Re: How to increase RAID/HBA controller's timeout?
> Well, this looks more like the ATA error recovery not working properly; > libata-eh is trying to reset the link (that's the 'hard resetting link' > message), but after that the device doesn't respond (that's the 'failed > to IDENTIFY' message). > So it's not so much a wrong timeout, it's a wrong EH implementation. > We would need to check why mvsas hard reset is not working; I've seen a > similar issue on isci, but haven't been able to debug things properly. > So it might even be a generic libsas EH issue, and not related to mvsas > at all. > Thanks! Sadly I'm not familiar at all with this logic, what should I read up to be able to understand and investigate it more? When I'll have time I'll look into it. For now, I'll read from Documentation/scsi/* Also I need to update kernel first because this here right now is quite old one 4.6.2, maybe it's already fixed, but I've had seen this since atleast 4.2 Here a bit different log, but still same issue. [33537.921685] sas: Enter sas_scsi_recover_host busy: 1 failed: 1 [33537.921693] sas: trying to find task 0x880423288700 [33537.921697] sas: sas_scsi_find_task: aborting task 0x880423288700 [33537.921702] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1540:mvs_abort_task() mvi=88060784 task=880423288700 slot=8806078655b8 slot_idx=x0 [33537.921708] sas: sas_scsi_find_task: task 0x880423288700 is aborted [33537.921710] sas: sas_eh_handle_sas_errors: task 0x880423288700 is aborted [33537.921717] sas: ata23: end_device-7:4: cmd error handler [33537.921755] sas: ata7: end_device-7:0: dev error handler [33537.921779] sas: ata8: end_device-7:1: dev error handler [33537.921794] sas: ata22: end_device-7:2: dev error handler [33537.921807] sas: ata10: end_device-7:3: dev error handler [33537.921833] sas: ata23: end_device-7:4: dev error handler [33537.921835] sas: ata12: end_device-7:5: dev error handler [33537.921846] sas: ata21: end_device-7:7: dev error handler [33537.921852] sas: ata13: end_device-7:6: dev error handler [33537.921870] ata23.00: exception Emask 0x0 SAct 0x4000 SErr 0x0 action 0x6 frozen [33537.921877] ata23.00: failed command: READ FPDMA QUEUED [33537.921886] ata23.00: cmd 60/00:00:80:9f:ab/02:00:43:01:00/40 tag 14 ncq 262144 in res 40/00:00:00:00:00/00:00:00:00:00/00 Emask 0x4 (timeout) [33537.921892] ata23.00: status: { DRDY } [33537.921898] ata23: hard resetting link [33537.931932] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1975:phy 4 ctrl sts=0x. [33537.931936] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1977:phy 4 irq sts = 0x0001 [33537.931972] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1975:phy 4 ctrl sts=0x00122000. [33537.931984] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1977:phy 4 irq sts = 0x0081 [33537.949987] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1975:phy 4 ctrl sts=0x00122000. [33537.95] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1977:phy 4 irq sts = 0x0001 [33537.950007] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 2026:notify plug in on phy[0] [33537.970026] /mnt/linux/drivers/scsi/mvsas/mv_94xx.c 884:get all reg link rate is 0x122000 [33537.970035] /mnt/linux/drivers/scsi/mvsas/mv_94xx.c 889:get link rate is 10 [33538.090081] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1079:phy 4 attach dev info is 20001 [33538.090089] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1081:phy 4 attach sas addr is 4 [33538.090111] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 277:phy 4 byte dmaded. [33538.090196] sas: sas_form_port: phy0 belongs to port4 already(1)! [33540.138362] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1430:mvs_I_T_nexus_reset for device[0]:rc= 0 [33540.291688] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1771:port 4 slot 0 rx_desc 3 has error info80008000. [33545.291735] ata23.00: qc timeout (cmd 0x27) [33545.291746] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1540:mvs_abort_task() mvi=88060784 task=88027c093600 slot=8806078655b8 slot_idx=x0 [33545.291755] ata23.00: failed to read native max address (err_mask=0x4) [33545.291758] ata23.00: HPA support seems broken, skipping HPA handling [33545.291762] ata23.00: revalidation failed (errno=-5) [33545.291770] ata23: hard resetting link [33545.301800] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1975:phy 4 ctrl sts=0x. [33545.301808] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1977:phy 4 irq sts = 0x0001 [33545.301840] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1975:phy 4 ctrl sts=0x00122000. [33545.301846] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1977:phy 4 irq sts = 0x0081 [33545.353623] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1975:phy 4 ctrl sts=0x00122000. [33545.353638] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1977:phy 4 irq sts = 0x0001 [33545.353644] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 2026:notify plug in on phy[0] [33545.373664] /mnt/linux/drivers/scsi/mvsas/mv_94xx.c 884:get all reg link rate is 0x122000 [33545.373672] /mnt/linux/drivers/scsi/mvsas/mv_94xx.c 889:get link rate is 10 [33545.493717]
How to increase RAID/HBA controller's timeout?
I've HighPoint RocketRAID 2760A which uses mvsas driver. And I need to increase it's timeout because it timeouts too early and doesn't allow HDD to finish it's recovery routine for unreadable sector (that HDD doesn't support TLER) I've increased # echo 300 > /sys/block/sdd/device/timeout # echo 300 > /sys/block/sdd/device/eh_timeout But it didn't gave any effect, it still timeouts in ~8 seconds. # hdparm --read-sector 3021567960 /dev/sdd /dev/sdd: reading sector 3021567960: FAILED: Input/output error [17226.257531] /mnt/linux/drivers/scsi/mvsas/mv_sas.c 1771:port 2 slot 0 rx_desc 3 has error info0100. [17226.266698] sas: Enter sas_scsi_recover_host busy: 1 failed: 1 [17226.266707] sas: ata21: end_device-7:2: cmd error handler [17226.266740] sas: ata7: end_device-7:0: dev error handler [17226.266750] sas: ata8: end_device-7:1: dev error handler [17226.266760] sas: ata21: end_device-7:2: dev error handler [17226.266767] sas: ata10: end_device-7:3: dev error handler [17226.266772] ata21.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0 [17226.266778] ata21.00: failed command: READ SECTOR(S) EXT [17226.266781] sas: ata12: end_device-7:5: dev error handler [17226.266787] sas: ata11: end_device-7:4: dev error handler [17226.266793] sas: ata13: end_device-7:6: dev error handler [17226.266795] sas: ata14: end_device-7:7: dev error handler [17226.266813] ata21.00: cmd 24/00:01:d8:77:19/00:00:b4:00:00/e0 tag 21 pio 512 in res 51/40:00:d8:77:19/00:00:b4:00:00/00 Emask 0x9 (media error) [17226.266820] ata21.00: status: { DRDY ERR } [17226.266825] ata21.00: error: { UNC } [17226.330498] ata21.00: failed to IDENTIFY (I/O error, err_mask=0x1) [17226.330506] ata21.00: revalidation failed (errno=-5) [17226.330514] ata21: hard resetting link [17226.483739] ata21.00: failed to IDENTIFY (I/O error, err_mask=0x1) [17226.483746] ata21.00: revalidation failed (errno=-5) [17228.669337] hpet1: lost 331 rtc interrupts [17230.689985] hpet1: lost 129 rtc interrupts [17231.483422] ata21: hard resetting link [17231.637199] ata21.00: failed to IDENTIFY (I/O error, err_mask=0x1) [17231.637207] ata21.00: revalidation failed (errno=-5) [17231.637212] ata21.00: disabled [17231.637252] ata21: EH complete [17231.637275] sas: --- Exit sas_scsi_recover_host: busy: 0 failed: 0 tries: After this that disk isn't accessible at all until it's physically disconnected and reconnected. Thanks! -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Improve device reset for failed HDD
Hi! I've a Seagate Barracuda 7200.14 (ST2000DM001-9YN164) 2TB HDD with some bad sectors and when they're accessed it causes device to fail. It's attached to HighPoint RocketRAID 2760 HBA (mvsas) and kernel 4.6 when accesing bad sector in log can see: kernel: /mnt/Linux/linux/drivers/scsi/mvsas/mv_sas.c 1771:port 2 slot 0 rx_desc 3 has error info0100. kernel: sas: Enter sas_scsi_recover_host busy: 1 failed: 1 kernel: sas: ata21: end_device-7:2: cmd error handler kernel: sas: ata7: end_device-7:0: dev error handler kernel: sas: ata8: end_device-7:1: dev error handler kernel: sas: ata21: end_device-7:2: dev error handler kernel: ata21.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0 kernel: sas: ata10: end_device-7:3: dev error handler kernel: sas: ata11: end_device-7:4: dev error handler kernel: ata21.00: failed command: READ SECTOR(S) EXT kernel: ata21.00: cmd 24/00:01:69:86:7a/00:00:9d:00:00/e0 tag 17 pio 512 in res 51/40:00:69:86:7a/00:00:9d:00:00/00 Emask 0x9 (media error) kernel: sas: ata12: end_device-7:5: dev error handler kernel: sas: ata13: end_device-7:6: dev error handler kernel: ata21.00: status: { DRDY ERR } kernel: sas: ata14: end_device-7:7: dev error handler kernel: ata21.00: error: { UNC } kernel: ata21.00: failed to IDENTIFY (I/O error, err_mask=0x1) kernel: ata21.00: revalidation failed (errno=-5) kernel: ata21: hard resetting link kernel: ata21.00: failed to IDENTIFY (I/O error, err_mask=0x1) kernel: ata21.00: revalidation failed (errno=-5) kernel: ata21: hard resetting link kernel: ata21.00: failed to IDENTIFY (I/O error, err_mask=0x1) kernel: ata21.00: revalidation failed (errno=-5) kernel: ata21.00: disabled kernel: ata21: EH complete kernel: sas: --- Exit sas_scsi_recover_host: busy: 0 failed: 0 tries: 1 then after this, device still appears available (/dev/sdp) but any access to it fails, even good sectors and SMART kernel: sd 7:0:8:0: [sdp] tag#0 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 kernel: sd 7:0:8:0: [sdp] tag#0 CDB: opcode=0x28 28 00 00 00 00 00 00 00 20 00 kernel: blk_update_request: I/O error, dev sdp, sector 0 kernel: sd 7:0:8:0: [sdp] tag#0 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 kernel: sd 7:0:8:0: [sdp] tag#0 CDB: opcode=0x28 28 00 00 00 00 00 00 00 08 00 kernel: blk_update_request: I/O error, dev sdp, sector 0 kernel: Buffer I/O error on dev sdp, logical block 0, async page read kernel: sd 7:0:8:0: [sdp] tag#0 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 kernel: sd 7:0:8:0: [sdp] tag#0 CDB: opcode=0x28 28 00 00 00 00 00 00 00 08 00 kernel: blk_update_request: I/O error, dev sdp, sector 0 kernel: Buffer I/O error on dev sdp, logical block 0, async page read kernel: sd 7:0:8:0: [sdp] tag#0 UNKNOWN(0x2003) Result: hostbyte=0x04 driverbyte=0x00 kernel: sd 7:0:8:0: [sdp] tag#0 CDB: opcode=0x28 28 00 e8 e0 88 a8 00 00 08 00 kernel: blk_update_request: I/O error, dev sdp, sector 3907029160 kernel: Buffer I/O error on dev sdp, logical block 488378645, async page read kernel: sd 7:0:8:0: [sdp] Read Capacity(16) failed: Result: hostbyte=0x04 driverbyte=0x00 kernel: sd 7:0:8:0: [sdp] Sense not available. kernel: sd 7:0:8:0: [sdp] Read Capacity(10) failed: Result: hostbyte=0x04 driverbyte=0x00 kernel: sd 7:0:8:0: [sdp] Sense not available. kernel: sd 7:0:8:0: [sdp] Write Protect is on kernel: sd 7:0:8:0: [sdp] Mode Sense: ea ea ea ea kernel: sdp: detected capacity change from 2000398934016 to 0 kernel: sd 7:0:8:0: [sdp] Read Capacity(16) failed: Result: hostbyte=0x04 driverbyte=0x00 kernel: sd 7:0:8:0: [sdp] Sense not available. kernel: sd 7:0:8:0: [sdp] Read Capacity(10) failed: Result: hostbyte=0x04 driverbyte=0x00 kernel: sd 7:0:8:0: [sdp] Sense not available. kernel: sd 7:0:8:0: [sdp] Write Protect is off kernel: sd 7:0:8:0: [sdp] Mode Sense: 00 00 00 00 kernel: sd 7:0:8:0: [sdp] Read Capacity(16) failed: Result: hostbyte=0x04 driverbyte=0x00 kernel: sd 7:0:8:0: [sdp] Sense not available. kernel: sd 7:0:8:0: [sdp] Read Capacity(10) failed: Result: hostbyte=0x04 driverbyte=0x00 kernel: sd 7:0:8:0: [sdp] Sense not available. Problem is that some applications still keep going on (for example btrfs scrub) and marks all next sectors/files/etc as bad even when they're not. Then when I remove device with $ echo 1 > /sys/block/sdp/device/delete and physically unplug it and plug back in kernel: sd 7:0:8:0: [sdp] Stopping disk kernel: sd 7:0:8:0: [sdp] Start/Stop Unit failed: Result: hostbyte=0x04 driverbyte=0x00 kernel: /mnt/Linux/linux/drivers/scsi/mvsas/mv_sas.c 1975:phy 2 ctrl sts=0x. kernel: /mnt/Linux/linux/drivers/scsi/mvsas/mv_sas.c 1977:phy 2 irq sts = 0x01001001 kernel: /mnt/Linux/linux/drivers/scsi/mvsas/mv_sas.c 1913:phy2 Removed Device kernel: [ cut here ] kernel: WARNING: CPU: 5 PID: 14363 at /mnt/Linux/linux/fs/sysfs/group.c:237 sysfs_remove_group+0x8b/0x90 kernel: sysfs group 818a7520 not found for kobject
Re: [PATCH] mvsas:Fix possible NULL pointer deference in mvs_dev_found_notify
2016-03-09 15:58 GMT+02:00 Nicholas Krause: > This adds properly checking after the call to mvs_find_dev_mvi > due to this function being able to return a NULL pointer and if > this does arise we will deference it in mvs_alloc_dev due to > this function never checking if a NULL pointer is given as > it's input argument. > > Signed-off-by: Nicholas Krause > --- > drivers/scsi/mvsas/mv_sas.c | 4 > 1 file changed, 4 insertions(+) > > diff --git a/drivers/scsi/mvsas/mv_sas.c b/drivers/scsi/mvsas/mv_sas.c > index 83cd3ea..7afb248 100644 > --- a/drivers/scsi/mvsas/mv_sas.c > +++ b/drivers/scsi/mvsas/mv_sas.c > @@ -1191,6 +1191,10 @@ int mvs_dev_found_notify(struct domain_device *dev, > int lock) > struct mvs_device *mvi_device; > > mvi = mvs_find_dev_mvi(dev); > + if (!mvi) { > + res = -1; > + goto found_out; > + } > > if (lock) > spin_lock_irqsave(>lock, flags); > -- > 2.5.0 > It doesn't look right, if mvi will be NULL and lock will be set then at found_out: if (lock) spin_unlock_irqrestore(>lock, flags); there will be mvi dereference, besides spin_lock_irqsave wasn't even called. And without this patch dereference would happen on mvi->lock which is before use in mvs_alloc_dev About whether mvs_find_dev_mvi can return NULL it looks like it's possible, but I'm not sure if it practically happens. I guess it did hence patch. -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: Question for Patch"libsas: fix "sysfs group not found" warnings at port teardown time"
2016-02-05 11:20 GMT+02:00 wangyijing: > > Hi Dan and Praveen, >I found a patch titled "libsas: fix "sysfs group not found" warnings at > port teardown time" by google, > https://www.mail-archive.com/linux-scsi@vger.kernel.org/msg39187.html > Maybe this is related? kernel: WARNING: CPU: 4 PID: 16820 at fs/sysfs/group.c:237 sysfs_remove_group+0x8b/0x90() kernel: sysfs group 818a3b60 not found for kobject 'end_device-7:7' [...] kernel: Workqueue: scsi_wq_7 sas_destruct_devices [libsas] I'm getting this warning when removing disk from HighPoint RocketRAID 2760 controller (mvsas driver) See https://bugzilla.kernel.org/show_bug.cgi?id=71021#c3 -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] SCSI: mvsas: Fix NULL pointer dereference in mvs_slot_task_free
2015-10-21 16:47 GMT+03:00 Johannes Thumshirn <jthumsh...@suse.de>: > On Wed, 2015-10-21 at 16:18 +0300, Dāvis Mosāns wrote: >> 2015-10-21 10:33 GMT+03:00 Johannes Thumshirn <jthumsh...@suse.de>: >> > On Tue, 2015-10-20 at 20:41 +0300, Dāvis Mosāns wrote: >> > > 2015-08-21 7:29 GMT+03:00 Dāvis Mosāns <davis...@gmail.com>: >> > > > When pci_pool_alloc fails in mvs_task_prep then task->lldd_task >> > > > stays >> > > > NULL but it's later used in mvs_abort_task as slot which is >> > > > passed >> > > > to mvs_slot_task_free causing NULL pointer dereference. >> > > > >> > > > Just return from mvs_slot_task_free when passed with NULL slot. >> > > > >> > > > Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=101891 >> > > > Signed-off-by: Dāvis Mosāns <davis...@gmail.com> >> > > > --- >> > > > drivers/scsi/mvsas/mv_sas.c | 2 ++ >> > > > 1 file changed, 2 insertions(+) >> > > > >> > > > diff --git a/drivers/scsi/mvsas/mv_sas.c >> > > > b/drivers/scsi/mvsas/mv_sas.c >> > > > index 454536c..9c78074 100644 >> > > > --- a/drivers/scsi/mvsas/mv_sas.c >> > > > +++ b/drivers/scsi/mvsas/mv_sas.c >> > > > @@ -887,6 +887,8 @@ static void mvs_slot_free(struct mvs_info >> > > > *mvi, >> > > > u32 rx_desc) >> > > > static void mvs_slot_task_free(struct mvs_info *mvi, struct >> > > > sas_task *task, >> > > > struct mvs_slot_info *slot, u32 >> > > > slot_idx) >> > > > { >> > > > + if (!slot) >> > > > + return; >> > > > if (!slot->task) >> > > > return; >> > > > if (!sas_protocol_ata(task->task_proto)) >> > > > -- >> > > > 2.5.0 >> > > > >> > > >> > > Can this get merged? >> > > So far since august it have saved me from several kernel crashes. >> > >> > If it saved you from several crashes, it probably should be tagged >> > for >> > stable, shouldn't it? >> > >> > Reviewed-by: Johannes Thumshirn <jthumsh...@suse.de> >> > >> > >> >> I don't really know how that works... this is my first patch so I'm >> not really concerned about in which version it gets in as long as it >> does. >> I've been compiling kernel with this patch for these months so for me >> it >> doesn't really make any difference. > > You can add > Cc: sta...@vger.kernel.org > somewhere around your Signed-off-by > > Documentation/stable_kernel_rules.txt has all the process > documentation. Should I add it together with review tags too and resend patch or reply to this thread with it edited or just leave it like it is now and whoever will see it will add it himself? also for stable requirements this line is a bit confusing "It or an equivalent fix must already exist in Linus' tree (upstream)." but then later seems it's not requirement for Option 1 -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] SCSI: mvsas: Fix NULL pointer dereference in mvs_slot_task_free
2015-10-21 10:33 GMT+03:00 Johannes Thumshirn <jthumsh...@suse.de>: > On Tue, 2015-10-20 at 20:41 +0300, Dāvis Mosāns wrote: >> 2015-08-21 7:29 GMT+03:00 Dāvis Mosāns <davis...@gmail.com>: >> > When pci_pool_alloc fails in mvs_task_prep then task->lldd_task >> > stays >> > NULL but it's later used in mvs_abort_task as slot which is passed >> > to mvs_slot_task_free causing NULL pointer dereference. >> > >> > Just return from mvs_slot_task_free when passed with NULL slot. >> > >> > Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=101891 >> > Signed-off-by: Dāvis Mosāns <davis...@gmail.com> >> > --- >> > drivers/scsi/mvsas/mv_sas.c | 2 ++ >> > 1 file changed, 2 insertions(+) >> > >> > diff --git a/drivers/scsi/mvsas/mv_sas.c >> > b/drivers/scsi/mvsas/mv_sas.c >> > index 454536c..9c78074 100644 >> > --- a/drivers/scsi/mvsas/mv_sas.c >> > +++ b/drivers/scsi/mvsas/mv_sas.c >> > @@ -887,6 +887,8 @@ static void mvs_slot_free(struct mvs_info *mvi, >> > u32 rx_desc) >> > static void mvs_slot_task_free(struct mvs_info *mvi, struct >> > sas_task *task, >> > struct mvs_slot_info *slot, u32 slot_idx) >> > { >> > + if (!slot) >> > + return; >> > if (!slot->task) >> > return; >> > if (!sas_protocol_ata(task->task_proto)) >> > -- >> > 2.5.0 >> > >> >> Can this get merged? >> So far since august it have saved me from several kernel crashes. > > If it saved you from several crashes, it probably should be tagged for > stable, shouldn't it? > > Reviewed-by: Johannes Thumshirn <jthumsh...@suse.de> > > I don't really know how that works... this is my first patch so I'm not really concerned about in which version it gets in as long as it does. I've been compiling kernel with this patch for these months so for me it doesn't really make any difference. -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] SCSI: mvsas: Fix NULL pointer dereference in mvs_slot_task_free
2015-08-21 7:29 GMT+03:00 Dāvis Mosāns <davis...@gmail.com>: > When pci_pool_alloc fails in mvs_task_prep then task->lldd_task stays > NULL but it's later used in mvs_abort_task as slot which is passed > to mvs_slot_task_free causing NULL pointer dereference. > > Just return from mvs_slot_task_free when passed with NULL slot. > > Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=101891 > Signed-off-by: Dāvis Mosāns <davis...@gmail.com> > --- > drivers/scsi/mvsas/mv_sas.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/scsi/mvsas/mv_sas.c b/drivers/scsi/mvsas/mv_sas.c > index 454536c..9c78074 100644 > --- a/drivers/scsi/mvsas/mv_sas.c > +++ b/drivers/scsi/mvsas/mv_sas.c > @@ -887,6 +887,8 @@ static void mvs_slot_free(struct mvs_info *mvi, u32 > rx_desc) > static void mvs_slot_task_free(struct mvs_info *mvi, struct sas_task *task, > struct mvs_slot_info *slot, u32 slot_idx) > { > + if (!slot) > + return; > if (!slot->task) > return; > if (!sas_protocol_ata(task->task_proto)) > -- > 2.5.0 > Can this get merged? So far since august it have saved me from several kernel crashes. -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] SCSI: mvsas: Fix NULL pointer dereference in mvs_slot_task_free
2015-08-21 7:29 GMT+03:00 Dāvis Mosāns <davis...@gmail.com>: > When pci_pool_alloc fails in mvs_task_prep then task->lldd_task stays > NULL but it's later used in mvs_abort_task as slot which is passed > to mvs_slot_task_free causing NULL pointer dereference. > > Just return from mvs_slot_task_free when passed with NULL slot. > > Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=101891 > Signed-off-by: Dāvis Mosāns <davis...@gmail.com> > --- > drivers/scsi/mvsas/mv_sas.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/scsi/mvsas/mv_sas.c b/drivers/scsi/mvsas/mv_sas.c > index 454536c..9c78074 100644 > --- a/drivers/scsi/mvsas/mv_sas.c > +++ b/drivers/scsi/mvsas/mv_sas.c > @@ -887,6 +887,8 @@ static void mvs_slot_free(struct mvs_info *mvi, u32 > rx_desc) > static void mvs_slot_task_free(struct mvs_info *mvi, struct sas_task *task, > struct mvs_slot_info *slot, u32 slot_idx) > { > + if (!slot) > + return; > if (!slot->task) > return; > if (!sas_protocol_ata(task->task_proto)) > -- > 2.5.0 > ping? do I need to CC someone else? -- To unsubscribe from this list: send the line "unsubscribe linux-scsi" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] SCSI: mvsas: Fix NULL pointer dereference in mvs_slot_task_free
When pci_pool_alloc fails in mvs_task_prep then task-lldd_task stays NULL but it's later used in mvs_abort_task as slot which is passed to mvs_slot_task_free causing NULL pointer dereference. Just return from mvs_slot_task_free when passed with NULL slot. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=101891 Signed-off-by: Dāvis Mosāns davis...@gmail.com --- drivers/scsi/mvsas/mv_sas.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/scsi/mvsas/mv_sas.c b/drivers/scsi/mvsas/mv_sas.c index 454536c..9c78074 100644 --- a/drivers/scsi/mvsas/mv_sas.c +++ b/drivers/scsi/mvsas/mv_sas.c @@ -887,6 +887,8 @@ static void mvs_slot_free(struct mvs_info *mvi, u32 rx_desc) static void mvs_slot_task_free(struct mvs_info *mvi, struct sas_task *task, struct mvs_slot_info *slot, u32 slot_idx) { + if (!slot) + return; if (!slot-task) return; if (!sas_protocol_ata(task-task_proto)) -- 2.5.0 -- To unsubscribe from this list: send the line unsubscribe linux-scsi in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html