Hi James,
Sorry if you are not the right person for that but as far as I got no
directions from the mailing list and your email is on the MAINTAINER
file, I am trying to contact you directly.
I apologize for any inconvenience.
Regards
Daniel Debonzi
-------- Original Message --------
Subject: scsi_host_alloc does not check for used shost->host_no
Date: Fri, 11 Jul 2008 10:19:09 -0300
From: Daniel Debonzi <debonzi@xxxxxxxxxxxxxxxxxx>
To: linux-scsi@xxxxxxxxxxxxxxx
Hi everyone,
First of all, it is the first time I am sending something to one of the
kernel mail lists. So, if it is not the right place for that, if it is
not the only place for that, or I am doing something wrong, or wherever,
please, just let me know.
After a good time investigating why modprobe/rmmod pata_pdc2027x lots of
times was driven to a kernel panic I found out that the problem was on
scsi host layer (if I can call it like this).
In a brief explanation, every time a scsi host is allocated a shost
structure get an host_no attribute assigned an as far as I can see it
should be unique. The point is that this host_no value comes from a
variable that is incremented every time a scsi host is allocated and in
a first moment, we will not have two shost structs with the same
host_no. But for instance, when this always incremented variable
overflows, it does not work anymore and it can happen to have to
different shost structures with the same host_no.
I made a patch that solves the problem in a very simple way, but I don't
know how acceptable it is. I am sending it in attachment and any
feedback will be welcome.
Thanks
Daniel Debonzi
diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c
index c6457bf..2e191f4 100644
--- a/drivers/scsi/hosts.c
+++ b/drivers/scsi/hosts.c
@@ -310,7 +310,7 @@ struct device_type scsi_host_type = {
**/
struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize)
{
- struct Scsi_Host *shost;
+ struct Scsi_Host *shost, *tmp_shost;
gfp_t gfp_mask = GFP_KERNEL;
int rval;
@@ -332,7 +332,18 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize)
mutex_init(&shost->scan_mutex);
+ /*
+ * Look if host_no is not been used somewhere else. Is is used to
+ * happen when scsi_host_next_hn overflows and goes back to 0.
+ */
+ host_no_already_exists:
shost->host_no = scsi_host_next_hn++; /* XXX(hch): still racy */
+ if(!IS_ERR(tmp_shost = scsi_host_lookup(shost->host_no)))
+ {
+ scsi_host_put(tmp_shost);
+ goto host_no_already_exists;
+ }
+
shost->dma_channel = 0xff;
/* These three are default values which can be overridden */
