bug in IBM ServeRAID driver?

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* bug in IBM ServeRAID driver?
@ 2002-01-03 19:51 petter wahlman
  2002-01-03 20:06 ` Jens Axboe
  0 siblings, 1 reply; 3+ messages in thread
From: petter wahlman @ 2002-01-03 19:51 UTC (permalink / raw)
  To: linux-kernel; +Cc: ipslinux


While looking through linux-2.4.18pre1/drivers/scsi/ips.c I noticed that
a spin_lock_irq is held while doing a possibly blocking operation.
Can't this code livelock on SMP if datasize is set?

linux-2.4.18pre1/drivers/scsi/ips.c

   1778       /* reobtain the lock */
   1779       spin_lock_irq(&io_request_lock);
   1780
   1781       /* command finished -- copy back */
   1782       user_area = *((char **) &SC->cmnd[4]);
   1783       kern_area = ha->ioctl_data;
   1784       datasize = *((u_int32_t *) &SC->cmnd[8]);
   1785
   1786       if (datasize) {
   1787          if (copy_to_user(user_area, kern_area, datasize) > 0) {
   1788             DEBUG_VAR(1, "(%s%d) passthru failed - unable to
copy out user data",
   1789                       ips_name, ha->host_num);


I am not subscribed to this list, so please CC me.


Petter Wahlman


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: bug in IBM ServeRAID driver?
  2002-01-03 19:51 bug in IBM ServeRAID driver? petter wahlman
@ 2002-01-03 20:06 ` Jens Axboe
  0 siblings, 0 replies; 3+ messages in thread
From: Jens Axboe @ 2002-01-03 20:06 UTC (permalink / raw)
  To: petter wahlman; +Cc: linux-kernel, ipslinux

On Thu, Jan 03 2002, petter wahlman wrote:
> 
> While looking through linux-2.4.18pre1/drivers/scsi/ips.c I noticed that
> a spin_lock_irq is held while doing a possibly blocking operation.
> Can't this code livelock on SMP if datasize is set?
> 
> linux-2.4.18pre1/drivers/scsi/ips.c
> 
>    1778       /* reobtain the lock */
>    1779       spin_lock_irq(&io_request_lock);
>    1780
>    1781       /* command finished -- copy back */
>    1782       user_area = *((char **) &SC->cmnd[4]);
>    1783       kern_area = ha->ioctl_data;
>    1784       datasize = *((u_int32_t *) &SC->cmnd[8]);
>    1785
>    1786       if (datasize) {
>    1787          if (copy_to_user(user_area, kern_area, datasize) > 0) {
>    1788             DEBUG_VAR(1, "(%s%d) passthru failed - unable to
> copy out user data",
>    1789                       ips_name, ha->host_num);
> 
> 
> I am not subscribed to this list, so please CC me.

Yup, that's surely a nasty bug.

-- 
Jens Axboe


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: bug in IBM ServeRAID driver?
@ 2002-01-07 13:02 ServeRAID For Linux
  0 siblings, 0 replies; 3+ messages in thread
From: ServeRAID For Linux @ 2002-01-07 13:02 UTC (permalink / raw)
  To: Jens Axboe; +Cc: linux-kernel, petter wahlman

Sorry for the delayed response.   We have been snow-bound and shut-down
here for several days.   We will address this immediately.   Thanks for
bringing it to our attention.




                                                                                                 
                    Jens Axboe                                                                   
                    <axboe@suse.de       To:     petter wahlman <petter@bluezone.no>             
                    >                    cc:     linux-kernel@vger.kernel.org, ServeRAID For     
                                          Linux/Raleigh/IBM@IBMUS                                
                    01/03/2002           Subject:     Re: bug in IBM ServeRAID driver?           
                    03:06 PM                                                                     
                                                                                                 
                                                                                                 



On Thu, Jan 03 2002, petter wahlman wrote:
>
> While looking through linux-2.4.18pre1/drivers/scsi/ips.c I noticed that
> a spin_lock_irq is held while doing a possibly blocking operation.
> Can't this code livelock on SMP if datasize is set?
>
> linux-2.4.18pre1/drivers/scsi/ips.c
>
>    1778       /* reobtain the lock */
>    1779       spin_lock_irq(&io_request_lock);
>    1780
>    1781       /* command finished -- copy back */
>    1782       user_area = *((char **) &SC->cmnd[4]);
>    1783       kern_area = ha->ioctl_data;
>    1784       datasize = *((u_int32_t *) &SC->cmnd[8]);
>    1785
>    1786       if (datasize) {
>    1787          if (copy_to_user(user_area, kern_area, datasize) > 0) {
>    1788             DEBUG_VAR(1, "(%s%d) passthru failed - unable to
> copy out user data",
>    1789                       ips_name, ha->host_num);
>
>
> I am not subscribed to this list, so please CC me.

Yup, that's surely a nasty bug.

--
Jens Axboe





^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2002-01-07 13:03 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-01-03 19:51 bug in IBM ServeRAID driver? petter wahlman
2002-01-03 20:06 ` Jens Axboe
  -- strict thread matches above, loose matches on Subject: below --
2002-01-07 13:02 ServeRAID For Linux

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox