leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
98cb7e4413
linux/drivers
History
Bjørn Mork 98cb7e4413 [SCSI] megaraid_sas: Sanity check user supplied length before passing it to dma_alloc_coherent() 
The ioc->sgl[i].iov_len value is supplied by the ioctl caller, and can be
zero in some cases.  Assume that's valid and continue without error.

Fixes (multiple individual reports of the same problem for quite a while):

http://marc.info/?l=linux-ide&m=128941801715301
http://bugs.debian.org/604627
http://www.mail-archive.com/linux-poweredge@dell.com/msg02575.html

megasas: Failed to alloc kernel SGL buffer for IOCTL

and

[   69.162538] ------------[ cut here ]------------
[   69.162806] kernel BUG at /build/buildd/linux-2.6.32/lib/swiotlb.c:368!
[   69.163134] invalid opcode: 0000 [#1] SMP
[   69.163570] last sysfs file: /sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map
[   69.163975] CPU 0
[   69.164227] Modules linked in: fbcon tileblit font bitblit softcursor vga16fb vgastate ioatdma radeon ttm drm_kms_helper shpchp drm i2c_algo_bit lp parport floppy pata_jmicron megaraid_sas igb dca
[   69.167419] Pid: 1206, comm: smartctl Tainted: G        W  2.6.32-25-server #45-Ubuntu X8DTN
[   69.167843] RIP: 0010:[<ffffffff812c4dc5>]  [<ffffffff812c4dc5>] map_single+0x255/0x260
[   69.168370] RSP: 0018:ffff88081c0ebc58  EFLAGS: 00010246
[   69.168655] RAX: 000000000003bffc RBX: 00000000ffffffff RCX: 0000000000000002
[   69.169000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88001dffe000
[   69.169346] RBP: ffff88081c0ebcb8 R08: 0000000000000000 R09: ffff880000030840
[   69.169691] R10: 0000000000100000 R11: 0000000000000000 R12: 0000000000000000
[   69.170036] R13: 00000000ffffffff R14: 0000000000000001 R15: 0000000000200000
[   69.170382] FS:  00007fb8de189720(0000) GS:ffff88001de00000(0000) knlGS:0000000000000000
[   69.170794] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.171094] CR2: 00007fb8dd59237c CR3: 000000081a790000 CR4: 00000000000006f0
[   69.171439] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.171784] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[   69.172130] Process smartctl (pid: 1206, threadinfo ffff88081c0ea000, task ffff88081a760000)
[   69.194513] Stack:
[   69.205788]  0000000000000034 00000002817e3390 0000000000000000 ffff88081c0ebe00
[   69.217739] <0> 0000000000000000 000000000003bffc 0000000000000000 0000000000000000
[   69.241250] <0> 0000000000000000 00000000ffffffff ffff88081c5b4080 ffff88081c0ebe00
[   69.277310] Call Trace:
[   69.289278]  [<ffffffff812c52ac>] swiotlb_alloc_coherent+0xec/0x130
[   69.301118]  [<ffffffff81038b31>] x86_swiotlb_alloc_coherent+0x61/0x70
[   69.313045]  [<ffffffffa002d0ce>] megasas_mgmt_fw_ioctl+0x1ae/0x690 [megaraid_sas]
[   69.336399]  [<ffffffffa002d748>] megasas_mgmt_ioctl_fw+0x198/0x240 [megaraid_sas]
[   69.359346]  [<ffffffffa002f695>] megasas_mgmt_ioctl+0x35/0x50 [megaraid_sas]
[   69.370902]  [<ffffffff81153b12>] vfs_ioctl+0x22/0xa0
[   69.382322]  [<ffffffff8115da2a>] ? alloc_fd+0x10a/0x150
[   69.393622]  [<ffffffff81153cb1>] do_vfs_ioctl+0x81/0x410
[   69.404696]  [<ffffffff8155cc13>] ? do_page_fault+0x153/0x3b0
[   69.415761]  [<ffffffff811540c1>] sys_ioctl+0x81/0xa0
[   69.426640]  [<ffffffff810121b2>] system_call_fastpath+0x16/0x1b
[   69.437491] Code: fe ff ff 48 8b 3d 74 38 76 00 41 bf 00 00 20 00 e8 51 f5 d7 ff 83 e0 ff 48 05 ff 07 00 00 48 c1 e8 0b 48 89 45 c8 e9 13 fe ff ff <0f> 0b eb fe 0f 1f 80 00 00 00 00 55 48 89 e5 48 83 ec 20 4c 89
[   69.478216] RIP  [<ffffffff812c4dc5>] map_single+0x255/0x260
[   69.489668]  RSP <ffff88081c0ebc58>
[   69.500975] ---[ end trace 6a2181b634e2abc7 ]---

Reported-by: Bokhan Artem <aptem@ngs.ru>
Reported by: Marc-Christian Petersen <m.c.p@gmx.de>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Cc: "Benz, Michael" <Michael.Benz@lsi.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
2011-02-12 10:31:03 -06:00
..
accessibility
acpi ACPI / PM: Call suspend_nvs_free() earlier during resume 2011-01-20 18:30:17 -08:00
amba
ata kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
atm Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
auxdisplay
base kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
block Merge branch 'for-2.6.38/drivers' of git://git.kernel.dk/linux-2.6-block 2011-01-13 10:50:24 -08:00
bluetooth
cdrom Merge branch 'for-2.6.38/core' of git://git.kernel.dk/linux-2.6-block 2011-01-13 10:45:01 -08:00
char tpm: fix panic caused by "tpm: Autodetect itpm devices" 2011-01-24 11:29:55 +11:00
clk
clocksource
connector
cpufreq kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
cpuidle Merge branch 'cpuidle-perf-events' into idle-test 2011-01-12 18:06:19 -05:00
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2011-01-13 10:25:58 -08:00
dca dca: remove unneeded NULL check 2011-01-13 08:03:09 -08:00
dio
dma Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx 2011-01-17 10:54:41 -08:00
edac Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
eisa
firewire Merge branches 'fixes' and 'fwnet' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2011-01-21 13:34:39 -08:00
firmware kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
gpio Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6 2011-01-14 09:08:00 -08:00
gpu Merge branch 'akpm' 2011-01-20 17:02:14 -08:00
hid kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
hwmon hwmon: (lm93) Add support for LM94 2011-01-18 12:22:54 -08:00
i2c i2c: Encourage move to dev_pm_ops by warning on use of legacy methods 2011-01-14 22:03:50 +01:00
ide kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
idle Merge branch 'cpuidle-perf-events' into idle-test 2011-01-12 18:06:19 -05:00
ieee802154
infiniband kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
input kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
isdn Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
leds drivers/leds/ledtrig-gpio.c: make output match input, tighten input checking 2011-01-20 17:02:06 -08:00
lguest lguest: compile fixes 2011-01-20 21:37:29 +10:30
macintosh powerpc/macintosh: Fix wrong test in fan_{read,write}_reg() 2011-01-21 14:08:34 +11:00
mca
md block: restore multiple bd_link_disk_holder() support 2011-01-14 18:44:22 +01:00
media Merge branch 'media_fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2011-01-21 16:50:31 -08:00
memstick memstick: factor out transfer initiating functionality in mspro_block.c 2011-01-13 08:03:22 -08:00
message [SCSI] mptfusion: Fix memory leak in mptctl_getiocinfo() 2011-01-24 11:42:10 -06:00
mfd mfd: ab8500-core chip version cut 2.0 support 2011-01-14 12:38:18 +01:00
misc misc: Make AB8500_PWM driver depend on U8500 due to PWM breakage 2011-01-14 12:38:12 +01:00
mmc mmc: sdhci-of: fix build on non-powerpc platforms 2011-01-14 00:22:44 -07:00
mtd Merge git://git.infradead.org/mtd-2.6 2011-01-17 11:15:30 -08:00
net module: fix missing semicolons in MODULE macro usage 2011-01-24 14:32:54 +10:30
nfc drivers/nfc/pn544.c: fix min_t warnings 2011-01-16 17:28:21 -08:00
nubus
of dt/flattree: Return virtual address from early_init_dt_alloc_memory_arch() 2011-01-15 22:01:58 -07:00
oprofile
parisc
parport
pci kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
pcmcia kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
platform Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2011-01-13 20:15:35 -08:00
pnp Merge branch 'pnp' into release 2011-01-12 04:59:44 -05:00
power Merge git://git.infradead.org/battery-2.6 2011-01-14 09:25:59 -08:00
pps pps: add parallel port PPS signal generator 2011-01-13 08:03:21 -08:00
ps3
rapidio rapidio: fix new kernel-doc warnings 2011-01-22 20:32:37 -08:00
regulator regulator: Support MAX8998/LP3974 DVS-GPIO 2011-01-14 12:38:16 +01:00
rtc mfd: Support LP3974 RTC 2011-01-14 12:38:16 +01:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2011-01-19 20:25:45 -08:00
sbus
scsi [SCSI] megaraid_sas: Sanity check user supplied length before passing it to dma_alloc_coherent() 2011-02-12 10:31:03 -06:00
sfi SFI: use ioremap_cache() instead of ioremap() 2011-01-11 23:27:25 -05:00
sh headers: kobject.h redux 2011-01-10 08:51:44 -08:00
sn
spi Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus 2011-01-18 14:28:48 -08:00
ssb kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
staging [media] staging/lirc: fix mem leaks and ptr err usage 2011-01-19 12:52:22 -02:00
target [SCSI] target: Add LIO target core v4.0.0-rc6 2011-01-14 10:12:29 -06:00
tc
telephony Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2011-01-13 10:05:56 -08:00
thermal Merge branch 'misc' into release 2011-01-12 05:14:15 -05:00
tty Merge branch 'akpm' 2011-01-20 17:02:14 -08:00
uio
usb kconfig: rename CONFIG_EMBEDDED to CONFIG_EXPERT 2011-01-20 17:02:05 -08:00
uwb
vhost vhost: fix signed/unsigned comparison 2011-01-10 10:03:39 +02:00
video backlight: fix 88pm860x_bl macro collision 2011-01-20 17:02:06 -08:00
virtio virtio: remove virtio-pci root device 2011-01-20 21:37:30 +10:30
vlynq
w1 w1: DS2423 counter driver and documentation 2011-01-13 08:03:22 -08:00
watchdog watchdog: Add MCF548x watchdog driver. 2011-01-12 13:51:35 +00:00
xen Merge branch 'xen/xenbus' of git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen 2011-01-20 16:37:28 -08:00
zorro
Kconfig [SCSI] target: Add LIO target core v4.0.0-rc6 2011-01-14 10:12:29 -06:00
Makefile Merge branch 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6 2011-01-20 16:39:23 -08:00