Re: [stable] apparent regression (crash) - 2.6.38.6

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Michael Tokarev <mjt@tls.msk.ru>
To: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Cc: James.Bottomley@HansenPartnership.com,
	Jens Axboe <axboe@kernel.dk>,
	greg@kroah.com, jslaby@suse.cz, stable@kernel.org,
	jejb@parisc-linux.org, linux-kernel@vger.kernel.org
Subject: Re: [stable] apparent regression (crash) - 2.6.38.6
Date: Fri, 03 Jun 2011 11:01:37 +0400	[thread overview]
Message-ID: <4DE886D1.8090807@msgid.tls.msk.ru> (raw)
In-Reply-To: <20110601.213424.80025869.anemo@mba.ocn.ne.jp>

01.06.2011 16:34, Atsushi Nemoto wrote:
> On Thu, 19 May 2011 07:39:27 +0400, James Bottomley <James.Bottomley@HansenPartnership.com> wrote:
>>>>>>> [  106.994628] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048
>>>>>>> [  106.994755] IP: [<ffffffff811bec1b>] elv_queue_empty+0x1b/0x30
>>>>>
>>>>> Hmm, it's another missing elevator guard, like this patch:
>>>>>
>>>>> http://marc.info/?l=linux-scsi&m=130348673628282
>>>>>
>>>>> I think the bug here is that q->elevator is null, so dereferencing
>>>>> elevator->ops gives the bug.
>>>>
>>>> Is this patch going to Linus anytime soon?
>>>
>>> Ping?
>>
>> I pinged Jens about it yesterday; he said it should be on its way to
>> Linus.
> 
> The patch in above URL ("block: add proper state guards to
> __elv_next_request") is in mainline and stable-queues now, but how
> about a similar fix for elv_queue_empty()?
> 
> The elv_queue_empty() is removed in mainline, but it seems
> stable-2.6.38.x and prior stable-branches still need the fix for
> elv_queue_empty().

Something like this?  (run-tested but I haven't seen the problem
in this place)

commit 2e8532e0a9ee1d25b279ac78ee8ce31701e2aa15
Author: Michael Tokarev <mjt@tls.msk.ru>
Date:   Fri Jun 3 10:50:49 2011 +0400

    block: add proper state guards to elv_queue_empty()

    Like in 0a58e077eb600d1efd7e54ad9926a75a39d7f8ae (backported to
    stable 2.6.38 as 0a58e077eb600d1efd7e54ad9926a75a39d7f8ae) which
    fixes this for __elv_next_request(), as reported by Atsushi Nemoto,
    elv_queue_empty() also needs to check for dead queue condition
    before touchin elevator.

    elv_queue_empty() has been removed upstream so this is only applicable
    for versions prior to 2.6.39, including 2.6.32-longterm.

    Signed-Off-By: Michael Tokarev <mjt@tls.msk.ru>

diff --git a/block/elevator.c b/block/elevator.c
index 236e93c..30cec25 100644
--- a/block/elevator.c
+++ b/block/elevator.c
@@ -727,7 +727,8 @@ int elv_queue_empty(struct request_queue *q)
 	if (!list_empty(&q->queue_head))
 		return 0;

-	if (e->ops->elevator_queue_empty_fn)
+	if (!test_bit(QUEUE_FLAG_DEAD, &q->queue_flags) &&
+	    e->ops->elevator_queue_empty_fn)
 		return e->ops->elevator_queue_empty_fn(q);

 	return 1;

next prev parent reply	other threads:[~2011-06-03  7:01 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-05-10 19:55 apparent regression (crash) - 2.6.38.6 Michael Tokarev
2011-05-11  6:30 ` Jiri Slaby
2011-05-11 19:19   ` James Bottomley
2011-05-11 19:31     ` Michael Tokarev
2011-05-11 20:22       ` Michael Tokarev
2011-05-19  0:25         ` [stable] " Greg KH
2011-05-11 19:34     ` Greg KH
2011-05-19  0:25       ` Greg KH
2011-05-19  3:39         ` James Bottomley
2011-05-19  8:20           ` Arkadiusz Miskiewicz
2011-06-01 12:34           ` Atsushi Nemoto
2011-06-03  7:01             ` Michael Tokarev [this message]
2011-06-03  7:09               ` lists+linux-kernel
2011-06-03  7:15                 ` Jiri Slaby
2011-06-04 11:38               ` Atsushi Nemoto
2011-05-11  7:58 ` Wolfgang Walter
  -- strict thread matches above, loose matches on Subject: below --
2011-05-24 13:06 [stable] " Paul Slootman

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:236e93c dfblob:30cec25 )
 OR (
bs:"Re: [stable] apparent regression (crash) - 2.6.38.6" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4DE886D1.8090807@msgid.tls.msk.ru \
    --to=mjt@tls.msk.ru \
    --cc=James.Bottomley@HansenPartnership.com \
    --cc=anemo@mba.ocn.ne.jp \
    --cc=axboe@kernel.dk \
    --cc=greg@kroah.com \
    --cc=jejb@parisc-linux.org \
    --cc=jslaby@suse.cz \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.