mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-11-18 09:44:18 +08:00
0d83ab65ff
A kernel panic was observed when passing the sc->request->cpu = -1 to
retrieve the per_cpu variable pointer:
#0 [ffff880011203960] machine_kexec at ffffffff81022bc3
#1 [ffff8800112039b0] crash_kexec at ffffffff81088630
#2 [ffff880011203a80] __die at ffffffff8139ea20
#3 [ffff880011203aa0] no_context at ffffffff8102f3a7
#4 [ffff880011203ae0] __bad_area_nosemaphore at ffffffff8102f665
#5 [ffff880011203ba0] retint_signal at ffffffff8139dd1f
#6 [ffff880011203cc8] bnx2i_indicate_kcqe at ffffffffa03dc4f2
#7 [ffff880011203da8] service_kcqes at ffffffffa03cb04f
#8 [ffff880011203e68] cnic_service_bnx2x_kcq at ffffffffa03cb14a
#9 [ffff880011203e88] cnic_service_bnx2x_bh at ffffffffa03cb1b3
The problem lies in the slow path sg_io (and perhaps sg_scsi_ioctl) call to
blk_get_request->get_request/wait->blk_alloc_request->blk_rq_init which
re-initializes the request->cpu to -1. There is no assignment for cpu from
that to the request_fn call to low level drivers.
When this happens, the sc->request->cpu will be using the init value of
-1. This will create a kernel panic when it hits bnx2i because the code
refers it to get the per_cpu variables ptr.
This change is to put in a guard against that and also for cases when
bio affinity/queue completion to the same cpu is not enabled. In those
cases, the request->cpu will remain a -1 also.
This bug was created from commit:
|
||
|---|---|---|
| .. | ||
| 57xx_iscsi_constants.h | ||
| 57xx_iscsi_hsi.h | ||
| bnx2i_hwi.c | ||
| bnx2i_init.c | ||
| bnx2i_iscsi.c | ||
| bnx2i_sysfs.c | ||
| bnx2i.h | ||
| Kconfig | ||
| Makefile | ||