via sata oops on init

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* via sata oops on init
@ 2006-07-28 23:39 Dave Jones
  2006-07-29 14:45 ` Johannes Weiner
  0 siblings, 1 reply; 6+ messages in thread
From: Dave Jones @ 2006-07-28 23:39 UTC (permalink / raw)
  To: Linux Kernel

2.6.18-rc2-git6

BUG: unable to handle kernel NULL pointer dereference at 00000000
EIP is at make_class_name+0x27
eax: 00000000 ebx: ffffffff ecx: ffffffff edx: 00000009
esi: f8d16cc2 edi: 00000000 ebp: f7fa9d3c esp: f7fa9d2c

Call Trace:
class_device_del+0xac
class_device_unregister
scsi_remove_host
ata_host_remove
ata_device_add
svia_init_one
pci_device_probe
driver_probe_device
__driver_attach
bus_for_each_dev
driver_attach
bus_add_driver
driver_register
__pci_register_driver
svia_init
sys_init_module
syscall_call


		Dave

-- 
http://www.codemonkey.org.uk

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: via sata oops on init
  2006-07-28 23:39 via sata oops on init Dave Jones
@ 2006-07-29 14:45 ` Johannes Weiner
  2006-07-29 16:41   ` Dave Jones
  0 siblings, 1 reply; 6+ messages in thread
From: Johannes Weiner @ 2006-07-29 14:45 UTC (permalink / raw)
  To: Linux Kernel

Hi,

On Fri, Jul 28, 2006 at 07:39:50PM -0400, Dave Jones wrote:
> 2.6.18-rc2-git6
> 
> BUG: unable to handle kernel NULL pointer dereference at 00000000
> EIP is at make_class_name+0x27
> eax: 00000000 ebx: ffffffff ecx: ffffffff edx: 00000009
> esi: f8d16cc2 edi: 00000000 ebp: f7fa9d3c esp: f7fa9d2c
> 
> Call Trace:
> class_device_del+0xac
> class_device_unregister
> scsi_remove_host
> ata_host_remove
> ata_device_add

I think the problem lays in scsi/libata-core.c:5423 in
torvalds/linux-2.6 v2.6.18-rc2-g6482132, stating:

[...]
struct ata_host_set *host_set = kzalloc(...);
[...]

Initialization of some structure members, but not ports(!)

for (...) {
	struct ata_port *ap;

	ap = ata_host_add(ent, host_set, i);
	if (!ap)
		goto err_out;
	
	host_set->ports[i] = ap;

err_out:
	for (i = 0; i < count; i++) {
		ata_host_remove(host_set->ports[i], 1);
[...]

ata_device_add fails, calls ata_host_remove with pointers to unitialized
memory.

Hannes

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: via sata oops on init
  2006-07-29 14:45 ` Johannes Weiner
@ 2006-07-29 16:41   ` Dave Jones
  2006-07-29 17:04     ` Johannes Weiner
  0 siblings, 1 reply; 6+ messages in thread
From: Dave Jones @ 2006-07-29 16:41 UTC (permalink / raw)
  To: Linux Kernel

On Sat, Jul 29, 2006 at 04:45:28PM +0200, Johannes Weiner wrote:

 >  ..
 > ata_device_add fails, calls ata_host_remove with pointers to unitialized
 > memory.

This should do it.  Jeff?

Fix reference of uninitialised memory in ata_device_add()

Signed-off-by: Dave Jones <davej@redhat.com>

--- linux-2.6/drivers/scsi/libata-core.c~	2006-07-29 12:35:32.000000000 -0400
+++ linux-2.6/drivers/scsi/libata-core.c	2006-07-29 12:39:08.000000000 -0400
@@ -5419,10 +5419,10 @@ int ata_device_add(const struct ata_prob
 		unsigned long xfer_mode_mask;
 
 		ap = ata_host_add(ent, host_set, i);
+		host_set->ports[i] = ap;
 		if (!ap)
 			goto err_out;
 
-		host_set->ports[i] = ap;
 		xfer_mode_mask =(ap->udma_mask << ATA_SHIFT_UDMA) |
 				(ap->mwdma_mask << ATA_SHIFT_MWDMA) |
 				(ap->pio_mask << ATA_SHIFT_PIO);
@@ -5532,6 +5532,8 @@ int ata_device_add(const struct ata_prob
 
 err_out:
 	for (i = 0; i < count; i++) {
+		if (!host_set->ports[i])
+			break;
 		ata_host_remove(host_set->ports[i], 1);
 		scsi_host_put(host_set->ports[i]->host);
 	}

-- 
http://www.codemonkey.org.uk

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: via sata oops on init
  2006-07-29 16:41   ` Dave Jones
@ 2006-07-29 17:04     ` Johannes Weiner
  2006-07-29 17:10       ` Dave Jones
  0 siblings, 1 reply; 6+ messages in thread
From: Johannes Weiner @ 2006-07-29 17:04 UTC (permalink / raw)
  To: Linux Kernel

[-- Attachment #1: Type: text/plain, Size: 957 bytes --]

Hi,

On Sat, Jul 29, 2006 at 12:41:15PM -0400, Dave Jones wrote:
> --- linux-2.6/drivers/scsi/libata-core.c~	2006-07-29 12:35:32.000000000 -0400
> +++ linux-2.6/drivers/scsi/libata-core.c	2006-07-29 12:39:08.000000000 -0400
> @@ -5419,10 +5419,10 @@ int ata_device_add(const struct ata_prob
>  		unsigned long xfer_mode_mask;
>  
>  		ap = ata_host_add(ent, host_set, i);
> +		host_set->ports[i] = ap;
>  		if (!ap)
>  			goto err_out;
>  
> -		host_set->ports[i] = ap;
>  		xfer_mode_mask =(ap->udma_mask << ATA_SHIFT_UDMA) |
>  				(ap->mwdma_mask << ATA_SHIFT_MWDMA) |
>  				(ap->pio_mask << ATA_SHIFT_PIO);
> @@ -5532,6 +5532,8 @@ int ata_device_add(const struct ata_prob
>  
>  err_out:
>  	for (i = 0; i < count; i++) {
> +		if (!host_set->ports[i])
> +			break;
>  		ata_host_remove(host_set->ports[i], 1);
>  		scsi_host_put(host_set->ports[i]->host);
>  	}

You jump into loop just to skip it.

Signed-off-by: Johannes Weiner <hanzfoo@gmail.com>


[-- Attachment #2: libata-core.goto.patch --]
[-- Type: text/plain, Size: 408 bytes --]

diff --git a/drivers/scsi/libata-core.c b/drivers/scsi/libata-core.c
index 386e5f2..064ee85 100644
--- a/drivers/scsi/libata-core.c
+++ b/drivers/scsi/libata-core.c
@@ -5420,7 +5420,7 @@ int ata_device_add(const struct ata_prob
 
 		ap = ata_host_add(ent, host_set, i);
 		if (!ap)
-			goto err_out;
+			goto err_free_ret;
 
 		host_set->ports[i] = ap;
 		xfer_mode_mask =(ap->udma_mask << ATA_SHIFT_UDMA) |

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: via sata oops on init
  2006-07-29 17:04     ` Johannes Weiner
@ 2006-07-29 17:10       ` Dave Jones
  2006-07-29 19:30         ` Johannes Weiner
  0 siblings, 1 reply; 6+ messages in thread
From: Dave Jones @ 2006-07-29 17:10 UTC (permalink / raw)
  To: Linux Kernel

On Sat, Jul 29, 2006 at 07:04:02PM +0200, Johannes Weiner wrote:

 > You jump into loop just to skip it.

You have to. Look at the allocation again. It's in a loop.
The first of which may have succeeded.  Your patch will introduce
a memory leak.

		Dave

 > diff --git a/drivers/scsi/libata-core.c b/drivers/scsi/libata-core.c
 > index 386e5f2..064ee85 100644
 > --- a/drivers/scsi/libata-core.c
 > +++ b/drivers/scsi/libata-core.c
 > @@ -5420,7 +5420,7 @@ int ata_device_add(const struct ata_prob
 >  
 >  		ap = ata_host_add(ent, host_set, i);
 >  		if (!ap)
 > -			goto err_out;
 > +			goto err_free_ret;
 >  
 >  		host_set->ports[i] = ap;
 >  		xfer_mode_mask =(ap->udma_mask << ATA_SHIFT_UDMA) |



-- 
http://www.codemonkey.org.uk

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: via sata oops on init
  2006-07-29 17:10       ` Dave Jones
@ 2006-07-29 19:30         ` Johannes Weiner
  0 siblings, 0 replies; 6+ messages in thread
From: Johannes Weiner @ 2006-07-29 19:30 UTC (permalink / raw)
  To: Linux Kernel

Hi,

On Sat, Jul 29, 2006 at 01:10:44PM -0400, Dave Jones wrote:
> You have to. Look at the allocation again. It's in a loop.
> The first of which may have succeeded.  Your patch will introduce
> a memory leak.

Holy crap! Yeah, I see it. Thanks :)

Hannes

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2006-07-29 19:31 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-07-28 23:39 via sata oops on init Dave Jones
2006-07-29 14:45 ` Johannes Weiner
2006-07-29 16:41   ` Dave Jones
2006-07-29 17:04     ` Johannes Weiner
2006-07-29 17:10       ` Dave Jones
2006-07-29 19:30         ` Johannes Weiner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox