] x86/fpu: x87 FPU will use FXSAVE
...
[ 8.714028] BUG: unable to handle kernel NULL pointer dereference
at (null)
[ 8.715178] IP: ide_cdrom_prep_fn+0x63/0x180
[ 8.715557] PGD 0 P4D 0
[ 8.715935] Oops: 0002 [#1] PREEMPT SMP
[ 8.716488] Modules linked in:
[ 8.717043] CPU: 0 PID: 95 Comm: udevd Not tainted
4.14.0-rc6-yocto-standard #112
[ 8.717693] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014
[ 8.718807] task: ffff8b9a7ae42340 task.stack: ffff95bfc0104000
[ 8.719313] RIP: 0010:ide_cdrom_prep_fn+0x63/0x180
[ 8.719661] RSP: 0018:ffff95bfc0107ae8 EFLAGS: 00000002
[ 8.720203] RAX: 0000000000000002 RBX: ffff8b9a7b2eca88 RCX:
0000000000000000
[ 8.720780] RDX: 0000000000000000 RSI: ffff8b9a7ae6ea00 RDI:
000000000013b3fc
[ 8.721335] RBP: ffff95bfc0107ae8 R08: 0000000000000000 R09:
0000000000000020
[ 8.721846] R10: 0000000000000001 R11: 000000000c022540 R12:
ffff8b9a7ae6ea00
[ 8.722373] R13: ffff8b9a7b2eca88 R14: ffff8b9a7f8d7000 R15:
0000000000000000
[ 8.722946] FS: 00007f00f5068300(0000) GS:ffff8b9a7f200000(0000)
knlGS:0000000000000000
[ 8.723550] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8.723967] CR2: 0000000000000000 CR3: 000000003fa88000 CR4:
00000000000006f0
[ 8.724735] Call Trace:
[ 8.725769] blk_peek_request+0x182/0x2e0
[ 8.726199] blk_fetch_request+0x1c/0x40
[ 8.726506] ? _raw_spin_unlock_irq+0x23/0x30
[ 8.726932] do_ide_request+0x37d/0x660
[ 8.727254] ? cfq_group_service_tree_add+0x98/0xc0
[ 8.727651] ? cfq_service_tree_add+0x1e5/0x2c0
[ 8.728067] ? ktime_get+0x40/0xa0
[ 8.728361] __blk_run_queue+0x3d/0x60
[ 8.728675] queue_unplugged+0x2f/0xc0
[ 8.728994] blk_flush_plug_list+0x1f4/0x240
[ 8.729341] blk_finish_plug+0x2c/0x40
[ 8.729670] __do_page_cache_readahead+0x1bb/0x260
[ 8.730084] force_page_cache_readahead+0xb5/0x110
[ 8.730452] ? force_page_cache_readahead+0xb5/0x110
[ 8.730801] page_cache_sync_readahead+0x3f/0x50
[ 8.731157] generic_file_read_iter+0x52b/0x7d0
[ 8.731516] blkdev_read_iter+0x35/0x40
[ 8.731800] __vfs_read+0xc5/0x120
[ 8.732101] vfs_read+0x8e/0x110
[ 8.732441] SyS_read+0x46/0xb0
[ 8.732701] ? SyS_lseek+0x87/0xb0
[ 8.733001] entry_SYSCALL_64_fastpath+0x1a/0xa5
[ 8.733566] RIP: 0033:0x7f00f43d0891
[ 8.733858] RSP: 002b:00007ffc1a6b36b8 EFLAGS: 00000246 ORIG_RAX:
0000000000000000
[ 8.734500] RAX: ffffffffffffffda RBX: 00007ffc1a6b2600 RCX:
00007f00f43d0891
[ 8.735017] RDX: 0000000000000200 RSI: 00007ffc1a6b3770 RDI:
000000000000000c
[ 8.735558] RBP: 00007ffc1a6b2600 R08: 000055c3226a2d90 R09:
00007f00f413f250
[ 8.736101] R10: 000000000000006d R11: 0000000000000246 R12:
00007ffc1a6b3688
[ 8.736673] R13: 0000000000000000 R14: 0000000000000000 R15:
0000000000000000
[ 8.737262] Code: 2f 01 00 00 b9 01 00 00 00 bf 01 00 00 00 48 8b 46
70 48 99 48 f7 ff 48 89 c7 8b 46 68 31 d2 c1 e8 09 f7 f1 48 8b 8e 70 01
00 00 <48> c7 01 00 00 00 00 48 c7 41 08 00 00 00 00 f6 46 54 01 48 8b
[ 8.739018] RIP: ide_cdrom_prep_fn+0x63/0x180 RSP: ffff95bfc0107ae8
[ 8.739465] CR2: 0000000000000000
[ 8.740001] ---[ end trace b485b0fb1bcf1d88 ]---
[ 8.740756] note: udevd[95] exited with preempt_count 1
Entering debug shell...
/bin/sh: can't access tty; job control turned off
...
//Hongxu
Bart.
