Hello,
Recently I got a problem when I use virtual machines in Xen
virtualization, description just as follws.
Grant table and grant mapping were used for data communication with in
Xen front end driver and
back end driver. A delay work will be set up to release grant mapping
pages in
Callers of scsi_dh_activate(), e.g. dm-mpath, assume that this
function either returns an error code or calls the completion
function. Make alua_activate() call the completion function even
if scsi_device_get() fails.
Signed-off-by: Bart Van Assche
Cc: Hannes Reinecke
Do not queue ALUA work nor call scsi_device_put() if the scsi_device_get()
call fails. This patch fixes the following crash:
general protection fault: [#1] SMP
RIP: 0010:scsi_device_put+0xb/0x30
Call Trace:
scsi_disk_put+0x2d/0x40
sd_release+0x3d/0xb0
__blkdev_put+0x29e/0x360
On Thu, 2017-03-16 at 23:00 +, Bart Van Assche wrote:
> The following crash only occurs with async aborts enabled:
>
> general protection fault: [#1] SMP
> RIP: 0010:scsi_device_put+0xb/0x30
> Call Trace:
> scsi_disk_put+0x2d/0x40
> sd_release+0x3d/0xb0
> __blkdev_put+0x29e/0x360
>
Hello Martin,
These three patches are what I came up with while I was chasing a
scsi_device_put() crash. Please consider these for inclusion in the
upstream kernel.
Thanks,
Bart.
Bart Van Assche (3):
scsi_dh_alua: Check scsi_device_get() return value
scsi_dh_alua: Ensure that
Callers must provide a valid port group to alua_rtpg_queue().
Issue a kernel warning if that is not the case.
Signed-off-by: Bart Van Assche
Cc: Hannes Reinecke
Cc: Tang Junhui
---
drivers/scsi/device_handler/scsi_dh_alua.c | 2
Kefeng Wang writes:
Kefeng,
> root@localhost ~]# sg_modes -p 0x2a /dev/sr0
> QEMU QEMU DVD-ROM 0.15 peripheral_type: cd/dvd [0x5]
> Mode parameter header from MODE SENSE(10):
> Invalid block descriptor length=512, ignore
> Mode data length=36,
On Fri, 2017-03-17 at 18:55 +, Madhani, Himanshu wrote:
> On Mar 16, 2017, at 3:27 PM, Bart Van Assche
> wrote:
> > On Thu, 2017-03-16 at 14:40 -0700, Himanshu Madhani wrote:
> > > +static int
> > > +scsi_poll(struct blk_mq_hw_ctx *hctx, unsigned int tag)
> > > +
https://bugzilla.kernel.org/show_bug.cgi?id=194837
--- Comment #15 from Thorsten Leemhuis (regressi...@leemhuis.info) ---
Adam or somebody else: Can you please close this Bug to avoid confusion? There
clearly were some bugs in virtio_scsi, but those were already fixed.
But there are more bugs
Replace the open coded registration of the cdev and dev with the
new device_add_cdev() helper. The helper replaces a common pattern by
taking the proper reference against the parent device and adding both
the cdev and the device.
In doing so we have to remove a guard statement from cdev_del,
but
Replace the open coded registration of the cdev and dev with the
new device_add_cdev() helper. The helper replaces a common pattern by
taking the proper reference against the parent device and adding both
the cdev and the device.
Signed-off-by: Logan Gunthorpe
Acked-by: Hans
Replace the open coded registration of the cdev and dev with the
new device_add_cdev() helper. The helper replaces a common pattern by
taking the proper reference against the parent device and adding both
the cdev and the device.
At the same time we cleanup the error path through device_probe
Hi Bart,
> On Mar 16, 2017, at 3:27 PM, Bart Van Assche
> wrote:
>
> On Thu, 2017-03-16 at 14:40 -0700, Himanshu Madhani wrote:
>> +static int
>> +scsi_poll(struct blk_mq_hw_ctx *hctx, unsigned int tag)
>> +
>> +{
>> +struct Scsi_Host *shost =
This is not as straightforward a conversion as the others
in this series. These drivers did not originally make use of
kobj.parent so they likely suffered from a use after free bug if
someone unregistered the devices while they are being used.
In order to make the conversions, switch from
This driver did not originally set kobj.parent so it likely had
potential a use after free bug which this patch fixes.
We convert from device_register to device_initialize/cdev_device_add.
While we are at it we use put_device instead of kfree (as recommended
by the device_initialize
Replace the open coded registration of the cdev and dev with the
new device_add_cdev() helper. The helper replaces a common pattern by
taking the proper reference against the parent device and adding both
the cdev and the device.
Signed-off-by: Logan Gunthorpe
Reviewed-by:
This driver did not set kobj.parent so it likely suffered from
a potential use after free race if the user unregistered the
device while it was in use.
This was not so straightforward a conversion but I think this patch
cleans up its probe's error path significantly.
This patch adds
Replace the open coded registration of the cdev and dev with the
new device_add_cdev() helper. The helper replaces a common pattern by
taking the proper reference against the parent device and adding both
the cdev and the device.
