[PATCH] fix slab corruption during ipr probe

public inbox for linux-scsi@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] fix slab corruption during ipr probe
@ 2005-06-02 22:15 Nathan Lynch
  2005-06-03 14:14 ` James Bottomley
  0 siblings, 1 reply; 2+ messages in thread
From: Nathan Lynch @ 2005-06-02 22:15 UTC (permalink / raw)
  To: linux-scsi; +Cc: James.Bottomley, brking, linuxppc64-dev

Hi-

With CONFIG_DEBUG_SLAB=y I see slab corruption messages during boot on
pSeries machines with IPR adapters with any 2.6.12-rc kernel.

The change which seems to have introduced the problem is "SCSI: revamp
target scanning routines" and may be found at:
http://marc.theaimsgroup.com/?l=bk-commits-head&m=111093946426333&w=2

In order to revert that in a 2.6.12-rc1 tree, I had to revert "target
code updates to support scanned targets" first:
http://marc.theaimsgroup.com/?l=bk-commits-head&m=111094132524649&w=2

With both patches reverted, the corruption messages go away.

ipr: IBM Power RAID SCSI Device Driver version: 2.0.13 (February 21,
2005)
ipr 0001:d0:01.0: Found IOA with IRQ: 167
ipr 0001:d0:01.0: Starting IOA initialization sequence.
ipr 0001:d0:01.0: Adapter firmware version: 020A005C
ipr 0001:d0:01.0: IOA initialized.
scsi0 : IBM 570B Storage Adapter
  Vendor: IBM       Model: VSBPD4E1  U4SCSI  Rev: 4770
  Type:   Enclosure                          ANSI SCSI revision: 02
  Vendor: IBM   H0  Model: HUS103036FL3800   Rev: RPQF
  Type:   Direct-Access                      ANSI SCSI revision: 04
  Vendor: IBM   H0  Model: HUS103036FL3800   Rev: RPQF
  Type:   Direct-Access                      ANSI SCSI revision: 04
  Vendor: IBM   H0  Model: HUS103036FL3800   Rev: RPQF
  Type:   Direct-Access                      ANSI SCSI revision: 04
  Vendor: IBM   H0  Model: HUS103036FL3800   Rev: RPQF
  Type:   Direct-Access                      ANSI SCSI revision: 04
  Vendor: IBM       Model: VSBPD4E1  U4SCSI  Rev: 4770
  Type:   Enclosure                          ANSI SCSI revision: 02
Slab corruption: start=c0000001e8de5268, len=512
Redzone: 0x5a2cf071/0x5a2cf071.
Last user: [<c00000000029c3a0>](.scsi_target_dev_release+0x28/0x50)
080: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6a
Prev obj: start=c0000001e8de5050, len=512
Redzone: 0x5a2cf071/0x5a2cf071.
Last user: [<0000000000000000>](0x0)
000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
Next obj: start=c0000001e8de5480, len=512
Redzone: 0x170fc2a5/0x170fc2a5.
Last user: [<c000000000228d7c>](.as_init_queue+0x5c/0x228)
000: c0 00 00 01 e8 83 26 08 00 00 00 00 00 00 00 00
010: 00 00 00 00 00 00 00 00 c0 00 00 01 e8 de 54 98
Slab corruption: start=c0000001e8de5268, len=512
Redzone: 0x5a2cf071/0x5a2cf071.
Last user: [<c00000000029c3a0>](.scsi_target_dev_release+0x28/0x50)
080: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6a
Prev obj: start=c0000001e8de5050, len=512
Redzone: 0x5a2cf071/0x5a2cf071.
Last user: [<0000000000000000>](0x0)
000: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
010: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b
Next obj: start=c0000001e8de5480, len=512
Redzone: 0x170fc2a5/0x170fc2a5.
Last user: [<c000000000228d7c>](.as_init_queue+0x5c/0x228)
000: c0 00 00 01 e8 83 26 08 00 00 00 00 00 00 00 00
010: 00 00 00 00 00 00 00 00 c0 00 00 01 e8 de 54 98
...

I did some digging and the problem seems to be a refcounting issue in
__scsi_add_device.  The target gets freed in scsi_target_reap, and
then __scsi_add_device tries to do another device_put on it.  I'm not
sure whether other users of __scsi_add_device are affected by this.

This patch works for me (tm); is it correct?

Signed-off-by: Nathan Lynch <ntl@pobox.com>

Index: linux-2.6.12-rc5/drivers/scsi/scsi_scan.c
===================================================================
--- linux-2.6.12-rc5.orig/drivers/scsi/scsi_scan.c
+++ linux-2.6.12-rc5/drivers/scsi/scsi_scan.c
@@ -1197,6 +1197,7 @@ struct scsi_device *__scsi_add_device(st
 	if (!starget)
 		return ERR_PTR(-ENOMEM);
 
+	get_device(&starget->dev);
 	down(&shost->scan_mutex);
 	res = scsi_probe_and_add_lun(starget, lun, NULL, &sdev, 1, hostdata);
 	if (res != SCSI_SCAN_LUN_PRESENT)




^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] fix slab corruption during ipr probe
  2005-06-02 22:15 [PATCH] fix slab corruption during ipr probe Nathan Lynch
@ 2005-06-03 14:14 ` James Bottomley
  0 siblings, 0 replies; 2+ messages in thread
From: James Bottomley @ 2005-06-03 14:14 UTC (permalink / raw)
  To: Nathan Lynch; +Cc: SCSI Mailing List, brking, linuxppc64-dev

On Thu, 2005-06-02 at 17:15 -0500, Nathan Lynch wrote:
> This patch works for me (tm); is it correct?
> 
> Signed-off-by: Nathan Lynch <ntl@pobox.com>

Yes, it is.

Apparently every other caller except IPR uses the standard
scsi_scan_target() interface, which does have this extra get_device(), I
can't think how it got left off the __scsi_add_device path ... well,
except that it wouldn't show up during testing.

I suppose someone should look at converting ipr to scsi_scan_target()
and we can eliminate this API (the only difference is that
scsi_add_device returns the actual device, but ipr never uses this...)

In the meantime, I'll put this in rc fixes.

Thanks,

James



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2005-06-03 14:14 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-06-02 22:15 [PATCH] fix slab corruption during ipr probe Nathan Lynch
2005-06-03 14:14 ` James Bottomley

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox