From patchwork Mon May 9 14:04:11 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tejun Heo X-Patchwork-Id: 94765 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id A86A5B6F3A for ; Tue, 10 May 2011 00:04:19 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753772Ab1EIOES (ORCPT ); Mon, 9 May 2011 10:04:18 -0400 Received: from mail-bw0-f46.google.com ([209.85.214.46]:40263 "EHLO mail-bw0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753430Ab1EIOER (ORCPT ); Mon, 9 May 2011 10:04:17 -0400 Received: by bwz15 with SMTP id 15so3997477bwz.19 for ; Mon, 09 May 2011 07:04:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:date:from:to:cc:subject:message-id :references:mime-version:content-type:content-disposition :in-reply-to:user-agent; bh=IDXY4IB5Tp4S3xuAlI02BseC0sbhWTxbX1oP1WgXUcg=; b=vxNXYIcBeBdWTq1mH25+szym1Ujk5khaYDhN+j8rquIrNHmbtYh0G6KlbhQAXa9+yO z1ZVYbsAoI5cP34ehfzBTdXVBB1b2j76M+2dbdMAVqcpgwjll9Cb1/tNdZkt6vxjveLY +bgjqADWaanPcK9n6AmOewXUMjf5EIFbu1xMU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=ckyCryVfqEeMuTmiGqBBoFWoB53gd7UmE13K4RKJU1KeULPsPZjz6heYInuxyqcOrl JEPHlVpTvu5eyhzDHRU+AWe93iidAGzuI7FfFeNrKJ4JtCpE3Yr6Q6OwEbJG0cVVP1uu Bvs1HwEbxFUGOOZYJeHcnpcFD7WrOcp/sB+bo= Received: by 10.204.136.210 with SMTP id s18mr1134101bkt.56.1304949855480; Mon, 09 May 2011 07:04:15 -0700 (PDT) Received: from htj.dyndns.org ([130.75.117.88]) by mx.google.com with ESMTPS id 16sm3702580bkm.18.2011.05.09.07.04.13 (version=SSLv3 cipher=OTHER); Mon, 09 May 2011 07:04:13 -0700 (PDT) Date: Mon, 9 May 2011 16:04:11 +0200 From: Tejun Heo To: Jeff Garzik , linux-ide@vger.kernel.org Cc: Kernel List , "Nathan A. Mourey II" , Connor H Subject: [PATCH #upstream-fixes] libata: fix oops when LPM is used with PMP Message-ID: <20110509140411.GJ1661@htj.dyndns.org> References: <1304555277.2059.2.camel@localhost.localdomain> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1304555277.2059.2.camel@localhost.localdomain> User-Agent: Mutt/1.5.20 (2009-06-14) Sender: linux-ide-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ide@vger.kernel.org ae01b2493c (libata: Implement ATA_FLAG_NO_DIPM and apply it to mcp65) added ATA_FLAG_NO_DIPM and made ata_eh_set_lpm() check the flag. However, @ap is NULL if @link points to a PMP link and thus the unconditional @ap->flags dereference leads to the following oops. BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 IP: [] ata_eh_recover+0x9a1/0x1510 ... Pid: 295, comm: scsi_eh_4 Tainted: P 2.6.38.5-core2 #1 System76, Inc. Serval Professional/Serval Professional RIP: 0010:[] [] ata_eh_recover+0x9a1/0x1510 RSP: 0018:ffff880132defbf0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff880132f40000 RCX: 0000000000000000 RDX: ffff88013377c000 RSI: ffff880132f40000 RDI: 0000000000000000 RBP: ffff880132defce0 R08: ffff88013377dc58 R09: ffff880132defd98 R10: 0000000000000000 R11: 00000000ffffffff R12: 0000000000000000 R13: 0000000000000000 R14: ffff88013377c000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8800bf700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000018 CR3: 0000000001a03000 CR4: 00000000000406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process scsi_eh_4 (pid: 295, threadinfo ffff880132dee000, task ffff880133b416c0) Stack: 0000000000000000 ffff880132defcc0 0000000000000000 ffff880132f42738 ffffffff813ee8f0 ffffffff813eefe0 ffff880132defd98 ffff88013377f190 ffffffffa00b3e30 ffffffff813ef030 0000000032defc60 ffff880100000000 Call Trace: [] sata_pmp_error_handler+0x607/0xc30 [] ahci_error_handler+0x1f/0x70 [libahci] [] ata_scsi_error+0x5be/0x900 [] scsi_error_handler+0x124/0x650 [] kthread+0x96/0xa0 [] kernel_thread_helper+0x4/0x10 Code: 8b 95 70 ff ff ff b8 00 00 00 00 48 3b 9a 10 2e 00 00 48 0f 44 c2 48 89 85 70 ff ff ff 48 8b 8d 70 ff ff ff f6 83 69 02 00 00 01 <48> 8b 41 18 0f 85 48 01 00 00 48 85 c9 74 12 48 8b 51 08 48 83 RIP [] ata_eh_recover+0x9a1/0x1510 RSP CR2: 0000000000000018 Fix it by testing @link->ap->flags instead. stable: ATA_FLAG_NO_DIPM was added during 2.6.39 cycle but was backported to 2.6.37 and 38. This is a fix for that and thus also applicable to 2.6.37 and 38. Signed-off-by: Tejun Heo Reported-by: "Nathan A. Mourey II" LKML-Reference: <1304555277.2059.2.camel@localhost.localdomain> Cc: Connor H Cc: stable@kernel.org --- Nathan, thanks a lot for the report. Connor, thanks for the analysis but it was a bit off. :-) drivers/ata/libata-eh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- To unsubscribe from this list: send the line "unsubscribe linux-ide" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c index f26f2fe..dad9fd6 100644 --- a/drivers/ata/libata-eh.c +++ b/drivers/ata/libata-eh.c @@ -3316,7 +3316,7 @@ static int ata_eh_set_lpm(struct ata_link *link, enum ata_lpm_policy policy, struct ata_eh_context *ehc = &link->eh_context; struct ata_device *dev, *link_dev = NULL, *lpm_dev = NULL; enum ata_lpm_policy old_policy = link->lpm_policy; - bool no_dipm = ap->flags & ATA_FLAG_NO_DIPM; + bool no_dipm = link->ap->flags & ATA_FLAG_NO_DIPM; unsigned int hints = ATA_LPM_EMPTY | ATA_LPM_HIPM; unsigned int err_mask; int rc;