From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757741Ab1KJQFz (ORCPT ); Thu, 10 Nov 2011 11:05:55 -0500 Received: from rcsinet15.oracle.com ([148.87.113.117]:52802 "EHLO rcsinet15.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752827Ab1KJQFx (ORCPT ); Thu, 10 Nov 2011 11:05:53 -0500 Message-ID: <4EBBF646.8010705@oracle.com> Date: Thu, 10 Nov 2011 08:05:26 -0800 From: Yinghai Lu User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20110920 SUSE/3.1.15 Thunderbird/3.1.15 MIME-Version: 1.0 To: "James E.J. Bottomley" , Nagalakshmi Nandigama CC: Kashyap Desai , Eric Moore , linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] mpt2sas: Fix null reference in recovery_delete_devices Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Source-IP: ucsinet22.oracle.com [156.151.31.94] X-CT-RefId: str=0001.0A090204.4EBBF65E.0042,ss=1,re=0.000,fgs=0 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Got panic: [ 752.590700] BUG: unable to handle kernel NULL pointer dereference at 00000000000000f6 [ 752.598542] IP: [] mpt2sas_scsih_reset_handler+0x168/0x183 [ 752.605595] PGD 175d43067 PUD 175d44067 PMD 0 [ 752.610081] Oops: 0002 [#1] SMP [ 752.613342] CPU 0 [ 752.615175] Modules linked in: [ 752.618428] [ 752.619921] Pid: 9187, comm: sas2flash Not tainted 3.2.0-rc1-tip-yh-01580-g878f195-dirty #1288 Oracle Corporation Sun Blade [ 752.632632] RIP: 0010:[] [] mpt2sas_scsih_reset_handler+0x168/0x183 it turns out it is introduced in _scsih_error_recovery_delete_devices() forget to alloc the event before using. It is introduced by: | commit 921cd8024b908f8f49f772c8d3a02381b4db2ed2 | Author: nagalakshmi.nandigama@lsi.com | Date: Wed Oct 19 15:36:26 2011 +0530 | | [SCSI] mpt2sas: New feature - Fast Load Support Signed-off-by: Yinghai Lu --- drivers/scsi/mpt2sas/mpt2sas_scsih.c | 3 +++ 1 file changed, 3 insertions(+) Index: linux-2.6/drivers/scsi/mpt2sas/mpt2sas_scsih.c =================================================================== --- linux-2.6.orig/drivers/scsi/mpt2sas/mpt2sas_scsih.c +++ linux-2.6/drivers/scsi/mpt2sas/mpt2sas_scsih.c @@ -2802,6 +2802,9 @@ _scsih_error_recovery_delete_devices(str if (ioc->is_driver_loading) return; + fw_event = kzalloc(sizeof(struct fw_event_work), GFP_ATOMIC); + if (!fw_event) + return; fw_event->event = MPT2SAS_REMOVE_UNRESPONDING_DEVICES; fw_event->ioc = ioc; _scsih_fw_event_add(ioc, fw_event);