Re: [PATCH] scsi:libsas: fix oops caused by assigning a freed task to ->lldd

All of lore.kernel.org
 help / color / mirror / Atom feed

* Re: [PATCH] scsi:libsas: fix oops caused by assigning a freed task to ->lldd_task
  2016-07-06  8:28 [PATCH] scsi:libsas: fix oops caused by assigning a freed task to ->lldd_task Wei Fang
@ 2016-07-06  8:24 ` Hannes Reinecke
  2016-07-06  8:47   ` Wei Fang
  0 siblings, 1 reply; 3+ messages in thread
From: Hannes Reinecke @ 2016-07-06  8:24 UTC (permalink / raw)
  To: Wei Fang, tj, jejb, martin.petersen; +Cc: linux-scsi

On 07/06/2016 10:28 AM, Wei Fang wrote:
> A freed task has been assigned to ->lldd_task when lldd_execute_task()
> failed in sas_ata_qc_issue(), and access of ->lldd_task will cause
> an oops:
> 
> Call trace:
> [<ffffffc000641f64>] sas_ata_post_internal+0x6c/0x150
> [<ffffffc0006c0d64>] ata_exec_internal_sg+0x32c/0x588
> [<ffffffc0006c1048>] ata_exec_internal+0x88/0xe8
> [<ffffffc0006c13b4>] ata_dev_read_id+0x204/0x5e0
> [<ffffffc0006c17f0>] ata_dev_reread_id+0x60/0xc8
> [<ffffffc0006c3098>] ata_dev_revalidate+0x88/0x1e0
> [<ffffffc0006cf828>] ata_eh_recover+0xcf8/0x13a8
> [<ffffffc0006d075c>] ata_do_eh+0x5c/0xe0
> [<ffffffc0006d0828>] ata_std_error_handler+0x48/0x98
> [<ffffffc0006d042c>] ata_scsi_port_error_handler+0x474/0x658
> [<ffffffc000641b78>] async_sas_ata_eh+0x50/0x80
> [<ffffffc0000ca664>] async_run_entry_fn+0x64/0x180
> [<ffffffc0000c085c>] process_one_work+0x164/0x438
> [<ffffffc0000c0c74>] worker_thread+0x144/0x4b0
> [<ffffffc0000c70fc>] kthread+0xfc/0x110
> 
> Fix this by reassigning NULL to ->lldd_task in error path.
> 
> Signed-off-by: Wei Fang <fangwei1@huawei.com>
> ---
>  drivers/scsi/libsas/sas_ata.c |    1 +
>  1 files changed, 1 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
> index 935c430..33c7c66 100644
> --- a/drivers/scsi/libsas/sas_ata.c
> +++ b/drivers/scsi/libsas/sas_ata.c
> @@ -253,6 +253,7 @@ static unsigned int sas_ata_qc_issue(struct ata_queued_cmd *qc)
>  		if (qc->scsicmd)
>  			ASSIGN_SAS_TASK(qc->scsicmd, NULL);
>  		sas_free_task(task);
> +		qc->lldd_task = task;
>  		ret = AC_ERR_SYSTEM;
>  	}
>  
> 
Errm.
This is most definitely wrong.
Sure you mean

qc->lldd_task = NULL;

in that line?

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		   Teamlead Storage & Networking
hare@suse.de			               +49 911 74053 688
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: F. Imendörffer, J. Smithard, J. Guild, D. Upmanyu, G. Norton
HRB 21284 (AG Nürnberg)
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH] scsi:libsas: fix oops caused by assigning a freed task to ->lldd_task
@ 2016-07-06  8:28 Wei Fang
  2016-07-06  8:24 ` Hannes Reinecke
  0 siblings, 1 reply; 3+ messages in thread
From: Wei Fang @ 2016-07-06  8:28 UTC (permalink / raw)
  To: tj, jejb, martin.petersen, hare; +Cc: linux-scsi, Wei Fang

A freed task has been assigned to ->lldd_task when lldd_execute_task()
failed in sas_ata_qc_issue(), and access of ->lldd_task will cause
an oops:

Call trace:
[<ffffffc000641f64>] sas_ata_post_internal+0x6c/0x150
[<ffffffc0006c0d64>] ata_exec_internal_sg+0x32c/0x588
[<ffffffc0006c1048>] ata_exec_internal+0x88/0xe8
[<ffffffc0006c13b4>] ata_dev_read_id+0x204/0x5e0
[<ffffffc0006c17f0>] ata_dev_reread_id+0x60/0xc8
[<ffffffc0006c3098>] ata_dev_revalidate+0x88/0x1e0
[<ffffffc0006cf828>] ata_eh_recover+0xcf8/0x13a8
[<ffffffc0006d075c>] ata_do_eh+0x5c/0xe0
[<ffffffc0006d0828>] ata_std_error_handler+0x48/0x98
[<ffffffc0006d042c>] ata_scsi_port_error_handler+0x474/0x658
[<ffffffc000641b78>] async_sas_ata_eh+0x50/0x80
[<ffffffc0000ca664>] async_run_entry_fn+0x64/0x180
[<ffffffc0000c085c>] process_one_work+0x164/0x438
[<ffffffc0000c0c74>] worker_thread+0x144/0x4b0
[<ffffffc0000c70fc>] kthread+0xfc/0x110

Fix this by reassigning NULL to ->lldd_task in error path.

Signed-off-by: Wei Fang <fangwei1@huawei.com>
---
 drivers/scsi/libsas/sas_ata.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
index 935c430..33c7c66 100644
--- a/drivers/scsi/libsas/sas_ata.c
+++ b/drivers/scsi/libsas/sas_ata.c
@@ -253,6 +253,7 @@ static unsigned int sas_ata_qc_issue(struct ata_queued_cmd *qc)
 		if (qc->scsicmd)
 			ASSIGN_SAS_TASK(qc->scsicmd, NULL);
 		sas_free_task(task);
+		qc->lldd_task = task;
 		ret = AC_ERR_SYSTEM;
 	}
 
-- 
1.7.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] scsi:libsas: fix oops caused by assigning a freed task to ->lldd_task
  2016-07-06  8:24 ` Hannes Reinecke
@ 2016-07-06  8:47   ` Wei Fang
  0 siblings, 0 replies; 3+ messages in thread
From: Wei Fang @ 2016-07-06  8:47 UTC (permalink / raw)
  To: Hannes Reinecke, tj, jejb, martin.petersen; +Cc: linux-scsi

Hi, Hannes,

> This is most definitely wrong.
> Sure you mean
> 
> qc->lldd_task = NULL;
> 
> in that line?

My mistake. Thanks for pointing me out. Will resend soon.
Please ignore this patch.

Thanks,
Wei


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2016-07-06  8:47 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-07-06  8:28 [PATCH] scsi:libsas: fix oops caused by assigning a freed task to ->lldd_task Wei Fang
2016-07-06  8:24 ` Hannes Reinecke
2016-07-06  8:47   ` Wei Fang

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.