Signed-off-by: Logan Gunthorpe
Reviewed-by:
Hey,
This version of the series fixes the issue found by the kbuild test
robot with the rtc driver. I managed to reproduce the issue and this
series fixes the problem.
Logan
Changes since v4:
* Fix a kbuild robot issue with the rtc driver: the rtc driver sometimes
does not want to add the
Replace the open coded registration of the cdev and dev with the
new device_add_cdev() helper. The helper replaces a common pattern by
taking the proper reference against the parent device and adding both
the cdev and the device.
Signed-off-by: Logan Gunthorpe
Reviewed-by:
Credit for this patch goes is shared with Dan Williams [1]. I've
taken things one step further to make the helper function more
useful and clean up calling code.
There's a common pattern in the kernel whereby a struct cdev is placed
in a structure along side a struct device which manages the
From: Dan Williams
If device_add() fails, cleanup the cdev. Otherwise, we leak a kobj_map()
with a stale device number.
As Jason points out, there is a small possibility that userspace has
opened and mapped the device in the time between cdev_add() and the
device_add()
Replace the open coded registration of the cdev and dev with the
new device_add_cdev() helper in evdev, joydev and mousedev. The helper
replaces a common pattern by taking the proper reference against the
parent device and adding both the cdev and the device.
Signed-off-by: Logan Gunthorpe
From: Jason Gunthorpe
The use after free is not triggerable here because the cdev holds
the module lock and the only device_unregister is only triggered by
module unload, however make the change for consistency.
To make this work the cdev_del needs to move out
Very straightforward conversion to device_add_cdev. Drop cdev_add and
device_add and use cdev_device_add.
Signed-off-by: Logan Gunthorpe
---
drivers/pci/switch/switchtec.c | 11 ++-
1 file changed, 2 insertions(+), 9 deletions(-)
diff --git
Mostly straightforward, but we had to remove the rtc_dev_add/del_device
functions as they split up the cdev_add and the device_add.
Doing this also revealed that there was likely another subtle bug:
seeing cdev_add was done after device_register, the cdev probably
was not ready before device_add
This replaces the suspect looking cdev.kobj.parent lines with the
equivalent cdev_set_parent function. This is a straightforward change
that's largely cosmetic but it does push the kobj.parent ownership
into char_dev.c where it belongs.
Signed-off-by: Logan Gunthorpe
---
On 03/17/2017 01:04 AM, Xiubo Li wrote:
[...]
These days what I have gotten is that the unmap_mapping_range() could
be used.
At the same time I have deep into the mm code and fixed the double
usage of
the data blocks and possible page fault call trace bugs mentioned above.
Following is the V3
On Fri, 2017-03-17 at 05:54 -0700, James Bottomley wrote:
> So it's better to use the module without a reference in place and take
> the risk that it may exit and release its code area while we're calling
> it?
Hello James,
My understanding of scsi_device_get() / scsi_device_put() is that the
Included in the current storvsc driver for Hyper-V is the ability
to access luns on an FC fabric via a virtualized fiber channel
adapter exposed by the Hyper-V host. The driver also attaches to
the FC transport to allow host and port names to be published under
/sys/class/fc_host/hostX. Current
On Thu, 2017-03-16 at 23:19 +, Bart Van Assche wrote:
> On Thu, 2017-03-16 at 15:53 -0700, James Bottomley wrote:
> > On Thu, 2017-03-16 at 13:56 -0700, Bart Van Assche wrote:
> > > scsi_target_unblock() must unblock SCSI devices even if this
> > > function
> > > is called after unloading of
Currently with '--wwn' flag, 128-bit wwns gets truncated and their
last 3 hex-digits missing. Below is a comparison of wwn reported by
lsscsi compared to wwn info at /dev/disk/by-id directory.
% lsscsi -w 0:0:5:0
[0:0:5:0]disk0x60050764008181941 /dev/sdad
% ls -l
On Fri, Mar 17, 2017 at 10:08:40AM +0530, Vaibhav Jain wrote:
> ---
> src/lsscsi.c | 8
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/src/lsscsi.c b/src/lsscsi.c
> index 974b3f1..f20adcf 100644
> --- a/src/lsscsi.c
> +++ b/src/lsscsi.c
> @@ -210,8 +210,8 @@ struct
On Fri, Mar 17, 2017 at 12:48 AM, Martin K. Petersen
wrote:
> Peter Chang writes:
>
> Applied to 4.11/scsi-fixes.
>
> Thanks!
>
> --
> Martin K. Petersen Oracle Linux Engineering
Hi,
Can you point to the commit/tree? I don't see it here:
Currently with '--wwn' flag, 128-bit wwns gets truncated and their
last 3 hex-digits missing. Below is a comparison of wwn reported by
lsscsi compared to wwn info at /dev/disk/by-id directory.
% lsscsi -w 0:0:5:0
[0:0:5:0]disk0x60050764008181941 /dev/sdad
% ls -l
36 matches
Mail list logo