On 06/06/14 09:10, Nicholas A. Bellinger wrote:
> Hi Chris & Philip,
>
> On Thu, 2014-06-05 at 16:12 +0100, Chris Boot wrote:
>> Hi folks,
>>
>> Philip (CCed) discovered an OOPS during our testing. I narrowed it down
>> to the following three commands as a reduced test case:
>>
>> mkdir /sys/kernel/config/target/core/iblock_0
>> mkdir /sys/kernel/config/target/core/iblock_0/test
>> echo 1 >
>> /sys/kernel/config/target/core/iblock_0/test/alua/default_tg_pt_gp/alua_access_state
>>
>> This appears to happen on target_core_alua.c:1166 when
>> core_alua_do_port_transition() attempts to take the lu_gp_mem_lock. If
>> I'm reading the code right, the ALUA structures are only allocated in
>> target_configure_device(), which happens when the TCM LUN is enabled.
>>
>> core_alua_do_port_transition() should probably check for dev->dev_flags
>> |= DF_CONFIGURED before doing anything.
>>
>> Full OOPS output below:
>
> Thanks for the bug report.
>
> Applying the following patch to target-pending/master for v3.15 with a
> CC' to stable.
>
> --nab
>
> From ed3492f36bd0c74e908339fe2dfba5ceaaf86aa6 Mon Sep 17 00:00:00 2001
> From: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
> Date: Fri, 6 Jun 2014 00:52:57 -0700
> Subject: [PATCH 5/5] target: Fix alua_access_state attribute OOPs for
> un-configured devices
>
> This patch fixes a OOPs where an attempt to write to the per-device
> alua_access_state configfs attribute at:
>
> /sys/kernel/config/target/core/$HBA/$DEV/alua/$TG_PT_GP/alua_access_state
>
> results in an NULL pointer dereference when the backend device has not
> yet been configured.
>
> This patch adds an explicit check for DF_CONFIGURED, and fails with
> -ENODEV to avoid this case.
>
> Reported-by: Chris Boot <crb@xxxxxxxxxxxxxxxxxxxxx>
> Cc: Chris Boot <crb@xxxxxxxxxxxxxxxxxxxxx>
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Nicholas Bellinger <nab@xxxxxxxxxxxxxxx>
Tested-by: Chris Boot <crb@xxxxxxxxxxxxxxxxxxxxx>
Thanks,
Chris
> ---
> drivers/target/target_core_configfs.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/drivers/target/target_core_configfs.c b/drivers/target/target_core_configfs.c
> index 60a9ae6..bf55c5a 100644
> --- a/drivers/target/target_core_configfs.c
> +++ b/drivers/target/target_core_configfs.c
> @@ -2227,6 +2227,11 @@ static ssize_t target_core_alua_tg_pt_gp_store_attr_alua_access_state(
> " tg_pt_gp ID: %hu\n", tg_pt_gp->tg_pt_gp_valid_id);
> return -EINVAL;
> }
> + if (!(dev->dev_flags & DF_CONFIGURED)) {
> + pr_err("Unable to set alua_access_state while device is"
> + " not configured\n");
> + return -ENODEV;
> + }
>
> ret = kstrtoul(page, 0, &tmp);
> if (ret < 0) {
>
--
Chris Boot
bootc@xxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe target-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
