From 8d6940a8b21e19d2553f27b8932c1a519219ce2d Mon Sep 17 00:00:00 2001 From: Josh Boyer Date: Nov 26 2012 18:43:38 +0000 Subject: Fix ata command timeout oops in mvsas (rhbz 869629) --- diff --git a/SCSI-mvsas-Fix-oops-when-ata-commond-timeout.patch b/SCSI-mvsas-Fix-oops-when-ata-commond-timeout.patch new file mode 100644 index 0000000..0d83e8d --- /dev/null +++ b/SCSI-mvsas-Fix-oops-when-ata-commond-timeout.patch @@ -0,0 +1,102 @@ +From 95ab000388974d8ffef8257306b4be6e8778b768 Mon Sep 17 00:00:00 2001 +From: Jianpeng Ma +Date: Sat, 4 Aug 2012 10:34:14 +0800 +Subject: [PATCH] [SCSI] mvsas: Fix oops when ata commond timeout. + +Kernel message follows: + +[ 511.712011] sd 11:0:0:0: [sdf] command ffff8800a4e81400 timed out +[ 511.712022] sas: Enter sas_scsi_recover_host busy: 1 failed: 1 +[ 511.712024] sas: trying to find task 0xffff8800a4d24c80 +[ 511.712026] sas: sas_scsi_find_task: aborting task 0xffff8800a4d24c80 +[ 511.712029] drivers/scsi/mvsas/mv_sas.c 1631:mvs_abort_task() +mvi=ffff8800b5300000 task=ffff8800a4d24c80 slot=ffff8800b5325038 +slot_idx=x0 +[ 511.712035] BUG: unable to handle kernel NULL pointer dereference at +0000000000000058 +[ 511.712040] IP: [] _raw_spin_lock_irqsave+0xc/0x30 +[ 511.712047] PGD 0 +[ 511.712049] Oops: 0002 [#1] SMP +[ 511.712052] Modules linked in: mvsas libsas scsi_transport_sas +raid456 async_pq async_xor xor async_memcpy async_raid6_recov raid6_pq +async_tx [last unloaded: mvsas] +[ 511.712062] CPU 3 +[ 511.712066] Pid: 7322, comm: scsi_eh_11 Not tainted 3.5.0+ #106 To Be +Filled By O.E.M. To Be Filled By O.E.M./To be filled by O.E.M. +[ 511.712068] RIP: 0010:[] [] +_raw_spin_lock_irqsave+0xc/0x30 +[ 511.712073] RSP: 0018:ffff880098d3bcb0 EFLAGS: 00010086 +[ 511.712074] RAX: 0000000000000286 RBX: 0000000000000058 RCX: +00000000000000c3 +[ 511.712076] RDX: 0000000000000100 RSI: 0000000000000046 RDI: +0000000000000058 +[ 511.712078] RBP: ffff880098d3bcb0 R08: 000000000000000a R09: +0000000000000000 +[ 511.712080] R10: 00000000000004e8 R11: 00000000000004e7 R12: +ffff8800a4d24c80 +[ 511.712082] R13: 0000000000000050 R14: ffff8800b5325038 R15: +ffff8800a4eafe00 +[ 511.712084] FS: 0000000000000000(0000) GS:ffff8800bdb80000(0000) +knlGS:0000000000000000 +[ 511.712086] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b +[ 511.712088] CR2: 0000000000000058 CR3: 00000000a4ce6000 CR4: +00000000000407e0 +[ 511.712090] DR0: 0000000000000000 DR1: 0000000000000000 DR2: +0000000000000000 +[ 511.712091] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: +0000000000000400 +[ 511.712093] Process scsi_eh_11 (pid: 7322, threadinfo +ffff880098d3a000, task ffff8800a61dde40) +[ 511.712095] Stack: +[ 511.712096] ffff880098d3bce0 ffffffff81060683 ffff880000000000 +0000000000000000 +[ 511.712099] ffff8800a4d24c80 ffff8800b5300000 ffff880098d3bcf0 +ffffffffa0076a88 +[ 511.712102] ffff880098d3bd50 ffffffffa0079bb5 ffff880000000000 +ffff880000000018 +[ 511.712106] Call Trace: +[ 511.712110] [] complete+0x23/0x60 +[ 511.712115] [] mvs_tmf_timedout+0x18/0x20 [mvsas] +[ 511.712119] [] mvs_slot_complete+0x765/0x7d0 +[mvsas] +[ 511.712125] [] sas_scsi_recover_host+0x55d/0xdb0 +[libsas] +[ 511.712128] [] ? idle_balance+0xe0/0x130 +[ 511.712133] [] scsi_error_handler+0xcc/0x470 +[ 511.712136] [] ? __schedule+0x370/0x730 +[ 511.712139] [] ? __wake_up_common+0x58/0x90 +[ 511.712142] [] ? scsi_eh_get_sense+0x110/0x110 +[ 511.712146] [] kthread+0x8e/0xa0 +[ 511.712150] [] kernel_thread_helper+0x4/0x10 +[ 511.712153] [] ? flush_kthread_work+0x120/0x120 +[ 511.712156] [] ? gs_change+0xb/0xb +[ 511.712157] Code: 8a 00 01 00 00 89 d0 f0 66 0f b1 0f 66 39 d0 0f 94 +c0 0f b6 c0 5d c3 0f 1f 84 00 00 00 00 00 55 48 89 e5 9c 58 fa ba 00 01 +00 00 66 0f c1 17 0f b6 ce 38 d1 74 11 0f 1f 84 00 00 00 00 00 f3 +[ 511.712191] RIP [] _raw_spin_lock_irqsave+0xc/0x30 +[ 511.712194] RSP +[ 511.712196] CR2: 0000000000000058 +[ 511.712198] ---[ end trace a781c7b1e65db92c ]--- + +Signed-off-by: Jianpeng Ma +Signed-off-by: James Bottomley +--- + drivers/scsi/mvsas/mv_sas.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/mvsas/mv_sas.c b/drivers/scsi/mvsas/mv_sas.c +index 4539d59..a3776d6 100644 +--- a/drivers/scsi/mvsas/mv_sas.c ++++ b/drivers/scsi/mvsas/mv_sas.c +@@ -1629,7 +1629,7 @@ int mvs_abort_task(struct sas_task *task) + mv_dprintk("mvs_abort_task() mvi=%p task=%p " + "slot=%p slot_idx=x%x\n", + mvi, task, slot, slot_idx); +- mvs_tmf_timedout((unsigned long)task); ++ task->task_state_flags |= SAS_TASK_STATE_ABORTED; + mvs_slot_task_free(mvi, task, slot, slot_idx); + rc = TMF_RESP_FUNC_COMPLETE; + goto out; +-- +1.8.0 + diff --git a/kernel.spec b/kernel.spec index 04965d1..0239260 100644 --- a/kernel.spec +++ b/kernel.spec @@ -820,6 +820,9 @@ Patch21227: KVM-x86-invalid-opcode-oops-on-SET_SREGS-with-OSXSAV.patch Patch21228: exec-do-not-leave-bprm-interp-on-stack.patch Patch21229: exec-use-eloop-for-max-recursion-depth.patch +#rhbz 869629 +Patch21230: SCSI-mvsas-Fix-oops-when-ata-commond-timeout.patch + # END OF PATCH DEFINITIONS %endif @@ -1587,6 +1590,9 @@ ApplyPatch KVM-x86-invalid-opcode-oops-on-SET_SREGS-with-OSXSAV.patch ApplyPatch exec-do-not-leave-bprm-interp-on-stack.patch ApplyPatch exec-use-eloop-for-max-recursion-depth.patch +#rhbz 869629 +ApplyPatch SCSI-mvsas-Fix-oops-when-ata-commond-timeout.patch + # END OF PATCH APPLICATIONS %endif @@ -2453,6 +2459,7 @@ fi # || || %changelog * Mon Nov 26 2012 Josh Boyer +- Fix ata command timeout oops in mvsas (rhbz 869629) - Enable CONFIG_UIO_PDRV on ppc64 (rhbz 878180) - CVE-2012-4530: stack disclosure binfmt_script load_script (rhbz 868285 880147)