* [PATCH V2] libata:fix kernel panic when hotplug
@ 2016-06-16 2:55 DingXiang
2016-06-16 3:29 ` kbuild test robot
2016-06-16 7:16 ` kbuild test robot
0 siblings, 2 replies; 3+ messages in thread
From: DingXiang @ 2016-06-16 2:55 UTC (permalink / raw)
To: tj, jejb, martin.petersen, fangwei1, miaoxie, wangyijing,
zhangaihua1, zhaohongjiang, houtao1
Cc: linux-scsi, linux-kernel, dingxiang
From: Ding Xiang <dingxiang@huawei.com>
In normal condition,if we use sas protocol and hotplug a
sata disk on a port,the sas driver will send event
"PORTE_BYTES_DMAED" and call function "sas_porte_bytes_dmaed".
But if a sata disk is run io and unplug it,then plug a new
sata disk,this operation may cause a kernel panic like this:
[ 2366.923208] Unable to handle kernel NULL pointer dereference
at virtual address 000007b8
[ 2366.949253] pgd = ffffffc00121d000
[ 2366.971164] [000007b8] *pgd=00000027df893003, *pud=00000027df893003,
*pmd=00000027df894003, *pte=006000006d000707
[ 2367.022822] Internal error: Oops: 96000005 [#1] SMP
[ 2367.048490] Modules linked in: dm_mirror(E) dm_region_hash(E) dm_log(E)
dm_mod(E) crc32_arm64(E) aes_ce_blk(E) ablk_helper(E) cry ptd(E)
aes_ce_cipher(E) ghash_ce(E) sha2_ce(E) sha1_ce(E) ses(E) enclosure(E)
shpchp(E) marvell(E)
[ 2367.144808] CPU: 16 PID: 710 Comm: kworker/16:1 Tainted: G E
4.1.23-next.aarch64 #1
[ 2367.180161] Hardware name: Huawei Taishan 2280 /BC11SPCC,
BIOS 1.28 05/14/2016
[ 2367.213305] Workqueue: events ata_scsi_hotplug
[ 2367.244296] task: ffffffe7db9b5e00 ti: ffffffe7db1a0000
task.ti: ffffffe7db1a0000
[ 2367.279949] PC is at sas_find_dev_by_rphy+0x48/0x118
[ 2367.312045] LR is at sas_find_dev_by_rphy+0x40/0x118
[ 2367.341970] pc : [<ffffffc00065c3b0>] lr : [<ffffffc00065c3a8>]
pstate: 00000145
...
[ 2368.766334] Call trace:
[ 2368.781712] [<ffffffc00065c3b0>] sas_find_dev_by_rphy+0x48/0x118
[ 2368.800394] [<ffffffc00065c4a8>] sas_target_alloc+0x28/0x98
[ 2368.817975] [<ffffffc00063e920>] scsi_alloc_target+0x248/0x308
[ 2368.835570] [<ffffffc000640080>] __scsi_add_device+0xb8/0x160
[ 2368.853034] [<ffffffc0006e52d8>] ata_scsi_scan_host+0x190/0x230
[ 2368.871614] [<ffffffc0006e54b0>] ata_scsi_hotplug+0xc8/0xe8
[ 2368.889152] [<ffffffc0000da75c>] process_one_work+0x164/0x438
[ 2368.908003] [<ffffffc0000dab74>] worker_thread+0x144/0x4b0
[ 2368.924613] [<ffffffc0000e0ffc>] kthread+0xfc/0x110
[ 2368.940923] Code: aa1303e0 97ff5deb 34ffff80 d1082273 (f943de76)
This because "dev_to_shost" in "sas_find_dev_by_rphy" return
a NULL point,and SHOST_TO_SAS_HA used it,so kernel panic happed.
why dev_to_shost return a NULL point?
