From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Finn Thain <fthain@telegraphics.com.au>,
Michael Schmitz <schmitzmic@gmail.com>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Sasha Levin <sashal@kernel.org>,
linux-scsi@vger.kernel.org
Subject: [PATCH AUTOSEL 4.9 26/42] scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE
Date: Wed, 11 Dec 2019 10:34:54 -0500 [thread overview]
Message-ID: <20191211153510.23861-26-sashal@kernel.org> (raw)
In-Reply-To: <20191211153510.23861-1-sashal@kernel.org>
From: Finn Thain <fthain@telegraphics.com.au>
[ Upstream commit 79172ab20bfd8437b277254028efdb68484e2c21 ]
Since the scsi subsystem adopted the blk-mq API, a host with zero
sg_tablesize crashes with a NULL pointer dereference.
blk_queue_max_segments: set to minimum 1
scsi 0:0:0:0: Direct-Access QEMU QEMU HARDDISK 2.5+ PQ: 0 ANSI: 5
scsi target0:0:0: Beginning Domain Validation
scsi target0:0:0: Domain Validation skipping write tests
scsi target0:0:0: Ending Domain Validation
blk_queue_max_segments: set to minimum 1
scsi 0:0:1:0: Direct-Access QEMU QEMU HARDDISK 2.5+ PQ: 0 ANSI: 5
scsi target0:0:1: Beginning Domain Validation
scsi target0:0:1: Domain Validation skipping write tests
scsi target0:0:1: Ending Domain Validation
blk_queue_max_segments: set to minimum 1
scsi 0:0:2:0: CD-ROM QEMU QEMU CD-ROM 2.5+ PQ: 0 ANSI: 5
scsi target0:0:2: Beginning Domain Validation
scsi target0:0:2: Domain Validation skipping write tests
scsi target0:0:2: Ending Domain Validation
blk_queue_max_segments: set to minimum 1
blk_queue_max_segments: set to minimum 1
blk_queue_max_segments: set to minimum 1
blk_queue_max_segments: set to minimum 1
sr 0:0:2:0: Power-on or device reset occurred
sd 0:0:0:0: Power-on or device reset occurred
sd 0:0:1:0: Power-on or device reset occurred
sd 0:0:0:0: [sda] 10485762 512-byte logical blocks: (5.37 GB/5.00 GiB)
sd 0:0:0:0: [sda] Write Protect is off
sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA
Unable to handle kernel NULL pointer dereference at virtual address (ptrval)
Oops: 00000000
Modules linked in:
PC: [<001cd874>] blk_mq_free_request+0x66/0xe2
SR: 2004 SP: (ptrval) a2: 00874520
d0: 00000000 d1: 00000000 d2: 009ba800 d3: 00000000
d4: 00000000 d5: 08000002 a0: 0087be68 a1: 009a81e0
Process kworker/u2:2 (pid: 15, task=(ptrval))
Frame format=7 eff addr=0000007a ssw=0505 faddr=0000007a
wb 1 stat/addr/data: 0000 00000000 00000000
wb 2 stat/addr/data: 0000 00000000 00000000
wb 3 stat/addr/data: 0000 0000007a 00000000
push data: 00000000 00000000 00000000 00000000
Stack from 0087bd98:
00000002 00000000 0087be72 009a7820 0087bdb4 001c4f6c 009a7820 0087bdd4
0024d200 009a7820 0024d0dc 0087be72 009baa00 0087be68 009a5000 0087be7c
00265d10 009a5000 0087be72 00000003 00000000 00000000 00000000 0087be68
00000bb8 00000005 00000000 00000000 00000000 00000000 00265c56 00000000
009ba60c 0036ddf4 00000002 ffffffff 009baa00 009ba600 009a50d6 0087be74
00227ba0 009baa08 00000001 009baa08 009ba60c 0036ddf4 00000000 00000000
Call Trace: [<001c4f6c>] blk_put_request+0xe/0x14
[<0024d200>] __scsi_execute+0x124/0x174
[<0024d0dc>] __scsi_execute+0x0/0x174
[<00265d10>] sd_revalidate_disk+0xba/0x1f02
[<00265c56>] sd_revalidate_disk+0x0/0x1f02
[<0036ddf4>] strlen+0x0/0x22
[<00227ba0>] device_add+0x3da/0x604
[<0036ddf4>] strlen+0x0/0x22
[<00267e64>] sd_probe+0x30c/0x4b4
[<0002da44>] process_one_work+0x0/0x402
[<0022b978>] really_probe+0x226/0x354
[<0022bc34>] driver_probe_device+0xa4/0xf0
[<0002da44>] process_one_work+0x0/0x402
[<0022bcd0>] __driver_attach_async_helper+0x50/0x70
[<00035dae>] async_run_entry_fn+0x36/0x130
[<0002db88>] process_one_work+0x144/0x402
[<0002e1aa>] worker_thread+0x0/0x570
[<0002e29a>] worker_thread+0xf0/0x570
[<0002e1aa>] worker_thread+0x0/0x570
[<003768d8>] schedule+0x0/0xb8
[<0003f58c>] __init_waitqueue_head+0x0/0x12
[<00033e92>] kthread+0xc2/0xf6
[<000331e8>] kthread_parkme+0x0/0x4e
[<003768d8>] schedule+0x0/0xb8
[<00033dd0>] kthread+0x0/0xf6
[<00002c10>] ret_from_kernel_thread+0xc/0x14
Code: 0280 0006 0800 56c0 4400 0280 0000 00ff <52b4> 0c3a 082b 0006 0013 6706 2042 53a8 00c4 4ab9 0047 3374 6640 202d 000c 670c
Disabling lock debugging due to kernel taint
Avoid this by setting sg_tablesize = 1.
Link: https://lore.kernel.org/r/4567bcae94523b47d6f3b77450ba305823bca479.1572656814.git.fthain@telegraphics.com.au
Reported-and-tested-by: Michael Schmitz <schmitzmic@gmail.com>
Reviewed-by: Michael Schmitz <schmitzmic@gmail.com>
References: commit 68ab2d76e4be ("scsi: cxlflash: Set sg_tablesize to 1 instead of SG_NONE")
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/scsi/atari_scsi.c | 6 +++---
drivers/scsi/mac_scsi.c | 2 +-
drivers/scsi/sun3_scsi.c | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/scsi/atari_scsi.c b/drivers/scsi/atari_scsi.c
index a59ad94ea52b3..9dc4b689f94b0 100644
--- a/drivers/scsi/atari_scsi.c
+++ b/drivers/scsi/atari_scsi.c
@@ -753,7 +753,7 @@ static int __init atari_scsi_probe(struct platform_device *pdev)
atari_scsi_template.sg_tablesize = SG_ALL;
} else {
atari_scsi_template.can_queue = 1;
- atari_scsi_template.sg_tablesize = SG_NONE;
+ atari_scsi_template.sg_tablesize = 1;
}
if (setup_can_queue > 0)
@@ -762,8 +762,8 @@ static int __init atari_scsi_probe(struct platform_device *pdev)
if (setup_cmd_per_lun > 0)
atari_scsi_template.cmd_per_lun = setup_cmd_per_lun;
- /* Leave sg_tablesize at 0 on a Falcon! */
- if (ATARIHW_PRESENT(TT_SCSI) && setup_sg_tablesize >= 0)
+ /* Don't increase sg_tablesize on Falcon! */
+ if (ATARIHW_PRESENT(TT_SCSI) && setup_sg_tablesize > 0)
atari_scsi_template.sg_tablesize = setup_sg_tablesize;
if (setup_hostid >= 0) {
diff --git a/drivers/scsi/mac_scsi.c b/drivers/scsi/mac_scsi.c
index 5648d30c73768..5aa60bbbd09ad 100644
--- a/drivers/scsi/mac_scsi.c
+++ b/drivers/scsi/mac_scsi.c
@@ -378,7 +378,7 @@ static int __init mac_scsi_probe(struct platform_device *pdev)
mac_scsi_template.can_queue = setup_can_queue;
if (setup_cmd_per_lun > 0)
mac_scsi_template.cmd_per_lun = setup_cmd_per_lun;
- if (setup_sg_tablesize >= 0)
+ if (setup_sg_tablesize > 0)
mac_scsi_template.sg_tablesize = setup_sg_tablesize;
if (setup_hostid >= 0)
mac_scsi_template.this_id = setup_hostid & 7;
diff --git a/drivers/scsi/sun3_scsi.c b/drivers/scsi/sun3_scsi.c
index 3c4c07038948d..6f75693cf7d28 100644
--- a/drivers/scsi/sun3_scsi.c
+++ b/drivers/scsi/sun3_scsi.c
@@ -419,7 +419,7 @@ static struct scsi_host_template sun3_scsi_template = {
.eh_bus_reset_handler = sun3scsi_bus_reset,
.can_queue = 16,
.this_id = 7,
- .sg_tablesize = SG_NONE,
+ .sg_tablesize = 1,
.cmd_per_lun = 2,
.use_clustering = DISABLE_CLUSTERING,
.cmd_size = NCR5380_CMD_SIZE,
@@ -440,7 +440,7 @@ static int __init sun3_scsi_probe(struct platform_device *pdev)
sun3_scsi_template.can_queue = setup_can_queue;
if (setup_cmd_per_lun > 0)
sun3_scsi_template.cmd_per_lun = setup_cmd_per_lun;
- if (setup_sg_tablesize >= 0)
+ if (setup_sg_tablesize > 0)
sun3_scsi_template.sg_tablesize = setup_sg_tablesize;
if (setup_hostid >= 0)
sun3_scsi_template.this_id = setup_hostid & 7;
--
2.20.1
next prev parent reply other threads:[~2019-12-11 15:36 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-11 15:34 [PATCH AUTOSEL 4.9 01/42] scsi: mpt3sas: Fix clear pending bit in ioctl status Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 02/42] scsi: lpfc: Fix locking on mailbox command completion Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 03/42] Input: atmel_mxt_ts - disable IRQ across suspend Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 04/42] iommu/tegra-smmu: Fix page tables in > 4 GiB memory Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 05/42] scsi: target: compare full CHAP_A Algorithm strings Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 06/42] scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 07/42] scsi: csiostor: Don't enable IRQs too early Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 08/42] powerpc/pseries: Mark accumulate_stolen_time() as notrace Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 09/42] powerpc/pseries: Don't fail hash page table insert for bolted mapping Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 10/42] dma-debug: add a schedule point in debug_dma_dump_mappings() Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 11/42] clocksource/drivers/asm9260: Add a check for of_clk_get Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 12/42] powerpc/security/book3s64: Report L1TF status in sysfs Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 13/42] powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 14/42] jbd2: Fix statistics for the number of logged blocks Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 15/42] scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 16/42] scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 17/42] clk: qcom: Allow constant ratio freq tables for rcg Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 18/42] irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 19/42] irqchip: ingenic: Error out if IRQ domain creation failed Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 20/42] mfd: mfd-core: Honour Device Tree's request to disable a child-device Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 21/42] fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 22/42] scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 23/42] scsi: ufs: fix potential bug which ends in system hang Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 24/42] powerpc/pseries/cmm: Implement release() function for sysfs device Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 25/42] powerpc/security: Fix wrong message when RFI Flush is disable Sasha Levin
2019-12-11 15:34 ` Sasha Levin [this message]
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 27/42] clk: pxa: fix one of the pxa RTC clocks Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 28/42] bcache: at least try to shrink 1 node in bch_mca_scan() Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 29/42] ext4: fix a bug in ext4_wait_for_tail_page_commit Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 30/42] HID: Improve Windows Precision Touchpad detection Sasha Levin
2019-12-11 15:34 ` [PATCH AUTOSEL 4.9 31/42] ext4: work around deleting a file with i_nlink == 0 safely Sasha Levin
2019-12-11 15:35 ` [PATCH AUTOSEL 4.9 32/42] scsi: pm80xx: Fix for SATA device discovery Sasha Levin
2019-12-11 15:35 ` [PATCH AUTOSEL 4.9 33/42] scsi: scsi_debug: num_tgts must be >= 0 Sasha Levin
2019-12-11 15:35 ` [PATCH AUTOSEL 4.9 34/42] scsi: target: iscsi: Wait for all commands to finish before freeing a session Sasha Levin
2019-12-11 15:35 ` [PATCH AUTOSEL 4.9 35/42] gpio: mpc8xxx: Don't overwrite default irq_set_type callback Sasha Levin
2019-12-11 15:35 ` [PATCH AUTOSEL 4.9 36/42] scripts/kallsyms: fix definitely-lost memory leak Sasha Levin
2019-12-11 15:35 ` [PATCH AUTOSEL 4.9 37/42] cdrom: respect device capabilities during opening action Sasha Levin
2019-12-11 15:35 ` [PATCH AUTOSEL 4.9 38/42] perf regs: Make perf_reg_name() return "unknown" instead of NULL Sasha Levin
2019-12-11 15:35 ` [PATCH AUTOSEL 4.9 39/42] libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h Sasha Levin
2019-12-11 15:35 ` [PATCH AUTOSEL 4.9 40/42] s390/cpum_sf: Check for SDBT and SDB consistency Sasha Levin
2019-12-11 15:35 ` [PATCH AUTOSEL 4.9 41/42] ocfs2: fix passing zero to 'PTR_ERR' warning Sasha Levin
2019-12-11 15:35 ` [PATCH AUTOSEL 4.9 42/42] kernel: sysctl: make drop_caches write-only Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191211153510.23861-26-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=fthain@telegraphics.com.au \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=schmitzmic@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox