Public bug reported:
---Problem Description---
If there has BIDI data, its first iov[] will overwrite the last
iov[] for se_cmd->t_data_sg.
---uname output---
Latest Yakkety master branch
Machine Type = P8
---Steps to Reproduce---
Just have a system do workload using tcmu.
Stack trace output:
I have seen this in my environment:
(gdb) print *((tcmulib_cmd->iovec)+0)
$7 = {iov_base = 0x3fff7c3d0000, iov_len = 8192}
(gdb) print *((tcmulib_cmd->iovec)+1)
$3 = {iov_base = 0x3fff7c3da000, iov_len = 4096}
(gdb) print *((tcmulib_cmd->iovec)+2)
$4 = {iov_base = 0x3fff7c3dc000, iov_len = 16384}
(gdb) print *((tcmulib_cmd->iovec)+3)
$5 = {iov_base = 0x3fff7c3f7000, iov_len = 12288}
(gdb) print *((tcmulib_cmd->iovec)+4)
$6 = {iov_base = 0x1306e853c0028, iov_len = 128} <--- bad pointer and length
cmu: Fix wrongly calculating of the base_command_size
https://patchwork.kernel.org/patch/9687657/
tcmu: Fix possible overwrite of t_data_sg's last iov[]
https://patchwork.kernel.org/patch/9687565/
tcmu: Skip Data-Out blocks before gathering Data-In buffer for BIDI case
https://patchwork.kernel.org/patch/9655423/
This patch should also be a part of these fixes. WITH BIDI op fixes.
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage)
Status: New
** Tags: architecture-ppc64le bugnameltc-154063 severity-critical
targetmilestone-inin1610
** Tags added: architecture-ppc64le bugnameltc-154063 severity-critical
targetmilestone-inin1610
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1689360
Title:
TCMU: Fix possible overwrite of t_data_sg's last iov[] and wrongly
calculating base_command_size
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1689360/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
