Re: [PATCH v2 02/16] scsi: don't use fc_bsg_job::request and... | lkml

[PATCH v2 00/16] Convert FibreChannel bsg code to use bsg-lib · Johannes Thumshirn <hidden> · 2016-10-12
[PATCH v2 01/16] scsi: Get rid of struct fc_bsg_buffer · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 01/16] scsi: Get rid of struct fc_bsg_buffer · Hannes Reinecke <hare@suse.de> · 2016-10-13
[PATCH v2 15/16] scsi: fc: move FC transport's bsg code to bsg-lib · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 15/16] scsi: fc: move FC transport's bsg code to bsg-lib · Hannes Reinecke <hare@suse.de> · 2016-10-13
[PATCH v2 16/16] block: unexport bsg_softirq_done() again · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 16/16] block: unexport bsg_softirq_done() again · Hannes Reinecke <hare@suse.de> · 2016-10-13
[PATCH v2 14/16] block: add bsg_job_put() and bsg_job_get() · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 14/16] block: add bsg_job_put() and bsg_job_get() · Hannes Reinecke <hare@suse.de> · 2016-10-13
[PATCH v2 13/16] scsi: fc: use bsg_job_done · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 13/16] scsi: fc: use bsg_job_done · Hannes Reinecke <hare@suse.de> · 2016-10-13
[PATCH v2 12/16] scsi: fc: use bsg_softirq_done · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 12/16] scsi: fc: use bsg_softirq_done · Hannes Reinecke <hare@suse.de> · 2016-10-13
[PATCH v2 11/16] scsi: fc: Use bsg_destroy_job · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 11/16] scsi: fc: Use bsg_destroy_job · Hannes Reinecke <hare@suse.de> · 2016-10-13
[PATCH v2 10/16] scsi: change FC drivers to use 'struct bsg_job' · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 10/16] scsi: change FC drivers to use 'struct bsg_job' · Hannes Reinecke <hare@suse.de> · 2016-10-13
[PATCH v2 09/16] block: add reference counting for struct bsg_job · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 09/16] block: add reference counting for struct bsg_job · Hannes Reinecke <hare@suse.de> · 2016-10-13
[PATCH v2 08/16] scsi: fc: implement kref backed reference counting · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 08/16] scsi: fc: implement kref backed reference counting · Hannes Reinecke <hare@suse.de> · 2016-10-13
Re: [PATCH v2 08/16] scsi: fc: implement kref backed reference counting · Johannes Thumshirn <hidden> · 2016-10-13
[PATCH v2 07/16] scsi: libfc: don't set FC_RQST_STATE_DONE before calling fc_bsg_jobdone() · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 07/16] scsi: libfc: don't set FC_RQST_STATE_DONE before calling fc_bsg_jobdone() · Hannes Reinecke <hare@suse.de> · 2016-10-13
[PATCH v2 02/16] scsi: don't use fc_bsg_job::request and fc_bsg_job::reply directly · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 02/16] scsi: don't use fc_bsg_job::request and fc_bsg_job::reply directly · Hannes Reinecke <hare@suse.de> · 2016-10-13
Re: [PATCH v2 02/16] scsi: don't use fc_bsg_job::request and fc_bsg_job::reply directly · Steffen Maier <hidden> · 2016-10-13
Re: [PATCH v2 02/16] scsi: don't use fc_bsg_job::request and fc_bsg_job::reply directly · Johannes Thumshirn <hidden> · 2016-10-13
Re: [PATCH v2 02/16] scsi: don't use fc_bsg_job::request and fc_bsg_job::reply directly · Steffen Maier <hidden> · 2016-10-28
Re: [PATCH v2 02/16] scsi: don't use fc_bsg_job::request and fc_bsg_job::reply directly · Hannes Reinecke <hare@suse.de> · 2016-10-28
Re: [PATCH v2 02/16] scsi: don't use fc_bsg_job::request and fc_bsg_job::reply directly · Steffen Maier <hidden> · 2016-10-28
Re: [PATCH v2 02/16] scsi: don't use fc_bsg_job::request and fc_bsg_job::reply directly · Andreas Krebbel1 <hidden> · 2016-10-28
Re: [PATCH v2 02/16] scsi: don't use fc_bsg_job::request and fc_bsg_job::reply directly · Johannes Thumshirn <hidden> · 2016-10-30
[PATCH v2 06/16] scsi: fc: provide fc_bsg_to_rport() helper · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 06/16] scsi: fc: provide fc_bsg_to_rport() helper · Hannes Reinecke <hare@suse.de> · 2016-10-13
[PATCH v2 04/16] scsi: Unify interfaces of fc_bsg_jobdone and bsg_job_done · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 04/16] scsi: Unify interfaces of fc_bsg_jobdone and bsg_job_done · Hannes Reinecke <hare@suse.de> · 2016-10-13
[PATCH v2 05/16] scsi: fc: provide fc_bsg_to_shost() helper · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 05/16] scsi: fc: provide fc_bsg_to_shost() helper · Hannes Reinecke <hare@suse.de> · 2016-10-13
[PATCH v2 03/16] scsi: fc: Export fc_bsg_jobdone and use it in FC drivers · Johannes Thumshirn <hidden> · 2016-10-12
Re: [PATCH v2 03/16] scsi: fc: Export fc_bsg_jobdone and use it in FC drivers · Hannes Reinecke <hare@suse.de> · 2016-10-13
Re: [PATCH v2 00/16] Convert FibreChannel bsg code to use bsg-lib · Steffen Maier <hidden> · 2016-10-12
Re: [PATCH v2 00/16] Convert FibreChannel bsg code to use bsg-lib · Johannes Thumshirn <hidden> · 2016-10-13

Re: [PATCH v2 02/16] scsi: don't use fc_bsg_job::request and fc_bsg_job::reply directly

From: Hannes Reinecke <hare@suse.de>
Date: 2016-10-28 11:31:24
Also in: linux-scsi, linuxppc-dev

On 10/28/2016 11:53 AM, Steffen Maier wrote:


On 10/13/2016 06:24 PM, Johannes Thumshirn wrote:

quoted

On Thu, Oct 13, 2016 at 05:15:25PM +0200, Steffen Maier wrote:

quoted

I'm puzzled.

$ git bisect start fc_bsg master

quoted

3087864ce3d7282f59021245d8a5f83ef1caef18 is the first bad commit
commit 3087864ce3d7282f59021245d8a5f83ef1caef18
Author: Johannes Thumshirn [off-list ref]
Date:   Wed Oct 12 15:06:28 2016 +0200

    scsi: don't use fc_bsg_job::request and fc_bsg_job::reply directly

    Don't use fc_bsg_job::request and fc_bsg_job::reply directly,
but use
    helper variables bsg_request and bsg_reply. This will be
helpfull  when
    transitioning to bsg-lib.

    Signed-off-by: Johannes Thumshirn [off-list ref]

:040000 040000 140c4b6829d5cfaec4079716e0795f63f8bc3bd2
0d9fe225615679550be91fbd9f84c09ab1e280fc M    drivers

From there (on the reverse bisect path) I get the following Oops,
except for the full patch set having another stack trace as in my
previous
mail (dying in zfcp code).

[...]

quoted

@@ -3937,6 +3944,7 @@ fc_bsg_request_handler(struct request_queue

*q, struct Scsi_Host *shost,
     struct request *req;
     struct fc_bsg_job *job;
     enum fc_dispatch_result ret;
+    struct fc_bsg_reply *bsg_reply;

     if (!get_device(dev))
         return;

@@ -3973,8 +3981,9 @@ fc_bsg_request_handler(struct request_queue

*q, struct Scsi_Host *shost,
         /* check if we have the msgcode value at least */
         if (job->request_len < sizeof(uint32_t)) {
             BUG_ON(job->reply_len < sizeof(uint32_t));
-            job->reply->reply_payload_rcv_len = 0;
-            job->reply->result = -ENOMSG;
+            bsg_reply = job->reply;
+            bsg_reply->reply_payload_rcv_len = 0;
+            bsg_reply->result = -ENOMSG;

Compiler optimization re-ordered above two lines and the first pointer
derefence is bsg_reply->result [field offset 0] where bsg_reply is NULL.
The assignment tries to write to memory at address NULL causing the
kernel page fault.

I spoke to our compiler people, and they strongly believed this not to
be the case. Or, put it the other way round, if such a thing would
happen it would be a compiler issue.

Have you checked the compiler output?

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		   Teamlead Storage & Networking
hare@suse.de			               +49 911 74053 688
SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg
GF: F. Imendörffer, J. Smithard, J. Guild, D. Upmanyu, G. Norton
HRB 21284 (AG Nürnberg)

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help