lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080131130558.GV15220@kernel.dk>
Date:	Thu, 31 Jan 2008 14:05:58 +0100
From:	Jens Axboe <jens.axboe@...cle.com>
To:	Nai Xia <nai.xia@...il.com>
Cc:	Roland Dreier <rdreier@...co.com>,
	Kiyoshi Ueda <k-ueda@...jp.nec.com>, bzolnier@...il.com,
	bbpetkov@...oo.de, flo@...822.org, linux-kernel@...r.kernel.org,
	j-nomura@...jp.nec.com, linux-ide@...r.kernel.org
Subject: Re: kernel BUG at ide-cd.c:1726 in 2.6.24-03863-g0ba6c33 && -g8561b089

On Thu, Jan 31 2008, Nai Xia wrote:
> My dmesg relevant info is quite similar:
> 
> [    6.875041] Freeing unused kernel memory: 320k freed
> [    8.143120] ide-cd: rq still having bio: dev hdc: type=2, flags=114c8
> [    8.144439]
> [    8.144439] sector 10824201199534213, nr/cnr 0/0
> [    8.144439] bio cf029280, biotail cf029280, buffer 00000000, data
> 00000000, len 158
> [    8.144439] cdb: 12 00 00 00 fe 00 00 00 00 00 00 00 00 00 00 00
> [    8.144439] backup: data_len=158  bi_size=158
> [    8.160756] ide-cd: rq still having bio: dev hdc: type=2, flags=114c8
> [    8.160756]
> [    8.160756] sector 2669858, nr/cnr 0/0
> [    8.160756] bio cf029300, biotail cf029300, buffer 00000000, data
> 00000000, len 158
> [    8.160756] cdb: 12 01 00 00 fe 00 00 00 00 00 00 00 00 00 00 00
> [    8.160756] backup: data_len=158  bi_size=158
> [   14.851101] eth0: link up
> [   27.121883] eth0: no IPv6 routers present
> 
> 
> And by the way, Kiyoshi,
> This can be reproduced in a typical setup vmware workstation 6.02 with
> a vritual IDE cdrom,
> in case you wanna catch that with your own eyes. :-)
> Thanks for your trying hard to correct this annoying bug.

The below fix should be enough. It's perfectly legal to have leftover
byte counts when the drive signals completion, happens all the time for
eg user issued commands where you don't know an exact byte count.

diff --git a/drivers/ide/ide-cd.c b/drivers/ide/ide-cd.c
index 74c6087..bee05a3 100644
--- a/drivers/ide/ide-cd.c
+++ b/drivers/ide/ide-cd.c
@@ -1722,7 +1722,7 @@ static ide_startstop_t cdrom_newpc_intr(ide_drive_t *drive)
 	 */
 	if ((stat & DRQ_STAT) == 0) {
 		spin_lock_irqsave(&ide_lock, flags);
-		if (__blk_end_request(rq, 0, 0))
+		if (__blk_end_request(rq, 0, rq->data_len))
 			BUG();
 		HWGROUP(drive)->rq = NULL;
 		spin_unlock_irqrestore(&ide_lock, flags);

-- 
Jens Axboe

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