From: Hannes Reinecke <hare@suse.de>
To: Wei Fang <fangwei1@huawei.com>,
tj@kernel.org, jejb@linux.vnet.ibm.com,
martin.petersen@oracle.com
Cc: linux-scsi@vger.kernel.org
Subject: Re: [PATCH] scsi:libsas: fix oops caused by assigning a freed task to ->lldd_task
Date: Wed, 6 Jul 2016 10:24:47 +0200 [thread overview]
Message-ID: <577CC04F.50508@suse.de> (raw)
In-Reply-To: <1467793724-21815-1-git-send-email-fangwei1@huawei.com>
On 07/06/2016 10:28 AM, Wei Fang wrote:
> A freed task has been assigned to ->lldd_task when lldd_execute_task()
> failed in sas_ata_qc_issue(), and access of ->lldd_task will cause
> an oops:
>
> Call trace:
> [<ffffffc000641f64>] sas_ata_post_internal+0x6c/0x150
> [<ffffffc0006c0d64>] ata_exec_internal_sg+0x32c/0x588
> [<ffffffc0006c1048>] ata_exec_internal+0x88/0xe8
> [<ffffffc0006c13b4>] ata_dev_read_id+0x204/0x5e0
> [<ffffffc0006c17f0>] ata_dev_reread_id+0x60/0xc8
> [<ffffffc0006c3098>] ata_dev_revalidate+0x88/0x1e0
> [<ffffffc0006cf828>] ata_eh_recover+0xcf8/0x13a8
> [<ffffffc0006d075c>] ata_do_eh+0x5c/0xe0
> [<ffffffc0006d0828>] ata_std_error_handler+0x48/0x98
> [<ffffffc0006d042c>] ata_scsi_port_error_handler+0x474/0x658
> [<ffffffc000641b78>] async_sas_ata_eh+0x50/0x80
> [<ffffffc0000ca664>] async_run_entry_fn+0x64/0x180
> [<ffffffc0000c085c>] process_one_work+0x164/0x438
> [<ffffffc0000c0c74>] worker_thread+0x144/0x4b0
> [<ffffffc0000c70fc>] kthread+0xfc/0x110
>
> Fix this by reassigning NULL to ->lldd_task in error path.
>
> Signed-off-by: Wei Fang <fangwei1@huawei.com>
> ---
> drivers/scsi/libsas/sas_ata.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
> index 935c430..33c7c66 100644
> --- a/drivers/scsi/libsas/sas_ata.c
> +++ b/drivers/scsi/libsas/sas_ata.c
> @@ -253,6 +253,7 @@ static unsigned int sas_ata_qc_issue(struct ata_queued_cmd *qc)
> if (qc->scsicmd)
> ASSIGN_SAS_TASK(qc->scsicmd, NULL);
> sas_free_task(task);
> + qc->lldd_task = task;
> ret = AC_ERR_SYSTEM;
> }
>
>
Errm.
This is most definitely wrong.
Sure you mean
qc->lldd_task = NULL;
in that line?
Cheers,
Hannes
--
Dr. Hannes Reinecke Teamlead Storage & Networking
hare@suse.de +49 911 74053 688
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: F. Imendörffer, J. Smithard, J. Guild, D. Upmanyu, G. Norton
HRB 21284 (AG Nürnberg)
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2016-07-06 8:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-06 8:28 [PATCH] scsi:libsas: fix oops caused by assigning a freed task to ->lldd_task Wei Fang
2016-07-06 8:24 ` Hannes Reinecke [this message]
2016-07-06 8:47 ` Wei Fang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=577CC04F.50508@suse.de \
--to=hare@suse.de \
--cc=fangwei1@huawei.com \
--cc=jejb@linux.vnet.ibm.com \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.