lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Jul 2009 09:07:11 +0200 From: Jens Axboe <jens.axboe@...cle.com> To: Jens Rosenboom <jens@...one.net> Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: Oops when writing to /sys/block/ram0/queue/max_sectors_kb On Thu, Jul 23 2009, Jens Rosenboom wrote: > Even when writing the current value again, I get this Oops and further > reads from that file stall. > > # cat /sys/block/ram0/queue/max_sectors_kb > 512 > # echo 512 >/sys/block/ram0/queue/max_sectors_kb > [Produces an Oops and connection closes] > [After logging in again:] > # cat /sys/block/ram0/queue/max_sectors_kb > [hangs] > > Corresponding output from dmesg: > > [ 1254.984435] BUG: unable to handle kernel NULL pointer dereference at > (null) > [ 1254.988005] IP: [<c12a1550>] _spin_lock_irq+0x10/0x30 > [ 1254.988005] *pde = 00000000 > [ 1254.988005] Oops: 0002 [#1] SMP > [ 1254.988005] last sysfs > file: /sys/devices/virtual/block/ram0/queue/max_sectors_kb > [ 1254.988005] Modules linked in: ipv6 af_packet usbhid hid uhci_hcd > ohci_hcd ehci_hcd usbcore 8021q garp stp serio_raw psmouse evdev > i2c_piix4 button container pcspkr processor i2c_core ext3 jbd mbcache > dm_mirror dm_region_hash dm_log dm_snapshot dm_mod raid10 raid456 > raid6_pq async_xor async_memcpy async_tx xor raid1 raid0 multipath > linear md_mod sg sr_mod cdrom ata_generic pata_acpi pata_serverworks > megaraid libata floppy e100 mii scsi_mod cpqarray thermal fan > [ 1254.988005] > [ 1254.988005] Pid: 3822, comm: bash Not tainted (2.6.31-rc4 #3) > ProLiant DL360 > [ 1254.988005] EIP: 0060:[<c12a1550>] EFLAGS: 00010012 CPU: 0 > [ 1254.988005] EIP is at _spin_lock_irq+0x10/0x30 > [ 1254.988005] EAX: 00000100 EBX: 00000004 ECX: c379e003 EDX: 00000000 > [ 1254.988005] ESI: 00000200 EDI: f6bb0000 EBP: c3605f00 ESP: c3605f00 > [ 1254.988005] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 > [ 1254.988005] Process bash (pid: 3822, ti=c3604000 task=f6bde800 > task.ti=c3604000) > [ 1254.988005] Stack: > [ 1254.988005] c3605f1c c115d93b 00000004 c379e003 f6bb0000 f6bb0470 > c13ca238 c3605f34 > [ 1254.988005] <0> c115d9a7 c379e000 f707c7e0 c13ca1ac f69bf5c0 c3605f64 > c111408d 00000004 > [ 1254.988005] <0> 00000004 08e99408 f6976480 f69bf5d4 c13ca1ac f6bb0148 > f6976480 08e99408 > [ 1254.988005] Call Trace: > [ 1254.988005] [<c115d93b>] ? queue_max_sectors_store+0x5b/0x80 > [ 1254.988005] [<c115d9a7>] ? queue_attr_store+0x47/0x70 > [ 1254.988005] [<c111408d>] ? sysfs_write_file+0x9d/0xf0 > [ 1254.988005] [<c10c889c>] ? vfs_write+0x9c/0x180 > [ 1254.988005] [<c1113ff0>] ? sysfs_write_file+0x0/0xf0 > [ 1254.988005] [<c10c8a3d>] ? sys_write+0x3d/0x70 > [ 1254.988005] [<c1003049>] ? syscall_call+0x7/0xb > [ 1254.988005] Code: 01 00 00 f0 66 0f c1 02 38 e0 74 06 f3 90 8a 02 eb > f6 89 c8 5d c3 90 8d 74 26 00 55 89 c2 89 e5 fa 90 8d 74 26 00 b8 00 01 > 00 00 <f0> 66 0f c1 02 38 e0 74 06 f3 90 8a 02 eb f6 5d c3 eb 0d 90 90 > [ 1254.988005] EIP: [<c12a1550>] _spin_lock_irq+0x10/0x30 SS:ESP > 0068:c3605f00 > [ 1254.988005] CR2: 0000000000000000 > [ 1254.988005] ---[ end trace ee0e56d1adcbecab ]--- Looks like this will hit nonrot/merge/etc store functions after we exposed these sysfs knobs for non-request_fn drivers too. Can you try the below? Should fix all of them up. diff --git a/block/blk-core.c b/block/blk-core.c index 4b45435..a0c340d 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -575,13 +575,6 @@ blk_init_queue_node(request_fn_proc *rfn, spinlock_t *lock, int node_id) return NULL; } - /* - * if caller didn't supply a lock, they get per-queue locking with - * our embedded lock - */ - if (!lock) - lock = &q->__queue_lock; - q->request_fn = rfn; q->prep_rq_fn = NULL; q->unplug_fn = generic_unplug_device; diff --git a/block/blk-settings.c b/block/blk-settings.c index bd582a7..8a3ea3b 100644 --- a/block/blk-settings.c +++ b/block/blk-settings.c @@ -165,6 +165,13 @@ void blk_queue_make_request(struct request_queue *q, make_request_fn *mfn) blk_set_default_limits(&q->limits); /* + * If the caller didn't supply a lock, fall back to our embedded + * per-queue locks + */ + if (!q->queue_lock) + q->queue_lock = &q->__queue_lock; + + /* * by default assume old behaviour and bounce for any highmem page */ blk_queue_bounce_limit(q, BLK_BOUNCE_HIGH); -- Jens Axboe -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists