From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Tejun Heo <tj@kernel.org>,
Mike Qiu <qiudayu@linux.vnet.ibm.com>,
Jesse Brandeburg <jesse.brandeburg@gmail.com>,
Peter Hurley <peter@hurleysoftware.com>,
Peter Zijlstra <peterz@infradead.org>,
Alexey Kardashevskiy <aik@ozlabs.ru>,
Kevin Hao <haokexin@gmail.com>,
Dan Williams <dan.j.williams@intel.com>
Subject: [PATCH 3.15 11/37] libata: introduce ata_host->n_tags to avoid oops on SAS controllers
Date: Tue, 29 Jul 2014 18:48:47 -0700 [thread overview]
Message-ID: <20140730014828.194646609@linuxfoundation.org> (raw)
In-Reply-To: <20140730014827.565626091@linuxfoundation.org>
3.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tejun Heo <tj@kernel.org>
commit 1a112d10f03e83fb3a2fdc4c9165865dec8a3ca6 upstream.
1871ee134b73 ("libata: support the ata host which implements a queue
depth less than 32") directly used ata_port->scsi_host->can_queue from
ata_qc_new() to determine the number of tags supported by the host;
unfortunately, SAS controllers doing SATA don't initialize ->scsi_host
leading to the following oops.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
IP: [<ffffffff814e0618>] ata_qc_new_init+0x188/0x1b0
PGD 0
Oops: 0002 [#1] SMP
Modules linked in: isci libsas scsi_transport_sas mgag200 drm_kms_helper ttm
CPU: 1 PID: 518 Comm: udevd Not tainted 3.16.0-rc6+ #62
Hardware name: Intel Corporation S2600CO/S2600CO, BIOS SE5C600.86B.02.02.0002.122320131210 12/23/2013
task: ffff880c1a00b280 ti: ffff88061a000000 task.ti: ffff88061a000000
RIP: 0010:[<ffffffff814e0618>] [<ffffffff814e0618>] ata_qc_new_init+0x188/0x1b0
RSP: 0018:ffff88061a003ae8 EFLAGS: 00010012
RAX: 0000000000000001 RBX: ffff88000241ca80 RCX: 00000000000000fa
RDX: 0000000000000020 RSI: 0000000000000020 RDI: ffff8806194aa298
RBP: ffff88061a003ae8 R08: ffff8806194a8000 R09: 0000000000000000
R10: 0000000000000000 R11: ffff88000241ca80 R12: ffff88061ad58200
R13: ffff8806194aa298 R14: ffffffff814e67a0 R15: ffff8806194a8000
FS: 00007f3ad7fe3840(0000) GS:ffff880627620000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000058 CR3: 000000061a118000 CR4: 00000000001407e0
Stack:
ffff88061a003b20 ffffffff814e96e1 ffff88000241ca80 ffff88061ad58200
ffff8800b6bf6000 ffff880c1c988000 ffff880619903850 ffff88061a003b68
ffffffffa0056ce1 ffff88061a003b48 0000000013d6e6f8 ffff88000241ca80
Call Trace:
[<ffffffff814e96e1>] ata_sas_queuecmd+0xa1/0x430
[<ffffffffa0056ce1>] sas_queuecommand+0x191/0x220 [libsas]
[<ffffffff8149afee>] scsi_dispatch_cmd+0x10e/0x300 [<ffffffff814a3bc5>] scsi_request_fn+0x2f5/0x550
[<ffffffff81317613>] __blk_run_queue+0x33/0x40
[<ffffffff8131781a>] queue_unplugged+0x2a/0x90
[<ffffffff8131ceb4>] blk_flush_plug_list+0x1b4/0x210
[<ffffffff8131d274>] blk_finish_plug+0x14/0x50
[<ffffffff8117eaa8>] __do_page_cache_readahead+0x198/0x1f0
[<ffffffff8117ee21>] force_page_cache_readahead+0x31/0x50
[<ffffffff8117ee7e>] page_cache_sync_readahead+0x3e/0x50
[<ffffffff81172ac6>] generic_file_read_iter+0x496/0x5a0
[<ffffffff81219897>] blkdev_read_iter+0x37/0x40
[<ffffffff811e307e>] new_sync_read+0x7e/0xb0
[<ffffffff811e3734>] vfs_read+0x94/0x170
[<ffffffff811e43c6>] SyS_read+0x46/0xb0
[<ffffffff811e33d1>] ? SyS_lseek+0x91/0xb0
[<ffffffff8171ee29>] system_call_fastpath+0x16/0x1b
Code: 00 00 00 88 50 29 83 7f 08 01 19 d2 83 e2 f0 83 ea 50 88 50 34 c6 81 1d 02 00 00 40 c6 81 17 02 00 00 00 5d c3 66 0f 1f 44 00 00 <89> 14 25 58 00 00 00
Fix it by introducing ata_host->n_tags which is initialized to
ATA_MAX_QUEUE - 1 in ata_host_init() for SAS controllers and set to
scsi_host_template->can_queue in ata_host_register() for !SAS ones.
As SAS hosts are never registered, this will give them the same
ATA_MAX_QUEUE - 1 as before. Note that we can't use
scsi_host->can_queue directly for SAS hosts anyway as they can go
higher than the libata maximum.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Mike Qiu <qiudayu@linux.vnet.ibm.com>
Reported-by: Jesse Brandeburg <jesse.brandeburg@gmail.com>
Reported-by: Peter Hurley <peter@hurleysoftware.com>
Reported-by: Peter Zijlstra <peterz@infradead.org>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Fixes: 1871ee134b73 ("libata: support the ata host which implements a queue depth less than 32")
Cc: Kevin Hao <haokexin@gmail.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/libata-core.c | 16 ++++------------
include/linux/libata.h | 1 +
2 files changed, 5 insertions(+), 12 deletions(-)
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -4798,9 +4798,8 @@ void swap_buf_le16(u16 *buf, unsigned in
static struct ata_queued_cmd *ata_qc_new(struct ata_port *ap)
{
struct ata_queued_cmd *qc = NULL;
- unsigned int i, tag, max_queue;
-
- max_queue = ap->scsi_host->can_queue;
+ unsigned int max_queue = ap->host->n_tags;
+ unsigned int i, tag;
/* no command while frozen */
if (unlikely(ap->pflags & ATA_PFLAG_FROZEN))
@@ -6094,6 +6093,7 @@ void ata_host_init(struct ata_host *host
{
spin_lock_init(&host->lock);
mutex_init(&host->eh_mutex);
+ host->n_tags = ATA_MAX_QUEUE - 1;
host->dev = dev;
host->ops = ops;
}
@@ -6175,15 +6175,7 @@ int ata_host_register(struct ata_host *h
{
int i, rc;
- /*
- * The max queue supported by hardware must not be greater than
- * ATA_MAX_QUEUE.
- */
- if (sht->can_queue > ATA_MAX_QUEUE) {
- dev_err(host->dev, "BUG: the hardware max queue is too large\n");
- WARN_ON(1);
- return -EINVAL;
- }
+ host->n_tags = clamp(sht->can_queue, 1, ATA_MAX_QUEUE - 1);
/* host must have been started */
if (!(host->flags & ATA_HOST_STARTED)) {
--- a/include/linux/libata.h
+++ b/include/linux/libata.h
@@ -593,6 +593,7 @@ struct ata_host {
struct device *dev;
void __iomem * const *iomap;
unsigned int n_ports;
+ unsigned int n_tags; /* nr of NCQ tags */
void *private_data;
struct ata_port_operations *ops;
unsigned long flags;
next prev parent reply other threads:[~2014-07-30 1:48 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-30 1:48 [PATCH 3.15 00/37] 3.15.8-stable review Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 01/37] media: staging: tighten omap4iss dependencies Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 02/37] media: media: v4l2-core: v4l2-dv-timings.c: Cleaning up code wrong value used in aspect ratio Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 03/37] media: af9035: override tuner id when bad value set into eeprom Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 04/37] media: hdpvr: fix two audio bugs Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 05/37] media: tda10071: force modulation to QPSK on DVB-S Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 06/37] nfs: only show Posix ACLs in listxattr if actually present Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 07/37] xtensa: fix sysmem reservation at the end of existing block Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 08/37] block: provide compat ioctl for BLKZEROOUT Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 09/37] block: dont assume last put of shared tags is for the host Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 10/37] libata: support the ata host which implements a queue depth less than 32 Greg Kroah-Hartman
2014-07-30 1:48 ` Greg Kroah-Hartman [this message]
2014-07-30 1:48 ` [PATCH 3.15 12/37] s390/ptrace: fix PSW mask check Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 13/37] ahci: add support for the Promise FastTrak TX8660 SATA HBA (ahci mode) Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 14/37] blkcg: dont call into policy draining if root_blkg is already gone Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 15/37] tracing: Fix wraparound problems in "uptime" trace clock Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 16/37] zram: avoid lockdep splat by revalidate_disk Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 17/37] powerpc/pseries: dynamically added OF nodes need to call of_node_init Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 18/37] slab_common: fix the check for duplicate slab names Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 19/37] Input: synaptics - add min/max quirk for pnp-id LEN2002 (Edge E531) Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 20/37] Input: fix defuzzing logic Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 21/37] coredump: fix the setting of PF_DUMPCORE Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 22/37] fuse: s_time_gran fix Greg Kroah-Hartman
2014-07-30 1:48 ` [PATCH 3.15 23/37] fuse: add FUSE_NO_OPEN_SUPPORT flag to INIT Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 24/37] pinctrl: st: Fix irqmux handler Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 25/37] parisc: Remove SA_RESTORER define Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 26/37] hwmon: (smsc47m192) Fix temperature limit and vrm write operations Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 27/37] parport: fix menu breakage Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 28/37] fs: umount on symlink leaks mnt count Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 29/37] x86_32, entry: Store badsys error code in %eax Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 32/37] mm: hugetlb: fix copy_hugetlb_page_range() Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 34/37] hwrng: virtio - ensure reads happen after successful probe Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 35/37] mm: do not call do_fault_around for non-linear fault Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 36/37] nl80211: move set_qos_map command into split state Greg Kroah-Hartman
2014-07-30 1:49 ` [PATCH 3.15 37/37] platform_get_irq: Revert to platform_get_resource if of_irq_get fails Greg Kroah-Hartman
[not found] ` <20140730014829.344302554@linuxfoundation.org>
2014-07-30 6:53 ` [PATCH 3.15 33/37] Fix gcc-4.9.0 miscompilation of load_balance() in scheduler Jakub Jelinek
2014-07-30 7:13 ` Markus Trippelsdorf
2014-07-30 7:21 ` Jakub Jelinek
2014-07-30 7:27 ` Markus Trippelsdorf
2014-07-30 15:47 ` Linus Torvalds
2014-08-05 11:31 ` Josh Boyer
2014-08-05 11:46 ` Markus Trippelsdorf
2014-08-05 15:24 ` Jakub Jelinek
2014-08-05 15:19 ` Greg Kroah-Hartman
2014-08-05 16:49 ` Linus Torvalds
2014-08-05 20:57 ` Josh Boyer
2014-08-05 21:07 ` Frank Ch. Eigler
2014-08-05 22:36 ` Linus Torvalds
2014-08-05 23:30 ` Frank Ch. Eigler
2014-08-05 23:59 ` Linus Torvalds
2014-08-06 8:14 ` Jakub Jelinek
2014-08-06 10:23 ` Måns Rullgård
2014-08-06 16:34 ` Alexei Starovoitov
2014-07-30 11:58 ` [PATCH 3.15 00/37] 3.15.8-stable review Satoru Takeuchi
2014-07-30 15:50 ` Greg Kroah-Hartman
2014-07-30 16:09 ` Guenter Roeck
2014-07-30 22:23 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140730014828.194646609@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=aik@ozlabs.ru \
--cc=dan.j.williams@intel.com \
--cc=haokexin@gmail.com \
--cc=jesse.brandeburg@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=peter@hurleysoftware.com \
--cc=peterz@infradead.org \
--cc=qiudayu@linux.vnet.ibm.com \
--cc=stable@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).