Re: BUG: Null deref with pscsi backstore, iscsi fabric, and Windows XP initiator

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Nicholas A. Bellinger wrote:
> 
> Based upon your trace, I'm pretty certain this is related to the two old
> pSCSI specific hacks in target_core_pscsi.c:pscsi_complete_cmd() that
> manually set MODE_SENSE write_protect bit in the data payload, or
> sd->blocksize w/ MODE_SELECT for with TYPE_TAPE export.   The OOPsen
> here appears to be related to the former..
> 
> The following (untested) patch to stub out both of these cases should
> get you up and running with TYPE_ROM, and I think for modern pSCSI code
> we should be able to now just drop this section all together..
> 
> Please give it a shot and let us know if your able to get pSCSI +
> TYPE_ROM export up and running on your setup.
> 
> Thanks for reporting!

Sadly, that patch does not fix the problem. Backtrace attached.
[  648.032480] BUG: unable to handle kernel NULL pointer dereference at 0000000000000064
[  648.032488] IP: [<ffffffff817dc121>] pscsi_transport_complete+0x11/0x20
[  648.032496] PGD 0 
[  648.032499] Oops: 0000 [#1] PREEMPT SMP 
[  648.032502] CPU 3 
[  648.032504] Modules linked in: intel_ips ppdev parport_pc parport pata_pcmcia pcmcia yenta_socket pcmcia_rsrc pcmcia_core
[  648.032514] 
[  648.032516] Pid: 185, comm: iscsi_trx Not tainted 3.5.0-00787-gd066c872 #5 Hewlett-Packard HP EliteBook 8540p/1521
[  648.032520] RIP: 0010:[<ffffffff817dc121>]  [<ffffffff817dc121>] pscsi_transport_complete+0x11/0x20
[  648.032523] RSP: 0018:ffff88022c2cdb98  EFLAGS: 00010082
[  648.032524] RAX: 0000000000000000 RBX: ffff880176828220 RCX: ffffffff817dc110
[  648.032526] RDX: 0000000000000212 RSI: ffff88020c084400 RDI: ffff880176828220
[  648.032527] RBP: ffff88022c2cdbd0 R08: 0000000000000000 R09: 000000000003f880
[  648.032529] R10: 0000000000000002 R11: 0000000000000001 R12: ffff880176828358
[  648.032530] R13: 0000000000000000 R14: ffff88022dbbd800 R15: 0000000000000286
[  648.032532] FS:  0000000000000000(0000) GS:ffff88023bcc0000(0000) knlGS:0000000000000000
[  648.032534] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  648.032535] CR2: 0000000000000064 CR3: 000000019627f000 CR4: 00000000000027e0
[  648.032537] DR0: 0000000000000001 DR1: 0000000000000002 DR2: 0000000000000001
[  648.032539] DR3: 000000000000000a DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  648.032541] Process iscsi_trx (pid: 185, threadinfo ffff88022c2cc000, task ffff88022ee02ea0)
[  648.032542] Stack:
[  648.032543]  ffffffff817cf4d8 ffff88022c2cdbc0 0000000000000800 ffff880176828220
[  648.032547]  ffff8801ad388af0 0000000000000010 0000000000000008 ffff88022c2cdc20
[  648.032550]  ffffffff817bd1f2 ffff88022c2cdc00 ffff88018a550000 ffff88022c2cdc00
[  648.032553] Call Trace:
[  648.032559]  [<ffffffff817cf4d8>] ? target_complete_cmd+0x78/0x1c0
[  648.032565]  [<ffffffff817bd1f2>] target_report_luns+0xf2/0x130
[  648.032568]  [<ffffffff817d32fd>] __transport_execute_tasks+0x4d/0x130
[  648.032572]  [<ffffffff817d3425>] transport_execute_tasks+0x45/0x190
[  648.032575]  [<ffffffff817d35de>] transport_generic_new_cmd+0x5e/0x3a0
[  648.032578]  [<ffffffff817d396d>] transport_handle_cdb_direct+0x4d/0xb0
[  648.032584]  [<ffffffff817e9fdc>] iscsit_execute_cmd+0x24c/0x2a0
[  648.032587]  [<ffffffff817f1c05>] iscsit_sequence_cmd+0xb5/0x180
[  648.032590]  [<ffffffff817f5586>] iscsit_handle_scsi_cmd+0x3a6/0xa60
[  648.032593]  [<ffffffff817f6640>] ? iscsit_thread_get_cpumask+0x90/0x90
[  648.032596]  [<ffffffff817f6cab>] iscsi_target_rx_thread+0x66b/0x1980
[  648.032600]  [<ffffffff8104257b>] ? __switch_to+0x12b/0x420
[  648.032605]  [<ffffffff81dd8af9>] ? sub_preempt_count+0x59/0x60
[  648.032608]  [<ffffffff817f6640>] ? iscsit_thread_get_cpumask+0x90/0x90
[  648.032614]  [<ffffffff810c9363>] kthread+0x93/0xa0
[  648.032619]  [<ffffffff81ddda34>] kernel_thread_helper+0x4/0x10
[  648.032622]  [<ffffffff810d5509>] ? finish_task_switch+0x49/0xe0
[  648.032628]  [<ffffffff81dd4de2>] ? _raw_spin_unlock_irq+0x22/0x50
[  648.032631]  [<ffffffff81dd56a1>] ? retint_restore_args+0x13/0x13
[  648.032634]  [<ffffffff810c92d0>] ? kthread_freezable_should_stop+0x70/0x70
[  648.032637]  [<ffffffff81ddda30>] ? gs_change+0x13/0x13
[  648.032638] Code: c7 c7 a0 9d 33 82 31 c0 bb f4 ff ff ff e8 09 79 5e 00 e9 73 ff ff ff 90 90 90 55 48 89 e5 66 66 66 66 90 48 8b 87 30 02 00 00 5d <8b> 40 64 d1 e8 83 e0 01 c3 66 0f 1f 44 00 00 55 48 89 e5 66 66 
[  648.032672] RIP  [<ffffffff817dc121>] pscsi_transport_complete+0x11/0x20
[  648.032675]  RSP <ffff88022c2cdb98>
[  648.032676] CR2: 0000000000000064
[  648.070771] ---[ end trace 4ec719f5961f28d8 ]---
[Index of Archives]     [Linux SCSI]     [Kernel Newbies]     [Linux SCSI Target Infrastructure]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Device Mapper]

  Powered by Linux