Because in "__scsi_add_device" ,
struct device *parent = &shost->shost_gendev,
and in "scsi_alloc_target", "*parent" is assigned to
"starget->dev.parent",then "sas_target_alloc" will get
"struct sas_rphy" according "starget->dev.parent", and in
"sas_find_dev_by_rphy" , we will get "struct Scsi_Host *shost"
according "rphy->dev.parent",we will find that
rphy->dev.parent = shost->shost_gendev.parent, and shost_gendev.parent
is "ap->tdev",there is no parent any more,so "dev_to_shost"
return a NULL point.
when the panic will happen?
When libata is handling error,and add hotplug_task to workqueue,
if a new sata disk pluged at this moment,the libata hotplug task
will run and panic will happen.
In fact,we don't need libata to deal with hotplug in sas environment.
So we can't run ata hotplug task when ata port is sas host.
Signed-off-by: Ding Xiang <dingxiang@huawei.com>
---
drivers/ata/libata-eh.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c
index 61dc7a9..4428a7c 100644
--- a/drivers/ata/libata-eh.c
+++ b/drivers/ata/libata-eh.c
@@ -816,7 +816,8 @@ void ata_scsi_port_error_handler(struct Scsi_Host *host, struct ata_port *ap)
if (ap->pflags & ATA_PFLAG_LOADING)
ap->pflags &= ~ATA_PFLAG_LOADING;
- else if (ap->pflags & ATA_PFLAG_SCSI_HOTPLUG)
+ else if ((ap->pflags & ATA_PFLAG_SCSI_HOTPLUG) &&
+ !(ap->pflags & ATA_PFLAG_SAS_HOST))
schedule_delayed_work(&ap->hotplug_task, 0);
if (ap->pflags & ATA_PFLAG_RECOVERED)
--
2.5.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH V2] libata:fix kernel panic when hotplug
2016-06-16 2:55 [PATCH V2] libata:fix kernel panic when hotplug DingXiang
@ 2016-06-16 3:29 ` kbuild test robot
2016-06-16 7:16 ` kbuild test robot
1 sibling, 0 replies; 3+ messages in thread
From: kbuild test robot @ 2016-06-16 3:29 UTC (permalink / raw)
To: DingXiang
Cc: kbuild-all, tj, jejb, martin.petersen, fangwei1, miaoxie,
wangyijing, zhangaihua1, zhaohongjiang, houtao1, linux-scsi,
linux-kernel, dingxiang
[-- Attachment #1: Type: text/plain, Size: 1600 bytes --]
Hi,
[auto build test ERROR on tj-libata/for-next]
[also build test ERROR on v4.7-rc3 next-20160615]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/DingXiang/libata-fix-kernel-panic-when-hotplug/20160616-105155
base: https://git.kernel.org/pub/scm/linux/kernel/git/tj/libata for-next
config: x86_64-randconfig-s5-06161042 (attached as .config)
compiler: gcc-6 (Debian 6.1.1-1) 6.1.1 20160430
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
drivers/ata/libata-eh.c: In function 'ata_scsi_port_error_handler':
>> drivers/ata/libata-eh.c:820:19: error: 'ATA_PFLAG_SAS_HOST' undeclared (first use in this function)
!(ap->pflags & ATA_PFLAG_SAS_HOST))
^~~~~~~~~~~~~~~~~~
drivers/ata/libata-eh.c:820:19: note: each undeclared identifier is reported only once for each function it appears in
vim +/ATA_PFLAG_SAS_HOST +820 drivers/ata/libata-eh.c
814 /* clean up */
815 spin_lock_irqsave(ap->lock, flags);
816
817 if (ap->pflags & ATA_PFLAG_LOADING)
818 ap->pflags &= ~ATA_PFLAG_LOADING;
819 else if ((ap->pflags & ATA_PFLAG_SCSI_HOTPLUG) &&
> 820 !(ap->pflags & ATA_PFLAG_SAS_HOST))
821 schedule_delayed_work(&ap->hotplug_task, 0);
822
823 if (ap->pflags & ATA_PFLAG_RECOVERED)
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/octet-stream, Size: 27134 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH V2] libata:fix kernel panic when hotplug
2016-06-16 2:55 [PATCH V2] libata:fix kernel panic when hotplug DingXiang
2016-06-16 3:29 ` kbuild test robot
@ 2016-06-16 7:16 ` kbuild test robot
1 sibling, 0 replies; 3+ messages in thread
From: kbuild test robot @ 2016-06-16 7:16 UTC (permalink / raw)
To: DingXiang
Cc: kbuild-all, tj, jejb, martin.petersen, fangwei1, miaoxie,
wangyijing, zhangaihua1, zhaohongjiang, houtao1, linux-scsi,
linux-kernel, dingxiang
[-- Attachment #1: Type: text/plain, Size: 2855 bytes --]
Hi,
[auto build test WARNING on tj-libata/for-next]
[also build test WARNING on v4.7-rc3 next-20160616]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/DingXiang/libata-fix-kernel-panic-when-hotplug/20160616-105155
base: https://git.kernel.org/pub/scm/linux/kernel/git/tj/libata for-next
config: x86_64-randconfig-s5-06161418 (attached as .config)
compiler: gcc-6 (Debian 6.1.1-1) 6.1.1 20160430
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All warnings (new ones prefixed by >>):
In file included from include/linux/linkage.h:4:0,
from include/linux/kernel.h:6,
from drivers/ata/libata-eh.c:35:
drivers/ata/libata-eh.c: In function 'ata_scsi_port_error_handler':
drivers/ata/libata-eh.c:820:19: error: 'ATA_PFLAG_SAS_HOST' undeclared (first use in this function)
!(ap->pflags & ATA_PFLAG_SAS_HOST))
^
include/linux/compiler.h:151:30: note: in definition of macro '__trace_if'
if (__builtin_constant_p(!!(cond)) ? !!(cond) : \
^~~~
>> drivers/ata/libata-eh.c:819:7: note: in expansion of macro 'if'
else if ((ap->pflags & ATA_PFLAG_SCSI_HOTPLUG) &&
^~
drivers/ata/libata-eh.c:820:19: note: each undeclared identifier is reported only once for each function it appears in
!(ap->pflags & ATA_PFLAG_SAS_HOST))
^
include/linux/compiler.h:151:30: note: in definition of macro '__trace_if'
if (__builtin_constant_p(!!(cond)) ? !!(cond) : \
^~~~
>> drivers/ata/libata-eh.c:819:7: note: in expansion of macro 'if'
else if ((ap->pflags & ATA_PFLAG_SCSI_HOTPLUG) &&
^~
vim +/if +819 drivers/ata/libata-eh.c
803 ap->ops->end_eh(ap);
804
805 spin_unlock_irqrestore(ap->lock, flags);
806 ata_eh_release(ap);
807 } else {
808 WARN_ON(ata_qc_from_tag(ap, ap->link.active_tag) == NULL);
809 ap->ops->eng_timeout(ap);
810 }
811
812 scsi_eh_flush_done_q(&ap->eh_done_q);
813
814 /* clean up */
815 spin_lock_irqsave(ap->lock, flags);
816
817 if (ap->pflags & ATA_PFLAG_LOADING)
818 ap->pflags &= ~ATA_PFLAG_LOADING;
> 819 else if ((ap->pflags & ATA_PFLAG_SCSI_HOTPLUG) &&
820 !(ap->pflags & ATA_PFLAG_SAS_HOST))
821 schedule_delayed_work(&ap->hotplug_task, 0);
822
823 if (ap->pflags & ATA_PFLAG_RECOVERED)
824 ata_port_info(ap, "EH complete\n");
825
826 ap->pflags &= ~(ATA_PFLAG_SCSI_HOTPLUG | ATA_PFLAG_RECOVERED);
827
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/octet-stream, Size: 24739 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-06-16 7:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-16 2:55 [PATCH V2] libata:fix kernel panic when hotplug DingXiang
2016-06-16 3:29 ` kbuild test robot
2016-06-16 7:16 ` kbuild test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).