From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: stable-review@kernel.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
James Bottomley <James.Bottomley@suse.de>
Subject: [patch 06/45] SCSI: fix oops during scsi scanning
Date: Wed, 16 Sep 2009 15:36:19 -0700 [thread overview]
Message-ID: <20090916223714.118636080@mini.kroah.org> (raw)
In-Reply-To: <20090916223739.GA4789@kroah.com>
[-- Attachment #1: scsi-fix-oops-during-scsi-scanning.patch --]
[-- Type: text/plain, Size: 5901 bytes --]
2.6.31-stable review patch. If anyone has any objections, please let us know.
------------------
From: James Bottomley <James.Bottomley@suse.de>
commit ea038f63ac52439e7816295fa6064fe95e6c1f51 upstream.
Chris Webb reported:
p0# uname -a
Linux f7ea8425-d45b-490f-a738-d181d0df6963.host.elastichosts.com 2.6.30.4-elastic-lon-p #2 SMP PREEMPT Thu Aug 20 14:30:50 BST 2009 x86_64 Intel(R) Xeon(R) CPU E5420 @ 2.50GHz GenuineIntel GNU/Linux
p0# zgrep SCAN_ASYNC /proc/config.gz
# CONFIG_SCSI_SCAN_ASYNC is not set
p0# cat /var/log/kern/2009-08-20
[...]
15:27:10.485 kernel: scsi9 : iSCSI Initiator over TCP/IP
15:27:11.493 kernel: scsi 9:0:0:0: RAID IET Controller 0001 PQ: 0 ANSI: 5
15:27:11.493 kernel: scsi 9:0:0:0: Attached scsi generic sg6 type 12
15:27:11.495 kernel: scsi 9:0:0:1: Direct-Access IET VIRTUAL-DISK 0001 PQ: 0 ANSI: 5
15:27:11.495 kernel: sd 9:0:0:1: Attached scsi generic sg7 type 0
15:27:11.495 kernel: sd 9:0:0:1: [sdg] 4194304 512-byte hardware sectors: (2.14 GB/2.00 GiB)
15:27:11.495 kernel: sd 9:0:0:1: [sdg] Write Protect is off
15:27:11.495 kernel: sd 9:0:0:1: [sdg] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
15:27:13.012 kernel: sdg:<6>scsi 9:0:0:1: [sdg] Unhandled error code
15:27:13.012 kernel: scsi 9:0:0:1: [sdg] Result: hostbyte=0x07 driverbyte=0x00
15:27:13.012 kernel: end_request: I/O error, dev sdg, sector 0
15:27:13.012 kernel: Buffer I/O error on device sdg, logical block 0
15:27:13.012 kernel: ldm_validate_partition_table(): Disk read failed.
15:27:13.012 kernel: unable to read partition table
15:27:13.014 kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
15:27:13.014 kernel: IP: [<ffffffff803f0d77>] disk_part_iter_next+0x74/0xfd
15:27:13.014 kernel: PGD 82ad0b067 PUD 82cd7e067 PMD 0
15:27:13.014 kernel: Oops: 0000 [#1] PREEMPT SMP
15:27:13.014 kernel: last sysfs file: /sys/devices/platform/host9/session4/iscsi_session/session4/ifacename
15:27:13.014 kernel: CPU 5
15:27:13.014 kernel: Modules linked in:
15:27:13.014 kernel: Pid: 13999, comm: async/0 Not tainted 2.6.30.4-elastic-lon-p #2 X7DBN
15:27:13.014 kernel: RIP: 0010:[<ffffffff803f0d77>] [<ffffffff803f0d77>] disk_part_iter_next+0x74/0xfd
15:27:13.014 kernel: RSP: 0018:ffff88066afa3dd0 EFLAGS: 00010246
15:27:13.014 kernel: RAX: ffff88082b58a000 RBX: ffff88066afa3e00 RCX: 0000000000000000
15:27:13.014 kernel: RDX: 0000000000000000 RSI: ffff88082b58a000 RDI: 0000000000000000
15:27:13.014 kernel: RBP: ffff88066afa3df0 R08: ffff88066afa2000 R09: ffff8806a204f000
15:27:13.014 kernel: R10: 000000fb12c7d274 R11: ffff8806c2bf0628 R12: ffff88066afa3e00
15:27:13.014 kernel: R13: ffff88082c829a00 R14: 0000000000000000 R15: ffff8806bc50c920
15:27:13.014 kernel: FS: 0000000000000000(0000) GS:ffff88002818a000(0000) knlGS:0000000000000000
15:27:13.014 kernel: CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
15:27:13.014 kernel: CR2: 0000000000000010 CR3: 000000082ade3000 CR4: 00000000000426e0
15:27:13.014 kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
15:27:13.014 kernel: DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
15:27:13.014 kernel: Process async/0 (pid: 13999, threadinfo ffff88066afa2000, task ffff8806c2bf05e0)
15:27:13.014 kernel: Stack:
15:27:13.014 kernel: 0000000000000000 ffff88066afa3e00 ffff88066afa3e00 ffff88082c829a00
15:27:13.014 kernel: ffff88066afa3e40 ffffffff80306feb ffff88082b58a000 0000000000000000
15:27:13.014 kernel: 0000000000000001 ffff8806bc50c920 ffff88066afa3e40 ffff88082b58a000
15:27:13.014 kernel: Call Trace:
15:27:13.014 kernel: [<ffffffff80306feb>] register_disk+0x122/0x13a
15:27:13.014 kernel: [<ffffffff803f0b0f>] add_disk+0xaa/0x106
15:27:13.014 kernel: [<ffffffff80493609>] sd_probe_async+0x198/0x25b
15:27:13.014 kernel: [<ffffffff80270482>] async_thread+0x10c/0x20d
15:27:13.014 kernel: [<ffffffff802545ff>] ? default_wake_function+0x0/0xf
15:27:13.014 kernel: [<ffffffff80270376>] ? async_thread+0x0/0x20d
15:27:13.014 kernel: [<ffffffff8026ad89>] kthread+0x55/0x80
15:27:13.014 kernel: [<ffffffff8022be6a>] child_rip+0xa/0x20
15:27:13.014 kernel: [<ffffffff8026ad34>] ? kthread+0x0/0x80
15:27:13.014 kernel: [<ffffffff8022be60>] ? child_rip+0x0/0x20
15:27:13.014 kernel: Code: c8 ff 80 e1 0c b9 00 00 00 00 0f 44 c1 41 83 cd ff 48 8d 7a 20 48 be ff ff ff ff 08 00 00 00 48 b9 00 00 00 00 08 00 00 00 eb 50 <8b> 42 10 41 bd 01 00 00 00 eb db 4c 63 c2 4e 8d 04 c7 4d 8b 20
15:27:13.015 kernel: RIP [<ffffffff803f0d77>] disk_part_iter_next+0x74/0xfd
15:27:13.015 kernel: RSP <ffff88066afa3dd0>
15:27:13.015 kernel: CR2: 0000000000000010
15:27:13.015 kernel: ---[ end trace 6104b56ef5590e25 ]---
The problem is caused because the async scanning split in sd.c doesn't hold
any reference to the device when it kicks off the async piece. What's
happening is that an iSCSI disconnect is destorying the device again *before*
the async sd scanning thread even starts. Fix this by taking a reference
before starting the thread and dropping it again when the thread completes.
Reported-by: Chris Webb <chris@arachsys.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/scsi/sd.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -2021,6 +2021,7 @@ static void sd_probe_async(void *data, a
sd_printk(KERN_NOTICE, sdkp, "Attached SCSI %sdisk\n",
sdp->removable ? "removable " : "");
+ put_device(&sdkp->dev);
}
/**
@@ -2106,6 +2107,7 @@ static int sd_probe(struct device *dev)
get_device(&sdp->sdev_gendev);
+ get_device(&sdkp->dev); /* prevent release before async_schedule */
async_schedule(sd_probe_async, sdkp);
return 0;
next prev parent reply other threads:[~2009-09-16 22:47 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090916223613.597295240@mini.kroah.org>
2009-09-16 22:37 ` [patch 00/45] 2.6.31.1-stable review Greg KH
2009-09-16 22:36 ` [patch 01/45] [SCSI] sg: fix oops in the error path in sg_build_indirect() Greg KH
2009-09-16 22:36 ` [patch 02/45] [SCSI] mpt2sas : Rescan topology from Interrupt context instead of work thread Greg KH
2009-09-16 22:36 ` [patch 03/45] [SCSI] mpt2sas: Prevent sending command to FW while Host Reset Greg KH
2009-09-16 22:36 ` [patch 04/45] [SCSI] mpt2sas: setting SDEV into RUNNING state from Interrupt context Greg KH
2009-09-16 22:36 ` [patch 05/45] [SCSI] mpt2sas: Raid 10 Volume is showing as Raid 1E in dmesg Greg KH
2009-09-16 22:36 ` Greg KH [this message]
2009-09-16 22:36 ` [patch 07/45] SCSI: libsrp: fix memory leak in srp_ring_free() Greg KH
2009-09-16 22:36 ` [patch 08/45] cfg80211: fix looping soft lockup in find_ie() Greg KH
2009-09-16 22:36 ` [patch 09/45] ath5k: write PCU registers on initial reset Greg KH
2009-09-16 22:36 ` [patch 10/45] binfmt_elf: fix PT_INTERP bss handling Greg KH
2009-09-16 22:36 ` [patch 11/45] TPM: Fixup boot probe timeout for tpm_tis driver Greg KH
2009-09-16 22:36 ` [patch 12/45] md: Fix "strchr" [drivers/md/dm-log-userspace.ko] undefined! Greg KH
2009-09-16 22:36 ` [patch 13/45] x86/amd-iommu: fix broken check in amd_iommu_flush_all_devices Greg KH
2009-09-16 22:36 ` [patch 14/45] fix undefined reference to user_shm_unlock Greg KH
2009-09-16 22:36 ` [patch 15/45] perf_counter: Fix buffer overflow in perf_copy_attr() Greg KH
2009-09-16 22:36 ` [patch 16/45] perf_counter: Start counting time enabled when group leader gets enabled Greg KH
2009-09-16 22:36 ` [patch 17/45] powerpc/perf_counters: Reduce stack usage of power_check_constraints Greg KH
2009-09-16 22:36 ` [patch 18/45] powerpc: Fix bug where perf_counters breaks oprofile Greg KH
2009-09-16 22:36 ` [patch 19/45] powerpc/ps3: Workaround for flash memory I/O error Greg KH
2009-09-16 22:36 ` [patch 20/45] block: dont assume device has a request list backing in nr_requests store Greg KH
2009-09-16 22:36 ` [patch 21/45] agp/intel: remove restore in resume Greg KH
2009-09-16 22:36 ` [patch 22/45] ALSA: cs46xx - Fix minimum period size Greg KH
2009-09-16 22:36 ` [patch 23/45] ASoC: Fix WM835x Out4 capture enumeration Greg KH
2009-09-16 22:36 ` [patch 24/45] sound: oxygen: work around MCE when changing volume Greg KH
2009-09-16 22:36 ` [patch 25/45] mlx4_core: Allocate and map sufficient ICM memory for EQ context Greg KH
2009-09-16 22:36 ` [patch 26/45] perf stat: Change noise calculation to use stddev Greg KH
2009-09-16 22:36 ` [patch 27/45] x86: Fix x86_model test in es7000_apic_is_cluster() Greg KH
2009-09-16 22:36 ` [patch 28/45] x86/i386: Make sure stack-protector segment base is cache aligned Greg KH
2009-09-16 22:36 ` [patch 29/45] PCI: apply nv_msi_ht_cap_quirk on resume too Greg KH
2009-09-16 22:36 ` [patch 30/45] x86, pat: Fix cacheflush address in change_page_attr_set_clr() Greg KH
2009-09-16 22:36 ` [patch 31/45] ARM: 5691/1: fix cache aliasing issues between kmap() and kmap_atomic() with highmem Greg KH
2009-09-16 22:36 ` [patch 32/45] KVM guest: do not batch pte updates from interrupt context Greg KH
2009-09-16 22:36 ` [patch 33/45] KVM: Fix coalesced interrupt reporting in IOAPIC Greg KH
2009-09-16 22:36 ` [patch 34/45] KVM: VMX: Check cpl before emulating debug register access Greg KH
2009-09-16 22:36 ` [patch 35/45] KVM guest: fix bogus wallclock physical address calculation Greg KH
2009-09-16 22:36 ` [patch 36/45] KVM: x86: Disallow hypercalls for guest callers in rings > 0 Greg KH
2009-09-16 22:36 ` [patch 37/45] KVM: VMX: Fix cr8 exiting control clobbering by EPT Greg KH
2009-09-16 22:36 ` [patch 38/45] KVM: x86 emulator: Implement zero-extended immediate decoding Greg KH
2009-09-16 22:36 ` [patch 39/45] KVM: MMU: make __kvm_mmu_free_some_pages handle empty list Greg KH
2009-09-16 22:36 ` [patch 40/45] KVM: x86 emulator: fix jmp far decoding (opcode 0xea) Greg KH
2009-09-16 22:36 ` [patch 41/45] KVM: limit lapic periodic timer frequency Greg KH
2009-09-16 22:36 ` [patch 42/45] libata: fix off-by-one error in ata_tf_read_block() Greg KH
2009-09-16 22:36 ` [patch 43/45] PCI quirk: update 82576 device ids in SR-IOV quirks list Greg KH
2009-09-16 22:36 ` [patch 44/45] PCI: Unhide the SMBus on the Compaq Evo D510 USDT Greg KH
2009-09-17 7:58 ` Jean Delvare
2009-09-17 11:38 ` [stable] " Greg KH
2009-09-17 13:09 ` Jean Delvare
2009-09-17 13:26 ` Greg KH
2009-09-16 22:36 ` [patch 45/45] powerpc/pseries: Fix to handle slb resize across migration Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090916223714.118636080@mini.kroah.org \
--to=gregkh@suse.de \
--cc=James.Bottomley@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox