Re: [PATCH] BNX2I: Fixed kernel panic due to illegal usage of sc->request->cpu

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 07/11/2011 01:14 PM, Eddie Wai wrote:
> A kernel panic was observed when passing the sc->request->cpu = -1 to
> retrieve the per_cpu variable pointer:
>  #0 [ffff880011203960] machine_kexec at ffffffff81022bc3
>  #1 [ffff8800112039b0] crash_kexec at ffffffff81088630
>  #2 [ffff880011203a80] __die at ffffffff8139ea20
>  #3 [ffff880011203aa0] no_context at ffffffff8102f3a7
>  #4 [ffff880011203ae0] __bad_area_nosemaphore at ffffffff8102f665
>  #5 [ffff880011203ba0] retint_signal at ffffffff8139dd1f
>  #6 [ffff880011203cc8] bnx2i_indicate_kcqe at ffffffffa03dc4f2
>  #7 [ffff880011203da8] service_kcqes at ffffffffa03cb04f
>  #8 [ffff880011203e68] cnic_service_bnx2x_kcq at ffffffffa03cb14a
>  #9 [ffff880011203e88] cnic_service_bnx2x_bh at ffffffffa03cb1b3
> 
> The problem lies in the sg_io (and perhaps sg_scsi_ioctl) call to
> blk_get_request->get_request/wait->blk_alloc_request->blk_rq_init which
> re-initializes the request->cpu to -1.  There is no assignment for cpu from
> that to the request_fn call to low level drivers.
> 
> When this happens, the sc->request->cpu will be using the init value of
> -1.  This will create a kernel panic when it hits bnx2i because the code
> refers it to get the per_cpu variables ptr.
> 
> This change is to put in a guard against that and also for cases when
> CONFIG_SMP/BIO_CPU_AFFINE is not enabled.  In those cases, the cpu
> affinitization code would not get run in __make_request either; hence
> the request->cpu will remain a -1 also.
> 


> 
> diff --git a/drivers/scsi/bnx2i/bnx2i_iscsi.c b/drivers/scsi/bnx2i/bnx2i_iscsi.c
> index 5c55a75..622383d 100644
> --- a/drivers/scsi/bnx2i/bnx2i_iscsi.c
> +++ b/drivers/scsi/bnx2i/bnx2i_iscsi.c
> @@ -1225,6 +1225,10 @@ static int bnx2i_task_xmit(struct iscsi_task *task)
>  	if (!sc)
>  		return bnx2i_mtask_xmit(conn, task);
>  
> +	if (!blk_rq_cpu_valid(sc->request)) {
> +		sc->request->cpu = get_cpu();
> +		put_cpu();
> +	}


If I understand you right, then I think this needs to get fixed in the
block or scsi layer instead of each LLD.
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux