1. 22 7月, 2011 1 次提交
    • E
      [SCSI] bnx2i: Fixed kernel panic due to illegal usage of sc->request->cpu · 0d83ab65
      Eddie Wai 提交于
      A kernel panic was observed when passing the sc->request->cpu = -1 to
      retrieve the per_cpu variable pointer:
       #0 [ffff880011203960] machine_kexec at ffffffff81022bc3
       #1 [ffff8800112039b0] crash_kexec at ffffffff81088630
       #2 [ffff880011203a80] __die at ffffffff8139ea20
       #3 [ffff880011203aa0] no_context at ffffffff8102f3a7
       #4 [ffff880011203ae0] __bad_area_nosemaphore at ffffffff8102f665
       #5 [ffff880011203ba0] retint_signal at ffffffff8139dd1f
       #6 [ffff880011203cc8] bnx2i_indicate_kcqe at ffffffffa03dc4f2
       #7 [ffff880011203da8] service_kcqes at ffffffffa03cb04f
       #8 [ffff880011203e68] cnic_service_bnx2x_kcq at ffffffffa03cb14a
       #9 [ffff880011203e88] cnic_service_bnx2x_bh at ffffffffa03cb1b3
      
      The problem lies in the slow path sg_io (and perhaps sg_scsi_ioctl) call to
      blk_get_request->get_request/wait->blk_alloc_request->blk_rq_init which
      re-initializes the request->cpu to -1.  There is no assignment for cpu from
      that to the request_fn call to low level drivers.
      
      When this happens, the sc->request->cpu will be using the init value of
      -1.  This will create a kernel panic when it hits bnx2i because the code
      refers it to get the per_cpu variables ptr.
      
      This change is to put in a guard against that and also for cases when
      bio affinity/queue completion to the same cpu is not enabled.  In those
      cases, the request->cpu will remain a -1 also.
      
      This bug was created from commit:  b5cf6b63
      
      For the case when the blk layer did not setup the request->cpu, bnx2i
      will complete the sc with the current CPU of the thread.
      Signed-off-by: NEddie Wai <eddie.wai@broadcom.com>
      Signed-off-by: NJames Bottomley <JBottomley@Parallels.com>
      0d83ab65
  2. 30 6月, 2011 39 次提交