Re: [2.6.23 PATCH 07/18] dm io: fix panic on large request

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Alasdair G Kergon <agk@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	dm-devel@redhat.com, linux-kernel@vger.kernel.org,
	Jun'ichi Nomura <j-nomura@ce.jp.nec.com>
Subject: Re: [2.6.23 PATCH 07/18] dm io: fix panic on large request
Date: Tue, 17 Jul 2007 15:16:11 +0200	[thread overview]
Message-ID: <469CC11B.2020103@trash.net> (raw)
In-Reply-To: <20070711205846.GY24114@agk.fab.redhat.com>

Alasdair G Kergon wrote:
> From: "Jun'ichi Nomura" <j-nomura@ce.jp.nec.com>
> 
> bio_alloc_bioset() will return NULL if 'num_vecs' is too large.
> Use bio_get_nr_vecs() to get estimation of maximum number.
> 
> Signed-off-by: "Jun'ichi Nomura" <j-nomura@ce.jp.nec.com>
> Signed-off-by: Alasdair G Kergon <agk@redhat.com>
> 
> ---
>  drivers/md/dm-io.c |    5 ++++-
>  1 files changed, 4 insertions(+), 1 deletion(-)


This patch reproducibly oopses my box:

[  126.754204] BUG: unable to handle kernel NULL pointer dereference at
virtual address 00000000
[  126.754326]  printing eip:
[  126.754369] c0141a67
[  126.754420] *pde = 00000000
[  126.754465] Oops: 0000 [#1]
[  126.754507] PREEMPT
[  126.754585] Modules linked in: [...]


[  126.758372] CPU:    0
[  126.758373] EIP:    0060:[<c0141a67>]    Not tainted VLI
[  126.758374] EFLAGS: 00010282   (2.6.22 #1)
[  126.758511] EIP is at mempool_free+0xe/0xc0
[  126.758558] eax: d39e65d0   ebx: 00000000   ecx: df2b9898   edx: 00000000
[  126.758605] esi: 00000000   edi: d39e65d0   ebp: d487d6d0   esp: df79fec0
[  126.758652] ds: 007b   es: 007b   fs: 0000  gs: 0000  ss: 0068
[  126.758699] Process kcryptd/0 (pid: 3218, ti=df79f000 task=df2b9640
task.ti=df79f000)
[  126.758747] Stack: 00000000 00000000 d3835f80 00000000 e08b0923
e08a5f69 00000200 e0ad1080
[  126.759093]        dfb5ab40 d3835f80 e08b08c0 00000000 e08a5fb7
c01804d8 00000000 00000200
[  126.759439]        c520bc00 00000c00 d0b77438 d5754b00 df79ff5c
e08a515e d0b77444 d5754b00
[  126.759858] Call Trace:
[  126.759965]  [<e08b0923>] clone_endio+0x63/0xc0 [dm_mod]
[  126.760066]  [<e08a5f69>] crypt_convert+0x131/0x17f [dm_crypt]
[  126.760168]  [<e08b08c0>] clone_endio+0x0/0xc0 [dm_mod]
[  126.760264]  [<e08a5fb7>] kcryptd_do_work+0x0/0x30f [dm_crypt]
[  126.760349]  [<c01804d8>] bio_endio+0x33/0x5d
[  126.760462]  [<e08a515e>] dec_pending+0x28/0x39 [dm_crypt]
[  126.760558]  [<e08a61e6>] kcryptd_do_work+0x22f/0x30f [dm_crypt]
[  126.760669]  [<c0112182>] update_stats_wait_end+0x7f/0xb2
[  126.760801]  [<e08a5fb7>] kcryptd_do_work+0x0/0x30f [dm_crypt]
[  126.760888]  [<c012700e>] run_workqueue+0x84/0x179
[  126.760990]  [<c0127292>] worker_thread+0x0/0xf0
[  126.761074]  [<c012732f>] worker_thread+0x9d/0xf0
[  126.761160]  [<c012a360>] autoremove_wake_function+0x0/0x37
[  126.761256]  [<c0127292>] worker_thread+0x0/0xf0
[  126.761334]  [<c012a15c>] kthread+0x52/0x58
[  126.761411]  [<c012a10a>] kthread+0x0/0x58
[  126.761496]  [<c0104983>] kernel_thread_helper+0x7/0x14
[  126.761598]  =======================
[  126.761717] Code: 1c 00 89 f6 eb a9 b8 88 13 00 00 e8 b4 56 1c 00 8d
74 26 00 eb d5 31 db e9 11 ff ff ff 57 56 53 83 ec 04 89 c7 89 d6 85 c0
74 55 <8b> 02 39 42 04 7d 46 9c 58 90 8d b4 26 00 00 00 00 89 c3 fa 90
[  126.763964] EIP: [<c0141a67>] mempool_free+0xe/0xc0 SS:ESP 0068:df79fec0

next prev parent reply	other threads:[~2007-07-17 13:16 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-07-11 20:58 [2.6.23 PATCH 07/18] dm io: fix panic on large request Alasdair G Kergon
2007-07-11 20:58 ` Alasdair G Kergon
2007-07-17 13:16 ` Patrick McHardy [this message]
2007-07-17 16:39   ` Jun'ichi Nomura
2007-07-17 16:39     ` Jun'ichi Nomura
2007-07-17 17:50     ` Patrick McHardy
2007-07-17 22:20       ` Jun'ichi Nomura
2007-07-17 22:20         ` Jun'ichi Nomura
2007-07-18 10:08         ` Patrick McHardy
2007-07-18 15:23   ` Chuck Ebbert
2007-07-20 15:07     ` Milan Broz
2007-07-20 15:07       ` Milan Broz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=469CC11B.2020103@trash.net \
    --to=kaber@trash.net \
    --cc=agk@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=dm-devel@redhat.com \
    --cc=j-nomura@ce.jp.nec.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.