[dm-devel] Re: Patch to lsi rda device handler

Chandra Seetharaman sekharan at us.ibm.com
Thu Jul 17 22:30:26 UTC 2008 

Yanqing,

Thanks. Thee fix is in the set of patches that Hannes has sent (latest
one sent yesterday). It will make into 2.6.27.

Thanks,

chandra
On Thu, 2008-07-17 at 11:56 -0500, Yanqing_Liu at Dell.com wrote:
> Hello,
> 
> Here is the lsi rdac device handler code that was posted:
> 
> https://www.redhat.com/archives/dm-devel/2008-May/msg00003.html
> 
> The following patch is to address a NULL pointer problem in lsi rdac
> device handler.
> 
> In function get_rdac_req, after a request is successfully allocated,
> the area that the cmd pointer points to should be zeroed out. However,
> the function zeros out the command pointer itself, along with some
> other adjacent area. This results in NULL pointer dereference when
> submitting inquiry commands when checking virtual disk ownership
> during device discovery time. The kernel trace is attached at the end
> of the message.
> 
> The change is to zero out the area that the cmd pointer points to,
> instead of the pointer itself in the allocated request structure.
> 
> --- scsi_dh_rdac.c.orig 2008-07-17 01:53:10.000000000 -0400 
> +++ scsi_dh_rdac.c      2008-07-17 01:45:28.000000000 -0400 
> @@ -214,7 +214,7 @@ 
>                 return NULL; 
>         } 
>   
> -       memset(&rq->cmd, 0, BLK_MAX_CDB); 
> +       memset(rq->cmd, 0, BLK_MAX_CDB); 
>         rq->sense = h->sense; 
>         memset(rq->sense, 0, SCSI_SENSE_BUFFERSIZE); 
>         rq->sense_len = 0;
> 
> 
> Below is the kernel trace when problem happens, just for reference:
> 
> Jul 10 01:05:52 localhost kernel: In fn rdac_activate 
> Jul 10 01:05:52 localhost kernel: BUG: unable to handle kernel NULL
> pointer dereference at 0000000000000000 
> Jul 10 01:05:52 localhost kernel: IP:
> [<ffffffffa051e1d4>] :scsi_dh_rdac:submit_inquiry+0x42/0x8d 
> Jul 10 01:05:52 localhost kernel: PGD 0 
> Jul 10 01:05:52 localhost kernel: Oops: 0002 [1] SMP 
> Jul 10 01:05:52 localhost kernel: CPU 2 
> Jul 10 01:05:52 localhost kernel: Modules linked in: scsi_dh_rdac vfat
> fat autofs4 hidp rfcomm l2cap bluetooth sunrpc iptable_filter
> ip_tables ip6t_REJECT xt_tcpudp ip6table_filter ip6_tables x_tables
> ipv6 ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr
> iscsi_tcp libiscsi scsi_transport_iscsi dm_round_robin dm_multipath
> scsi_dh sbs sbshc battery acpi_memhotplug ac parport_pc lp parport sg
> usb_storage dcdbas ide_cd_mod cdrom bnx2 serio_raw button rtc_cmos
> rtc_core rtc_lib i5000_edac shpchp edac_core pcspkr dm_snapshot
> dm_zero dm_mirror dm_log dm_mod ata_piix libata megaraid_sas mptsas
> mptscsih scsi_transport_sas mptbase sd_mod scsi_mod ext3 jbd uhci_hcd
> ohci_hcd ehci_hcd [last unloaded: microcode]
> 
> Jul 10 01:05:52 localhost kernel: Pid: 5741, comm: kmpath_handlerd Not
> tainted 2.6.26-rc5 #1 
> Jul 10 01:05:52 localhost kernel: RIP: 0010:[<ffffffffa051e1d4>]
> [<ffffffffa051e1d4>] :scsi_dh_rdac:submit_inquiry+0x42/0x8d
> 
> Jul 10 01:05:52 localhost kernel: RSP: 0018:ffff81003c511dd0  EFLAGS:
> 00010246 
> Jul 10 01:05:52 localhost kernel: RAX: 0000000000000000 RBX:
> 00000000000000af RCX: 0000000000000001 
> Jul 10 01:05:52 localhost kernel: RDX: ffff81003c4818b8 RSI:
> 0000000000000000 RDI: ffff81003e82eb10 
> Jul 10 01:05:52 localhost kernel: RBP: 00000000000000c8 R08:
> 0000000000000003 R09: 0000000000000005 
> Jul 10 01:05:52 localhost kernel: R10: ffff81003a472c15 R11:
> 000000000000005d R12: ffff81003e82eb10 
> Jul 10 01:05:52 localhost multipathd: mpath2: event checker started 
> Jul 10 01:05:52 localhost kernel: R13: ffffffffa051f640 R14:
> ffff81003956d920 R15: 0000000000000000 
> Jul 10 01:05:52 localhost kernel: FS:  0000000000000000(0000)
> GS:ffff81003fa5be40(0000) knlGS:0000000000000000 
> Jul 10 01:05:52 localhost kernel: CS:  0010 DS: 0018 ES: 0018 CR0:
> 000000008005003b 
> Jul 10 01:05:52 localhost kernel: CR2: 0000000000000000 CR3:
> 0000000000201000 CR4: 00000000000006e0 
> Jul 10 01:05:52 localhost kernel: DR0: 0000000000000000 DR1:
> 0000000000000000 DR2: 0000000000000000 
> Jul 10 01:05:52 localhost kernel: DR3: 0000000000000000 DR6:
> 00000000ffff0ff0 DR7: 0000000000000400 
> Jul 10 01:05:52 localhost kernel: Process kmpath_handlerd (pid: 5741,
> threadinfo ffff81003c510000, task ffff81003e9329a0)
> 
> Jul 10 01:05:52 localhost kernel: Stack:  ffff81003a472c00
> ffff81003956d800 ffff81003956d800 ffffffffa051e4db 
> Jul 10 01:05:52 localhost kernel:  ffff81003e9329a0 ffff81003a472c08
> ffff81003d5e67c0 ffffffff808d0700 
> Jul 10 01:05:52 localhost kernel:  0000000000000000 ffff81003d5e67c0
> ffff81003c511ed0 0000000000000000 
> Jul 10 01:05:52 localhost kernel: Call Trace: 
> Jul 10 01:05:52 localhost kernel:
> [<ffffffffa051e4db>] ? :scsi_dh_rdac:rdac_activate+0x70/0x461 
> Jul 10 01:05:52 localhost kernel:
> [<ffffffffa03050f4>] ? :scsi_dh:scsi_dh_activate+0x55/0x9c 
> Jul 10 01:05:52 localhost kernel:
> [<ffffffffa0310327>] ? :dm_multipath:activate_path+0x0/0x16d 
> Jul 10 01:05:52 localhost kernel:
> [<ffffffffa0310352>] ? :dm_multipath:activate_path+0x2b/0x16d 
> Jul 10 01:05:52 localhost kernel:
> [<ffffffffa0310327>] ? :dm_multipath:activate_path+0x0/0x16d 
> Jul 10 01:05:52 localhost kernel:  [<ffffffff8023fed9>] ?
> run_workqueue+0x7b/0x103 
> Jul 10 01:05:52 localhost kernel:  [<ffffffff80240754>] ?
> worker_thread+0xd5/0xe0 
> Jul 10 01:05:52 localhost kernel:  [<ffffffff80242f26>] ?
> autoremove_wake_function+0x0/0x2e 
> Jul 10 01:05:52 localhost kernel:  [<ffffffff8024067f>] ?
> worker_thread+0x0/0xe0 
> Jul 10 01:05:52 localhost kernel:  [<ffffffff80242df7>] ? kthread
> +0x47/0x74 
> Jul 10 01:05:53 localhost kernel:  [<ffffffff8022d674>] ?
> schedule_tail+0x28/0x5d 
> Jul 10 01:05:53 localhost kernel:  [<ffffffff8020cb98>] ? child_rip
> +0xa/0x12 
> Jul 10 01:05:53 localhost kernel:  [<ffffffff80242db0>] ? kthread
> +0x0/0x74 
> Jul 10 01:05:53 localhost kernel:  [<ffffffff8020cb8e>] ? child_rip
> +0x0/0x12 
> Jul 10 01:05:53 localhost kernel: 
> Jul 10 01:05:53 localhost multipathd: mpath0: event checker started 
> Jul 10 01:05:53 localhost kernel: 
> Jul 10 01:05:53 localhost multipathd: mpath13: event checker started 
> Jul 10 01:05:53 localhost kernel: Code: 04 0f 0b eb fe 48 8d 70 75 31
> c9 e8 c1 fe ff ff 48 85 c0 48 89 c2 b9 0c 00 00 00 74 52 48 8b 80 e8
> 00 00 00 b1 01 31 f6 4c 89 e7 <c6> 00 12 48 8b 82 e8 00 00 00 c6 40 01
> 01 48 8b 82 e8 00 00 00 
> 
> Jul 10 01:05:53 localhost multipathd: path checkers start up 
> Jul 10 01:05:53 localhost kernel: RIP
> [<ffffffffa051e1d4>] :scsi_dh_rdac:submit_inquiry+0x42/0x8d 
> Jul 10 01:05:53 localhost multipathd: dm-4: add map (uevent) 
> Jul 10 01:05:53 localhost kernel:  RSP <ffff81003c511dd0> 
> Jul 10 01:05:53 localhost multipathd: dm-4: devmap already registered 
> Jul 10 01:05:53 localhost kernel: CR2: 0000000000000000 
> Jul 10 01:05:53 localhost kernel: ---[ end trace
> f05af9e56671650e ]--- 
> Jul 10 01:08:52 localhost multipathd: dm-3: add map (uevent) 
> Jul 10 01:08:52 localhost multipathd: dm-3: devmap already registered 
> Jul 10 01:08:52 localhost multipathd: dm-2: remove map (uevent) 
> Jul 10 01:08:52 localhost multipathd: mpath2: map in use 
> Jul 10 01:08:52 localhost multipathd: mpath2: can't flush 
> Jul 10 01:11:52 localhost multipathd: dm-2: add map (uevent) 
> Jul 10 01:11:52 localhost multipathd: dm-2: devmap already registered 
> 
> Please provide any feedback that you may have.
> 
> Thanks, 
> Yanqing
>

More information about the dm-devel mailing list