From: Bart Van Assche <Bart.VanAssche@sandisk.com>
To: "hch@lst.de" <hch@lst.de>
Cc: "linux-scsi@vger.kernel.org" <linux-scsi@vger.kernel.org>
Subject: Re: [PATCH 1/2] qla2xxx: Fix a recently introduced memory leak
Date: Sun, 29 Jan 2017 05:17:38 +0000 [thread overview]
Message-ID: <1485667034.15853.1.camel@sandisk.com> (raw)
In-Reply-To: <20170126143614.GA19849@lst.de>
On Thu, 2017-01-26 at 15:36 +0100, hch@lst.de wrote:
> On Wed, Jan 25, 2017 at 03:47:20PM +0000, Bart Van Assche wrote:
> > =============================================================================
> > BUG kmalloc-16 (Not tainted): Redzone overwritten
> > -----------------------------------------------------------------------------
> >
> > Disabling lock debugging due to kernel taint
> > INFO: 0xffff880030bacc78-0xffff880030bacc7f. First byte 0xf instead of 0xcc
> > INFO: Allocated in irq_create_affinity_masks+0x5f/0x260 age=0 cpu=3 pid=812
> > ___slab_alloc.constprop.79+0x482/0x4f0
> > __slab_alloc.isra.75.constprop.78+0x55/0xa0
> > __kmalloc+0x27c/0x310
> > irq_create_affinity_masks+0x5f/0x260
>
> This is the normal affinity mask allocation.
(reduced CC-list again)
Hello Christoph,
It seems like irq_create_affinity_masks() wrote past the bounds of the masks array
it allocated. After I had added the following debug code in irq_create_affinity_masks():
WARN_ON_ONCE(affv <= 0);
pr_err("%s: affd = { .pre = %d, .post = %d }, nvecs = %d\n",
__func__, affd->pre_vectors, affd->post_vectors, nvecs);
The following output appeared:
WARNING: CPU: 0 PID: 814 at kernel/irq/affinity.c:69 irq_create_affinity_masks+0x2cd/0x2f0
Call Trace:
dump_stack+0x85/0xc2
__warn+0xcb/0xf0
warn_slowpath_null+0x1d/0x20
irq_create_affinity_masks+0x2cd/0x2f0
__pci_enable_msix+0x314/0x4c0
pci_alloc_irq_vectors_affinity+0xb7/0x140
qla2x00_request_irqs+0xa6/0x6d0 [qla2xxx]
qla2x00_probe_one+0xc2e/0x25f0 [qla2xxx]
pci_device_probe+0x8a/0xf0
driver_probe_device+0x1f5/0x450
__driver_attach+0xe3/0xf0
bus_for_each_dev+0x66/0xa0
driver_attach+0x1e/0x20
bus_add_driver+0x200/0x270
driver_register+0x60/0xe0
__pci_register_driver+0x5d/0x60
qla2x00_module_init+0x1c9/0x217 [qla2xxx]
do_one_initcall+0x44/0x180
do_init_module+0x5f/0x1f9
load_module+0x2582/0x2a00
SYSC_finit_module+0xbc/0xf0
SyS_finit_module+0xe/0x10
entry_SYSCALL_64_fastpath+0x23/0xc6
irq_create_affinity_masks: affd = { .pre = 2, .post = 0 }, nvecs = 2
affd comes from the qla2xxx driver: struct irq_affinity desc = { .pre_vectors =
QLA_BASE_VECTORS }. Shouldn't irq_calc_affinity_vectors() guarantee that it
returns a value that is strictly greater than affd->pre_vectors + affd->post_vectors
instead of greater than or equal to affd->pre_vectors + affd->post_vectors?
Thanks,
Bart.
next prev parent reply other threads:[~2017-01-29 5:17 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-23 16:34 [PATCH 0/2] qla2xxx: Two bug fixes Bart Van Assche
2017-01-23 16:34 ` [PATCH 1/2] qla2xxx: Fix a recently introduced memory leak Bart Van Assche
2017-01-23 16:34 ` Bart Van Assche
2017-01-23 16:45 ` Christoph Hellwig
2017-01-23 17:04 ` Madhani, Himanshu
2017-01-24 12:10 ` Johannes Thumshirn
2017-01-24 12:10 ` Johannes Thumshirn
2017-01-25 15:47 ` Bart Van Assche
2017-01-26 14:36 ` hch
2017-01-29 5:17 ` Bart Van Assche [this message]
2017-01-29 9:07 ` hch
2017-01-29 17:14 ` Bart Van Assche
2017-01-25 23:28 ` Martin K. Petersen
2017-01-25 23:28 ` Martin K. Petersen
2017-02-03 16:59 ` Bart Van Assche
2017-02-07 0:23 ` Martin K. Petersen
2017-01-23 16:34 ` [PATCH 2/2] qla2xxx: Avoid that issuing a LIP triggers a kernel crash Bart Van Assche
2017-01-23 16:34 ` Bart Van Assche
2017-01-23 17:41 ` Madhani, Himanshu
2017-01-24 12:12 ` Johannes Thumshirn
2017-01-24 12:12 ` Johannes Thumshirn
2017-01-24 14:59 ` Mauricio Faria de Oliveira
2017-01-25 22:05 ` Madhani, Himanshu
2017-01-25 23:29 ` Martin K. Petersen
2017-01-26 0:09 ` Mauricio Faria de Oliveira
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1485667034.15853.1.camel@sandisk.com \
--to=bart.vanassche@sandisk.com \
--cc=hch@lst.de \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.