Re: [PATCH][SCSI] panic within ses.ko during insmod

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, May 10, 2012 at 1:48 PM, Mark Salyzyn <mark_salyzyn@xxxxxxxxxxx> wrote:
> Rarely, ses.ko load while scanning was taking place resulted in a panic. Discovered that the panic occurred while the inquiry field for a scsi device was NULL and an unprotected call to scsi_device_enclosure() occurred. Suggest that the inline function scsi_device_enclosure be modified, but for this panic, we can address this specific issue as outlined at the bottom of this patch submission.
>
> device BUG: unable to handle kernel NULL pointer dereference at 0000000000000006
> IP: [<ffffffffa00230f1>] ses_intf_add+0x2f1/0x5e0 [ses]

Wasn't this fixed by:

commit d1e12de804f9d8ad114786ca7c2ce593cba79891
Author: Krishnasamy, Somasundaram <Somasundaram.Krishnasamy@xxxxxxx>
Date:   Mon Feb 28 18:13:22 2011 -0500

    [SCSI] ses: Avoid kernel panic when lun 0 is not mapped

    During device discovery, scsi mid layer sends INQUIRY command to LUN
    0. If the LUN 0 is not mapped to host, it creates a temporary
    scsi_device with LUN id 0 and sends REPORT_LUNS command to it. After
    the REPORT_LUNS succeeds, it walks through the LUN table and adds each
    LUN found to sysfs. At the end of REPORT_LUNS lun table scan, it will
    delete the temporary scsi_device of LUN 0.

    When scsi devices are added to sysfs, it calls add_dev function of all
    the registered class interfaces. If ses driver has been registered,
    ses_intf_add() of ses module will be called. This function calls
    scsi_device_enclosure() to check the inquiry data for EncServ
    bit. Since inquiry was not allocated for temporary LUN 0 scsi_device,
    it will cause NULL pointer exception.

    To fix the problem, sdev->inquiry is checked for NULL before reading it.

    Signed-off-by: Somasundaram Krishnasamy <Somasundaram.Krishnasamy@xxxxxxx>
    Signed-off-by: Babu Moger <babu.moger@xxxxxxx>
    Cc: stable@xxxxxxxxxx
    Signed-off-by: James Bottomley <James.Bottomley@xxxxxxx>

diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
index f171c65..2d3ec50 100644
--- a/include/scsi/scsi_device.h
+++ b/include/scsi/scsi_device.h
@@ -462,7 +462,7 @@ static inline int scsi_device_qas(struct scsi_device *sdev)
 }
 static inline int scsi_device_enclosure(struct scsi_device *sdev)
 {
-       return sdev->inquiry[6] & (1<<6);
+       return sdev->inquiry ? (sdev->inquiry[6] & (1<<6)) : 1;
 }

 static inline int scsi_device_protection(struct scsi_device *sdev)
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]
  Powered by Linux