From: Hannes Reinecke <hare@suse.de>
To: Wei Fang <fangwei1@huawei.com>,
tj@kernel.org, jejb@linux.vnet.ibm.com,
martin.petersen@oracle.com
Cc: linux-scsi@vger.kernel.org
Subject: Re: [PATCH] scsi:libsas: fix oops caused by assigning a freed task to ->lldd_task
Date: Wed, 6 Jul 2016 10:24:47 +0200 [thread overview]
Message-ID: <577CC04F.50508@suse.de> (raw)
In-Reply-To: <1467793724-21815-1-git-send-email-fangwei1@huawei.com>
On 07/06/2016 10:28 AM, Wei Fang wrote:
> A freed task has been assigned to ->lldd_task when lldd_execute_task()
> failed in sas_ata_qc_issue(), and access of ->lldd_task will cause
> an oops:
>
> Call trace:
> [<ffffffc000641f64>] sas_ata_post_internal+0x6c/0x150
> [<ffffffc0006c0d64>] ata_exec_internal_sg+0x32c/0x588
> [<ffffffc0006c1048>] ata_exec_internal+0x88/0xe8
> [<ffffffc0006c13b4>] ata_dev_read_id+0x204/0x5e0
> [<ffffffc0006c17f0>] ata_dev_reread_id+0x60/0xc8
> [<ffffffc0006c3098>] ata_dev_revalidate+0x88/0x1e0
> [<ffffffc0006cf828>] ata_eh_recover+0xcf8/0x13a8
> [<ffffffc0006d075c>] ata_do_eh+0x5c/0xe0
> [<ffffffc0006d0828>] ata_std_error_handler+0x48/0x98
> [<ffffffc0006d042c>] ata_scsi_port_error_handler+0x474/0x658
> [<ffffffc000641b78>] async_sas_ata_eh+0x50/0x80
> [<ffffffc0000ca664>] async_run_entry_fn+0x64/0x180
> [<ffffffc0000c085c>] process_one_work+0x164/0x438
> [<ffffffc0000c0c74>] worker_thread+0x144/0x4b0
> [<ffffffc0000c70fc>] kthread+0xfc/0x110
>
> Fix this by reassigning NULL to ->lldd_task in error path.
>
> Signed-off-by: Wei Fang <fangwei1@huawei.com>
> ---
> drivers/scsi/libsas/sas_ata.c | 1 +
> 1 files changed, 1 insertions(+), 0 deletions(-)
>
> diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
> index 935c430..33c7c66 100644
> --- a/drivers/scsi/libsas/sas_ata.c
> +++ b/drivers/scsi/libsas/sas_ata.c
> @@ -253,6 +253,7 @@ static unsigned int sas_ata_qc_issue(struct ata_queued_cmd *qc)
> if (qc->scsicmd)
> ASSIGN_SAS_TASK(qc->scsicmd, NULL);
> sas_free_task(task);
> + qc->lldd_task = task;
> ret = AC_ERR_SYSTEM;
> }
>
>
Errm.
This is most definitely wrong.
Sure you mean
qc->lldd_task = NULL;
in that line?
Cheers,
Hannes
--
Dr. Hannes Reinecke Teamlead Storage & Networking
hare@suse.de +49 911 74053 688
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: F. Imendörffer, J. Smithard, J. Guild, D. Upmanyu, G. Norton
HRB 21284 (AG Nürnberg)
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2016-07-06 8:24 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-06 8:28 [PATCH] scsi:libsas: fix oops caused by assigning a freed task to ->lldd_task Wei Fang
2016-07-06 8:24 ` Hannes Reinecke [this message]
2016-07-06 8:47 ` Wei Fang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=577CC04F.50508@suse.de \
--to=hare@suse.de \
--cc=fangwei1@huawei.com \
--cc=jejb@linux.vnet.ibm.com \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox