From: Daniel Debonzi <debonzi@linux.vnet.ibm.com>
To: linux-scsi@vger.kernel.org
Subject: scsi_host_alloc does not check for used shost->host_no
Date: Fri, 11 Jul 2008 10:19:09 -0300 [thread overview]
Message-ID: <48775DCD.5010202@linux.vnet.ibm.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1173 bytes --]
Hi everyone,
First of all, it is the first time I am sending something to one of the
kernel mail lists. So, if it is not the right place for that, if it is
not the only place for that, or I am doing something wrong, or wherever,
please, just let me know.
After a good time investigating why modprobe/rmmod pata_pdc2027x lots of
times was driven to a kernel panic I found out that the problem was on
scsi host layer (if I can call it like this).
In a brief explanation, every time a scsi host is allocated a shost
structure get an host_no attribute assigned an as far as I can see it
should be unique. The point is that this host_no value comes from a
variable that is incremented every time a scsi host is allocated and in
a first moment, we will not have two shost structs with the same
host_no. But for instance, when this always incremented variable
overflows, it does not work anymore and it can happen to have to
different shost structures with the same host_no.
I made a patch that solves the problem in a very simple way, but I don't
know how acceptable it is. I am sending it in attachment and any
feedback will be welcome.
Thanks
Daniel Debonzi
[-- Attachment #2: scsi_host_no_verify.diff --]
[-- Type: text/x-diff, Size: 1047 bytes --]
diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c
index c6457bf..2e191f4 100644
--- a/drivers/scsi/hosts.c
+++ b/drivers/scsi/hosts.c
@@ -310,7 +310,7 @@ struct device_type scsi_host_type = {
**/
struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize)
{
- struct Scsi_Host *shost;
+ struct Scsi_Host *shost, *tmp_shost;
gfp_t gfp_mask = GFP_KERNEL;
int rval;
@@ -332,7 +332,18 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize)
mutex_init(&shost->scan_mutex);
+ /*
+ * Look if host_no is not been used somewhere else. Is is used to
+ * happen when scsi_host_next_hn overflows and goes back to 0.
+ */
+ host_no_already_exists:
shost->host_no = scsi_host_next_hn++; /* XXX(hch): still racy */
+ if(!IS_ERR(tmp_shost = scsi_host_lookup(shost->host_no)))
+ {
+ scsi_host_put(tmp_shost);
+ goto host_no_already_exists;
+ }
+
shost->dma_channel = 0xff;
/* These three are default values which can be overridden */
next reply other threads:[~2008-07-11 13:19 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-11 13:19 Daniel Debonzi [this message]
2008-07-15 20:16 ` scsi_host_alloc does not check for used shost->host_no Brian King
2008-07-15 20:25 ` Matthew Wilcox
2008-07-15 20:31 ` Brian King
2008-07-15 20:54 ` [PATCH] Make host_no an unsigned int Matthew Wilcox
2008-07-15 20:34 ` scsi_host_alloc does not check for used shost->host_no James Bottomley
2008-07-15 21:39 ` Daniel Debonzi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48775DCD.5010202@linux.vnet.ibm.com \
--to=debonzi@linux.vnet.ibm.com \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox