lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <47F4E694.4060103@panasas.com>
Date:	Thu, 03 Apr 2008 17:15:48 +0300
From:	Boaz Harrosh <bharrosh@...asas.com>
To:	schwidefsky@...ibm.com
CC:	linux-kernel@...r.kernel.org, k-ueda@...jp.nec.com,
	j-nomura@...jp.nec.com, jens.axboe@...cle.com, zaitcev@...hat.com
Subject: Re: kernel BUG at drivers/block/ub.c:820!

On Thu, Apr 03 2008 at 16:57 +0300, Martin Schwidefsky <schwidefsky@...ibm.com> wrote:
> On Thu, 2008-04-03 at 14:32 +0300, Boaz Harrosh wrote:
>>> With git bisect I could came up with:
>>> 610d8b0c972e3b75493efef8e96175518fd736d3 good
>>> 3bcddeac1c4c7e6fb90531b80f236b1a05dfe514 compile error
>>> 5450d3e1d68f10be087f0855d8bad5458b50ecbe compile error
>>> b8286239ddaf2632cec65c01e68a403ac4c3d079 compile error
>>> 7d699bafe258ebd8f9b4ec182c554200b369a504 bad
>>>
>>> If I replace the BUG() with a printk my kernel survives the usb plug but
>>> udev doesn't find the stick.
>>>
>> It is not the right fix but what happens if you change above code to this:
>>
>> static void ub_end_rq(struct request *rq, unsigned int scsi_status)
>> {
>>         int error;
>>
>>         if (scsi_status == 0) {
>>                 error = 0;
>>         } else {
>>                 error = -EIO;
>>                 rq->errors = scsi_status;
>>         }
>>         if (__blk_end_request(rq, error, blk_rq_bytes(rq)))
>>                 __blk_end_request(rq, error, ~0);  /* <-- added line BUG removed. */
>>         }
>> }
> 
> I've tried this patch:
> 
> --- snip
> diff --git a/drivers/block/ub.c b/drivers/block/ub.c
> index c452e2d..0031e72 100644
> --- a/drivers/block/ub.c
> +++ b/drivers/block/ub.c
> @@ -808,7 +808,7 @@ static void ub_rw_cmd_done(struct ub_dev *sc, struct ub_scsi_cmd *cmd)
>  
>  static void ub_end_rq(struct request *rq, unsigned int scsi_status)
>  {
> -	int error;
> +	int error, size;
>  
>  	if (scsi_status == 0) {
>  		error = 0;
> @@ -816,8 +816,12 @@ static void ub_end_rq(struct request *rq, unsigned int scsi_status)
>  		error = -EIO;
>  		rq->errors = scsi_status;
>  	}
> -	if (__blk_end_request(rq, error, blk_rq_bytes(rq)))
> -		BUG();
> +	size = blk_rq_bytes(rq);
> +	if (__blk_end_request(rq, error, size)) {
> +		  printk(KERN_WARNING "ub_end_rq: __blk_end_request failed "
> +			 "with size %i\n", size);
> +		__blk_end_request(rq, error, ~0);
> +	}
>  }
>  
>  static int ub_rw_cmd_retry(struct ub_dev *sc, struct ub_lun *lun,
> 
> --- snip
> 
> The output on the console:
> 
> # usb 5-4: new high speed USB device using ehci_hcd and address 3
> # usb 5-4: configuration #1 chosen from 1 choice
> #  uba: uba1
> # usbcore: registered new interface driver ub
> # Initializing USB Mass Storage driver...
> # usbcore: registered new interface driver usb-storage
> # USB Mass Storage support registered.
> # ub_end_rq: __blk_end_request failed with size 218
> # ub_end_rq: __blk_end_request failed with size 218
> # ub_end_rq: __blk_end_request failed with size 218
> # ub_end_rq: __blk_end_request failed with size 218
> 
> I can mount the stick and read files from it without any additional
> warnings. Just the initial detection seems to create the odd sized
> requests.
> 

OK So first this confirms that for ages the ub.c driver was leaking BIO's
on first connection. Just that it was never noticed before.

or that we have a BLOCK_PC at hand but before the 7d699baf patch
we completed with - rq->hard_nr_sectors << 9 - where now blk_rq_bytes(rq)
will return 218 which is less. Could you also put rq->hard_nr_sectors
in the print above?

Did you mange to find what is that 218 bytes command. Put a WARN_ON(1)
in ub_request_fn_1 for any command that has a blk_rq_bytes(rq) of 218
so we'll see who issues these commands. And what is the real bug.

Boaz
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