Re: [PATCH] [SCSI] megaraid_sas: Sanity check user supplied length before passing it to dma_alloc_coherent()

public inbox for linux-scsi@vger.kernel.org
 help / color / mirror / Atom feed

From: "Bjørn Mork" <bjorn@mork.no>
To: "Yang, Bo" <Bo.Yang@lsi.com>
Cc: linux-scsi@vger.kernel.org,
	DL-MegaRAID Linux <megaraidlinux@lsi.com>,
	"James E.J. Bottomley" <James.Bottomley@suse.de>
Subject: Re: [PATCH] [SCSI] megaraid_sas: Sanity check user supplied length before passing it to dma_alloc_coherent()
Date: Wed, 19 Jan 2011 07:33:56 +0100	[thread overview]
Message-ID: <87tyh52yi3.fsf@nemi.mork.no> (raw)
In-Reply-To: <4B6A08C587958942AA3002690DD4F8C30106FA7846@cosmail02.lsi.com> (Bo Yang's message of "Tue, 18 Jan 2011 19:07:59 -0700")

"Yang, Bo" <Bo.Yang@lsi.com> writes:

> If you are using megasas ioctl routine to develop your owner
> application, the best way you may need to contact with LSI for the
> tech support.

???

Thanks for answering, but I'm afraid I don't understand.  You don't fix
bugs in the driver because you don't support the application used to
trigger it?

The application in question is smartctl which is part of
http://smartmontools.sourceforge.net and AFAIK included with most (all?)
Linux distributions.  The action required to trigger the driver bug is
attempting to initiate a SMART device self test.


Quoting from the Debian bug report http://bugs.debian.org/604627 :

 calling 'smartctl -d megaraid,0 /dev/sda -t short' gives:

 smartctl 5.40 2010-07-12 r3124 [x86_64-unknown-linux-gnu] (local build)
 Copyright (C) 2002-10 by Bruce Allen, http://smartmontools.sourceforge.net
 Short offline self test failed [Cannot allocate memory]
 megasas: Failed to alloc kernel SGL buffer for IOCTL


Another user reported the same issue on the linux-ide list:
http://marc.info/?l=linux-ide&m=128941801715301
with the following backtrace:

[   69.162393] ------------[ cut here ]------------
[   69.162404] WARNING: at /build/buildd/linux-2.6.32/mm/page_alloc.c:1806 \
__alloc_pages_slowpath+0x43b/0x580() [   69.162407] Hardware name: X8DTN
[   69.162409] Modules linked in: fbcon tileblit font bitblit softcursor vga16fb \
vgastate ioatdma radeon ttm drm_kms_helper shpchp drm i2c_algo_bit lp parport floppy \
pata_jmicron megaraid_sas igb dca [   69.162429] Pid: 1206, comm: smartctl Not \
tainted 2.6.32-25-server #45-Ubuntu [   69.162432] Call Trace:
[   69.162439]  [<ffffffff81065f3b>] warn_slowpath_common+0x7b/0xc0
[   69.162443]  [<ffffffff81065f94>] warn_slowpath_null+0x14/0x20
[   69.162447]  [<ffffffff810f98fb>] __alloc_pages_slowpath+0x43b/0x580
[   69.162454]  [<ffffffff8101078c>] ? __switch_to+0x1ac/0x320
[   69.162459]  [<ffffffff81057850>] ? finish_task_switch+0x50/0xe0
[   69.162463]  [<ffffffff810f9bb1>] __alloc_pages_nodemask+0x171/0x180
[   69.162468]  [<ffffffff81017536>] dma_generic_alloc_coherent+0xa6/0x160
[   69.162475]  [<ffffffff81038b01>] x86_swiotlb_alloc_coherent+0x31/0x70
[   69.162482]  [<ffffffffa002d0ce>] megasas_mgmt_fw_ioctl+0x1ae/0x690 [megaraid_sas]
[   69.162488]  [<ffffffffa002d748>] megasas_mgmt_ioctl_fw+0x198/0x240 [megaraid_sas]
[   69.162494]  [<ffffffffa002f695>] megasas_mgmt_ioctl+0x35/0x50 [megaraid_sas]
[   69.162500]  [<ffffffff81153b12>] vfs_ioctl+0x22/0xa0
[   69.162505]  [<ffffffff8115da2a>] ? alloc_fd+0x10a/0x150
[   69.162509]  [<ffffffff81153cb1>] do_vfs_ioctl+0x81/0x410
[   69.162515]  [<ffffffff8155cc13>] ? do_page_fault+0x153/0x3b0
[   69.162518]  [<ffffffff811540c1>] sys_ioctl+0x81/0xa0
[   69.162523]  [<ffffffff810121b2>] system_call_fastpath+0x16/0x1b
[   69.162526] ---[ end trace 6a2181b634e2abc6 ]---
[   69.162538] ------------[ cut here ]------------
[   69.162806] kernel BUG at /build/buildd/linux-2.6.32/lib/swiotlb.c:368!
[   69.163134] invalid opcode: 0000 [#1] SMP
[   69.163570] last sysfs file: \
/sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map [   69.163975] CPU 0
[   69.164227] Modules linked in: fbcon tileblit font bitblit softcursor vga16fb \
vgastate ioatdma radeon ttm drm_kms_helper shpchp drm i2c_algo_bit lp parport floppy \
pata_jmicron megaraid_sas igb dca [   69.167419] Pid: 1206, comm: smartctl Tainted: G \
W  2.6.32-25-server #45-Ubuntu X8DTN [   69.167843] RIP: 0010:[<ffffffff812c4dc5>]  \
[<ffffffff812c4dc5>] map_single+0x255/0x260 [   69.168370] RSP: 0018:ffff88081c0ebc58 \
EFLAGS: 00010246 [   69.168655] RAX: 000000000003bffc RBX: 00000000ffffffff RCX: \
0000000000000002 [   69.169000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: \
ffff88001dffe000 [   69.169346] RBP: ffff88081c0ebcb8 R08: 0000000000000000 R09: \
ffff880000030840 [   69.169691] R10: 0000000000100000 R11: 0000000000000000 R12: \
0000000000000000 [   69.170036] R13: 00000000ffffffff R14: 0000000000000001 R15: \
0000000000200000 [   69.170382] FS:  00007fb8de189720(0000) GS:ffff88001de00000(0000) \
knlGS:0000000000000000 [   69.170794] CS:  0010 DS: 0000 ES: 0000 CR0: \
0000000080050033 [   69.171094] CR2: 00007fb8dd59237c CR3: 000000081a790000 CR4: \
00000000000006f0 [   69.171439] DR0: 0000000000000000 DR1: 0000000000000000 DR2: \
0000000000000000 [   69.171784] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: \
0000000000000400 [   69.172130] Process smartctl (pid: 1206, threadinfo \
ffff88081c0ea000, task ffff88081a760000) [   69.194513] Stack:
[   69.205788]  0000000000000034 00000002817e3390 0000000000000000 ffff88081c0ebe00
[   69.217739] <0> 0000000000000000 000000000003bffc 0000000000000000 \
0000000000000000 [   69.241250] <0> 0000000000000000 00000000ffffffff \
ffff88081c5b4080 ffff88081c0ebe00 [   69.277310] Call Trace:
[   69.289278]  [<ffffffff812c52ac>] swiotlb_alloc_coherent+0xec/0x130
[   69.301118]  [<ffffffff81038b31>] x86_swiotlb_alloc_coherent+0x61/0x70
[   69.313045]  [<ffffffffa002d0ce>] megasas_mgmt_fw_ioctl+0x1ae/0x690 [megaraid_sas]
[   69.336399]  [<ffffffffa002d748>] megasas_mgmt_ioctl_fw+0x198/0x240 [megaraid_sas]
[   69.359346]  [<ffffffffa002f695>] megasas_mgmt_ioctl+0x35/0x50 [megaraid_sas]
[   69.370902]  [<ffffffff81153b12>] vfs_ioctl+0x22/0xa0
[   69.382322]  [<ffffffff8115da2a>] ? alloc_fd+0x10a/0x150
[   69.393622]  [<ffffffff81153cb1>] do_vfs_ioctl+0x81/0x410
[   69.404696]  [<ffffffff8155cc13>] ? do_page_fault+0x153/0x3b0
[   69.415761]  [<ffffffff811540c1>] sys_ioctl+0x81/0xa0
[   69.426640]  [<ffffffff810121b2>] system_call_fastpath+0x16/0x1b
[   69.437491] Code: fe ff ff 48 8b 3d 74 38 76 00 41 bf 00 00 20 00 e8 51 f5 d7 ff \
83 e0 ff 48 05 ff 07 00 00 48 c1 e8 0b 48 89 45 c8 e9 13 fe ff ff <0f> 0b eb fe 0f 1f \
80 00 00 00 00 55 48 89 e5 48 83 ec 20 4c 89 [   69.478216] RIP  [<ffffffff812c4dc5>] \
map_single+0x255/0x260 [   69.489668]  RSP <ffff88081c0ebc58>
[   69.500975] ---[ end trace 6a2181b634e2abc7 ]---


Both users have confirmed that the patch fixes their problem. One could
of course imagine a workaround in the smartctl application so that it
never sent requests with a zero iov_len, but I still believe that
actually fixing the driver to handle such requests is better.

No?




Bjørn
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2011-01-19  6:52 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <4CDAD4A4.1080205@ngs.ru>
2010-11-11 18:02 ` [PATCH] [SCSI] megaraid_sas: Sanity check user supplied length before passing it to dma_alloc_coherent() Bjørn Mork
2010-12-03 14:37   ` Bjørn Mork
2011-01-18 21:46     ` Bjørn Mork
     [not found]       ` <4B6A08C587958942AA3002690DD4F8C30106FA7846@cosmail02.lsi.com>
2011-01-19  6:33         ` Bjørn Mork [this message]
2011-01-19  8:12           ` FUJITA Tomonori
2011-01-19  8:56             ` Bjørn Mork
2011-01-19  9:01               ` [PATCH v3] " Bjørn Mork
2011-01-20  0:20           ` [PATCH] " Benz, Michael
2011-01-20  2:39             ` FUJITA Tomonori

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87tyh52yi3.fsf@nemi.mork.no \
    --to=bjorn@mork.no \
    --cc=Bo.Yang@lsi.com \
    --cc=James.Bottomley@suse.de \
    --cc=linux-scsi@vger.kernel.org \
    --cc=megaraidlinux@lsi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox