• Lukasz Dorau's avatar
    SCSI: isci: correct erroneous for_each_isci_host macro · be92db5e
    Lukasz Dorau authored
    commit c59053a23d586675c25d789a7494adfdc02fba57 upstream.
    
    In the first place, the loop 'for' in the macro 'for_each_isci_host'
    (drivers/scsi/isci/host.h:314) is incorrect, because it accesses
    the 3rd element of 2 element array. After the 2nd iteration it executes
    the instruction:
            ihost = to_pci_info(pdev)->hosts[2]
    (while the size of the 'hosts' array equals 2) and reads an
    out of range element.
    
    In the second place, this loop is incorrectly optimized by GCC v4.8
    (see http://marc.info/?l=linux-kernel&m=138998871911336&w=2).
    As a result, on platforms with two SCU controllers,
    the loop is executed more times than it can be (for i=0,1 and 2).
    It causes kernel panic during entering the S3 state
    and the following oops after 'rmmod isci':
    
    BUG: unable to handle kernel NULL pointer dereference at (null)
    IP: [<ffffffff8131360b>] __list_add+0x1b/0xc0
    Oops: 0000 [#1] SMP
    RIP: 0010:[<ffffffff8131360b>]  [<ffffffff8131360b>] __list_add+0x1b/0xc0
    Call Trace:
      [<ffffffff81661b84>] __mutex_lock_slowpath+0x114/0x1b0
      [<ffffffff81661c3f>] mutex_lock+0x1f/0x30
      [<ffffffffa03e97cb>] sas_disable_events+0x1b/0x50 [libsas]
      [<ffffffffa03e9818>] sas_unregister_ha+0x18/0x60 [libsas]
      [<ffffffffa040316e>] isci_unregister+0x1e/0x40 [isci]
      [<ffffffffa0403efd>] isci_pci_remove+0x5d/0x100 [isci]
      [<ffffffff813391cb>] pci_device_remove+0x3b/0xb0
      [<ffffffff813fbf7f>] __device_release_driver+0x7f/0xf0
      [<ffffffff813fc8f8>] driver_detach+0xa8/0xb0
      [<ffffffff813fbb8b>] bus_remove_driver+0x9b/0x120
      [<ffffffff813fcf2c>] driver_unregister+0x2c/0x50
      [<ffffffff813381f3>] pci_unregister_driver+0x23/0x80
      [<ffffffffa04152f8>] isci_exit+0x10/0x1e [isci]
      [<ffffffff810d199b>] SyS_delete_module+0x16b/0x2d0
      [<ffffffff81012a21>] ? do_notify_resume+0x61/0xa0
      [<ffffffff8166ce29>] system_call_fastpath+0x16/0x1b
    
    The loop has been corrected.
    This patch fixes kernel panic during entering the S3 state
    and the above oops.
    Signed-off-by: default avatarLukasz Dorau <lukasz.dorau@intel.com>
    Reviewed-by: default avatarMaciej Patelczyk <maciej.patelczyk@intel.com>
    Tested-by: default avatarLukasz Dorau <lukasz.dorau@intel.com>
    Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
    Signed-off-by: default avatarJames Bottomley <JBottomley@Parallels.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    be92db5e
Name
Last commit
Last update
..
Makefile Loading commit data...
host.c Loading commit data...
host.h Loading commit data...
init.c Loading commit data...
isci.h Loading commit data...
phy.c Loading commit data...
phy.h Loading commit data...
port.c Loading commit data...
port.h Loading commit data...
port_config.c Loading commit data...
probe_roms.c Loading commit data...
probe_roms.h Loading commit data...
registers.h Loading commit data...
remote_device.c Loading commit data...
remote_device.h Loading commit data...
remote_node_context.c Loading commit data...
remote_node_context.h Loading commit data...
remote_node_table.c Loading commit data...
remote_node_table.h Loading commit data...
request.c Loading commit data...
request.h Loading commit data...
sas.h Loading commit data...
scu_completion_codes.h Loading commit data...
scu_event_codes.h Loading commit data...
scu_remote_node_context.h Loading commit data...
scu_task_context.h Loading commit data...
task.c Loading commit data...
task.h Loading commit data...
unsolicited_frame_control.c Loading commit data...
unsolicited_frame_control.h Loading commit data...