* [PATCH] Fix for 4.4-rc7
@ 2015-12-29 13:37 Matias Bjørling
2015-12-29 13:37 ` [PATCH] lightnvm: wrong offset in bad blk lun calculation Matias Bjørling
0 siblings, 1 reply; 3+ messages in thread
From: Matias Bjørling @ 2015-12-29 13:37 UTC (permalink / raw)
To: linux-block, linux-kernel, axboe; +Cc: Matias Bjørling
Hi Jens,
Sorry for sending a patch so late. I found a bug upon generic media
manager initialization, followed by bad block list traversal, leading
to a faulty out-of-bound memory access. Unfortunately, the media manager
is initialized just after device initialization. In most cases the
kernel will crash upon boot when a device that supports multiple
channels is available.
Could you please pick this one up?
Thanks,
Matias
Matias Bjørling (1):
lightnvm: wrong offset in bad blk lun calculation
drivers/lightnvm/gennvm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.1.4
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH] lightnvm: wrong offset in bad blk lun calculation
2015-12-29 13:37 [PATCH] Fix for 4.4-rc7 Matias Bjørling
@ 2015-12-29 13:37 ` Matias Bjørling
2015-12-29 15:28 ` Jens Axboe
0 siblings, 1 reply; 3+ messages in thread
From: Matias Bjørling @ 2015-12-29 13:37 UTC (permalink / raw)
To: linux-block, linux-kernel, axboe; +Cc: Matias Bjørling
dev->nr_luns reports the total number of luns available in a device
while dev->luns_per_chnl is the number of luns per channel.
When multiple channels are available, the offset is calculated from a
channel and lun id into a linear array. As it multiplies with
the total number of luns, we go out of bound when channel id > 0 and
causes the kernel to panic when we read a protected kernel memory area.
Signed-off-by: Matias Bjørling <m@bjorling.me>
---
drivers/lightnvm/gennvm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/lightnvm/gennvm.c b/drivers/lightnvm/gennvm.c
index 04aead4..12ddcaa 100644
--- a/drivers/lightnvm/gennvm.c
+++ b/drivers/lightnvm/gennvm.c
@@ -75,7 +75,7 @@ static int gennvm_block_bb(struct ppa_addr ppa, int nr_blocks, u8 *blks,
struct nvm_block *blk;
int i;
- lun = &gn->luns[(dev->nr_luns * ppa.g.ch) + ppa.g.lun];
+ lun = &gn->luns[(dev->luns_per_chnl * ppa.g.ch) + ppa.g.lun];
for (i = 0; i < nr_blocks; i++) {
if (blks[i] == 0)
--
2.1.4
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] lightnvm: wrong offset in bad blk lun calculation
2015-12-29 13:37 ` [PATCH] lightnvm: wrong offset in bad blk lun calculation Matias Bjørling
@ 2015-12-29 15:28 ` Jens Axboe
0 siblings, 0 replies; 3+ messages in thread
From: Jens Axboe @ 2015-12-29 15:28 UTC (permalink / raw)
To: Matias Bjørling, linux-block, linux-kernel, axboe
On 12/29/2015 06:37 AM, Matias Bjørling wrote:
> dev->nr_luns reports the total number of luns available in a device
> while dev->luns_per_chnl is the number of luns per channel.
>
> When multiple channels are available, the offset is calculated from a
> channel and lun id into a linear array. As it multiplies with
> the total number of luns, we go out of bound when channel id > 0 and
> causes the kernel to panic when we read a protected kernel memory area.
Added for 4.4, thanks.
--
Jens Axboe
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-12-29 15:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-29 13:37 [PATCH] Fix for 4.4-rc7 Matias Bjørling
2015-12-29 13:37 ` [PATCH] lightnvm: wrong offset in bad blk lun calculation Matias Bjørling
2015-12-29 15:28 ` Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).