Most recent kernel where this bug did *NOT* occur: 2.6.19 Distribution: Debian Sid Linux version 2.6.20 (root@kundalini) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) it happens two times at the startup. The machines works without sensible consequences. Javi. Feb 12 15:54:43 kundalini vmunix: ACPI: (supports S0 S1 S3 S4 S5) Feb 12 15:54:43 kundalini vmunix: Freeing unused kernel memory: 212k freed Feb 12 15:54:43 kundalini vmunix: Time: tsc clocksource has been installed. Feb 12 15:54:43 kundalini vmunix: Time: acpi_pm clocksource has been installed. Feb 12 15:54:43 kundalini vmunix: BUG: sleeping function called from invalid context at mm/slab.c:3034 Feb 12 15:54:43 kundalini vmunix: in_atomic():1, irqs_disabled():1 Feb 12 15:54:43 kundalini vmunix: [<c0152760>] kmem_cache_zalloc+0x1b/0x73 Feb 12 15:54:43 kundalini vmunix: [<c02e9aee>] resp_inquiry+0x2f/0x85e Feb 12 15:54:43 kundalini vmunix: [<c02ea791>] scsi_debug_queuecommand+0x2ec/0x1036 Feb 12 15:54:43 kundalini vmunix: [<c02d2f81>] scsi_done+0x0/0x16 Feb 12 15:54:43 kundalini vmunix: [<c01523da>] cache_alloc_refill+0x174/0x468 Feb 12 15:54:43 kundalini vmunix: [<c02d77fe>] scsi_init_io+0x61/0xcb Feb 12 15:54:43 kundalini vmunix: [<c02d794e>] scsi_prep_fn+0xe6/0x222 Feb 12 15:54:43 kundalini vmunix: [<c0121c42>] lock_timer_base+0x1d/0x4d Feb 12 15:54:43 kundalini vmunix: [<c0121d63>] __mod_timer+0x95/0xb0 Feb 12 15:54:43 kundalini vmunix: [<c02d3732>] scsi_dispatch_cmd+0x1be/0x24d Feb 12 15:54:43 kundalini vmunix: [<c02d875e>] scsi_request_fn+0x298/0x373 Feb 12 15:54:43 kundalini vmunix: [<c023b6d6>] blk_remove_plug+0x4e/0x5a Feb 12 15:54:43 kundalini vmunix: [<c023905b>] elv_insert+0x67/0x143 Feb 12 15:54:43 kundalini vmunix: [<c023b775>] blk_execute_rq_nowait+0x74/0xa6 Feb 12 15:54:43 kundalini vmunix: [<c023b820>] blk_execute_rq+0x79/0x93 Feb 12 15:54:43 kundalini vmunix: [<c023ad65>] blk_end_sync_rq+0x0/0x23 Feb 12 15:54:43 kundalini vmunix: [<c0175950>] bio_phys_segments+0xe/0x14 Feb 12 15:54:43 kundalini vmunix: [<c0239f36>] blk_rq_bio_prep+0x28/0x85 Feb 12 15:54:43 kundalini vmunix: [<c023af59>] blk_rq_map_user+0x113/0x1c1 Feb 12 15:54:43 kundalini vmunix: [<c023e71f>] sg_io+0x256/0x355 Feb 12 15:54:43 kundalini vmunix: [<c0149241>] find_mergeable_anon_vma+0x5e/0xb1 Feb 12 15:54:43 kundalini vmunix: [<c023ec6a>] scsi_cmd_ioctl+0x1af/0x369 Feb 12 15:54:43 kundalini vmunix: [<c01158c4>] do_page_fault+0x0/0x53c Feb 12 15:54:43 kundalini vmunix: [<c0164d07>] __d_lookup+0x120/0x13d Feb 12 15:54:43 kundalini vmunix: [<c015c06d>] do_lookup+0x4f/0x140 Feb 12 15:54:43 kundalini vmunix: [<c02e05fc>] sd_ioctl+0x94/0xb9 Feb 12 15:54:43 kundalini vmunix: [<c024393d>] _atomic_dec_and_lock+0x25/0x40 Feb 12 15:54:43 kundalini vmunix: [<c023d126>] blkdev_driver_ioctl+0x4e/0x5e Feb 12 15:54:43 kundalini vmunix: [<c023d787>] blkdev_ioctl+0x651/0x69e Feb 12 15:54:43 kundalini vmunix: [<c0244191>] kobject_get+0xf/0x13 Feb 12 15:54:43 kundalini vmunix: [<c0244191>] kobject_get+0xf/0x13 Feb 12 15:54:43 kundalini vmunix: [<c02c4c7e>] class_device_get+0xe/0x14 Feb 12 15:54:43 kundalini vmunix: [<c02e03d1>] sd_open+0x6d/0x117 Feb 12 15:54:43 kundalini vmunix: [<c0166e08>] iget5_locked+0xe4/0x193 Feb 12 15:54:43 kundalini vmunix: [<c0176844>] do_open+0x1d3/0x252 Feb 12 15:54:43 kundalini vmunix: [<c0176669>] bdget+0x100/0x108 Feb 12 15:54:43 kundalini vmunix: [<c0176a6d>] blkdev_open+0x0/0x4d Feb 12 15:54:43 kundalini vmunix: [<c0176a92>] blkdev_open+0x25/0x4d Feb 12 15:54:43 kundalini vmunix: [<c0154391>] __dentry_open+0x123/0x1b7 Feb 12 15:54:43 kundalini vmunix: [<c015449f>] nameidata_to_filp+0x24/0x33 Feb 12 15:54:43 kundalini vmunix: [<c01544e5>] do_filp_open+0x37/0x3e Feb 12 15:54:43 kundalini vmunix: [<c0176111>] block_ioctl+0x18/0x1b Feb 12 15:54:43 kundalini vmunix: [<c01760f9>] block_ioctl+0x0/0x1b Feb 12 15:54:43 kundalini vmunix: [<c016025f>] do_ioctl+0x1f/0x63 Feb 12 15:54:43 kundalini vmunix: [<c01604ed>] vfs_ioctl+0x24a/0x25d Feb 12 15:54:43 kundalini vmunix: [<c016054c>] sys_ioctl+0x4c/0x64 Feb 12 15:54:43 kundalini vmunix: [<c0102dc0>] syscall_call+0x7/0xb Feb 12 15:54:43 kundalini vmunix: [<c03b0000>] ieee80211_xmit+0x672/0xabd Feb 12 15:54:43 kundalini vmunix: =======================
Reply-To: akpm@linux-foundation.org On Mon, 12 Feb 2007 19:07:08 -0800 bugme-daemon@bugzilla.kernel.org wrote: > http://bugzilla.kernel.org/show_bug.cgi?id=7994 > > Summary: sleeping function called from invalid context at > mm/slab.c:3034 > Kernel Version: 2.6.20 > Status: NEW > Severity: low > Owner: akpm@osdl.org > Submitter: adrakoa@es.gnu.org > > > Most recent kernel where this bug did *NOT* occur: 2.6.19 > Distribution: Debian Sid > Linux version 2.6.20 (root@kundalini) (gcc version 4.1.2 20061115 (prerelease) > (Debian 4.1.1-21)) > > it happens two times at the startup. The machines works without sensible > consequences. > Javi. > > Feb 12 15:54:43 kundalini vmunix: ACPI: (supports S0 S1 S3 S4 S5) > Feb 12 15:54:43 kundalini vmunix: Freeing unused kernel memory: 212k freed > Feb 12 15:54:43 kundalini vmunix: Time: tsc clocksource has been installed. > Feb 12 15:54:43 kundalini vmunix: Time: acpi_pm clocksource has been installed. > Feb 12 15:54:43 kundalini vmunix: BUG: sleeping function called from invalid > context at mm/slab.c:3034 > Feb 12 15:54:43 kundalini vmunix: in_atomic():1, irqs_disabled():1 > Feb 12 15:54:43 kundalini vmunix: [<c0152760>] kmem_cache_zalloc+0x1b/0x73 > Feb 12 15:54:43 kundalini vmunix: [<c02e9aee>] resp_inquiry+0x2f/0x85e > Feb 12 15:54:43 kundalini vmunix: [<c02ea791>] scsi_debug_queuecommand+0x2ec/0x1036 > Feb 12 15:54:43 kundalini vmunix: [<c02d2f81>] scsi_done+0x0/0x16 > Feb 12 15:54:43 kundalini vmunix: [<c01523da>] cache_alloc_refill+0x174/0x468 > Feb 12 15:54:43 kundalini vmunix: [<c02d77fe>] scsi_init_io+0x61/0xcb > Feb 12 15:54:43 kundalini vmunix: [<c02d794e>] scsi_prep_fn+0xe6/0x222 > Feb 12 15:54:43 kundalini vmunix: [<c0121c42>] lock_timer_base+0x1d/0x4d > Feb 12 15:54:43 kundalini vmunix: [<c0121d63>] __mod_timer+0x95/0xb0 > Feb 12 15:54:43 kundalini vmunix: [<c02d3732>] scsi_dispatch_cmd+0x1be/0x24d > Feb 12 15:54:43 kundalini vmunix: [<c02d875e>] scsi_request_fn+0x298/0x373 > Feb 12 15:54:43 kundalini vmunix: [<c023b6d6>] blk_remove_plug+0x4e/0x5a > Feb 12 15:54:43 kundalini vmunix: [<c023905b>] elv_insert+0x67/0x143 > Feb 12 15:54:43 kundalini vmunix: [<c023b775>] blk_execute_rq_nowait+0x74/0xa6 > Feb 12 15:54:43 kundalini vmunix: [<c023b820>] blk_execute_rq+0x79/0x93 > Feb 12 15:54:43 kundalini vmunix: [<c023ad65>] blk_end_sync_rq+0x0/0x23 > Feb 12 15:54:43 kundalini vmunix: [<c0175950>] bio_phys_segments+0xe/0x14 > Feb 12 15:54:43 kundalini vmunix: [<c0239f36>] blk_rq_bio_prep+0x28/0x85 > Feb 12 15:54:43 kundalini vmunix: [<c023af59>] blk_rq_map_user+0x113/0x1c1 > Feb 12 15:54:43 kundalini vmunix: [<c023e71f>] sg_io+0x256/0x355 > Feb 12 15:54:43 kundalini vmunix: [<c0149241>] find_mergeable_anon_vma+0x5e/0xb1 > Feb 12 15:54:43 kundalini vmunix: [<c023ec6a>] scsi_cmd_ioctl+0x1af/0x369 > Feb 12 15:54:43 kundalini vmunix: [<c01158c4>] do_page_fault+0x0/0x53c > Feb 12 15:54:43 kundalini vmunix: [<c0164d07>] __d_lookup+0x120/0x13d > Feb 12 15:54:43 kundalini vmunix: [<c015c06d>] do_lookup+0x4f/0x140 > Feb 12 15:54:43 kundalini vmunix: [<c02e05fc>] sd_ioctl+0x94/0xb9 > Feb 12 15:54:43 kundalini vmunix: [<c024393d>] _atomic_dec_and_lock+0x25/0x40 > Feb 12 15:54:43 kundalini vmunix: [<c023d126>] blkdev_driver_ioctl+0x4e/0x5e > Feb 12 15:54:43 kundalini vmunix: [<c023d787>] blkdev_ioctl+0x651/0x69e > Feb 12 15:54:43 kundalini vmunix: [<c0244191>] kobject_get+0xf/0x13 > Feb 12 15:54:43 kundalini vmunix: [<c0244191>] kobject_get+0xf/0x13 > Feb 12 15:54:43 kundalini vmunix: [<c02c4c7e>] class_device_get+0xe/0x14 > Feb 12 15:54:43 kundalini vmunix: [<c02e03d1>] sd_open+0x6d/0x117 > Feb 12 15:54:43 kundalini vmunix: [<c0166e08>] iget5_locked+0xe4/0x193 > Feb 12 15:54:43 kundalini vmunix: [<c0176844>] do_open+0x1d3/0x252 > Feb 12 15:54:43 kundalini vmunix: [<c0176669>] bdget+0x100/0x108 > Feb 12 15:54:43 kundalini vmunix: [<c0176a6d>] blkdev_open+0x0/0x4d > Feb 12 15:54:43 kundalini vmunix: [<c0176a92>] blkdev_open+0x25/0x4d > Feb 12 15:54:43 kundalini vmunix: [<c0154391>] __dentry_open+0x123/0x1b7 > Feb 12 15:54:43 kundalini vmunix: [<c015449f>] nameidata_to_filp+0x24/0x33 > Feb 12 15:54:43 kundalini vmunix: [<c01544e5>] do_filp_open+0x37/0x3e > Feb 12 15:54:43 kundalini vmunix: [<c0176111>] block_ioctl+0x18/0x1b > Feb 12 15:54:43 kundalini vmunix: [<c01760f9>] block_ioctl+0x0/0x1b > Feb 12 15:54:43 kundalini vmunix: [<c016025f>] do_ioctl+0x1f/0x63 > Feb 12 15:54:43 kundalini vmunix: [<c01604ed>] vfs_ioctl+0x24a/0x25d > Feb 12 15:54:43 kundalini vmunix: [<c016054c>] sys_ioctl+0x4c/0x64 > Feb 12 15:54:43 kundalini vmunix: [<c0102dc0>] syscall_call+0x7/0xb > Feb 12 15:54:43 kundalini vmunix: [<c03b0000>] ieee80211_xmit+0x672/0xabd This is fixed in mainline and I expect that the fix is also lined up for 2.6.20.1. (?)
Reply-To: James.Bottomley@SteelEye.com On Mon, 2007-02-12 at 20:06 -0800, Andrew Morton wrote: > This is fixed in mainline and I expect that the fix is also lined up > for > 2.6.20.1. (?) It's definitely in mainline. I've cc'd Doug Gilbert, the scsi_debug maintainer to assess what should be done for 2.6.20.1 James
Reply-To: dougg@torque.net James Bottomley wrote: > On Mon, 2007-02-12 at 20:06 -0800, Andrew Morton wrote: >> This is fixed in mainline and I expect that the fix is also lined up >> for >> 2.6.20.1. (?) > > It's definitely in mainline. I've cc'd Doug Gilbert, the scsi_debug > maintainer to assess what should be done for 2.6.20.1 James, I thought this had been addressed but I can't find a trail on my laptop. A minimal patch is attached. ChangeLog: - Use GFP_ATOMIC for allocations that can be called from the queuecommand() entry point Signed-off-by: Douglas Gilbert <dougg@torque.net> Doug Gilbert --- linux/drivers/scsi/scsi_debug.c 2006-11-30 07:00:01.000000000 -0800 +++ linux/drivers/scsi/scsi_debug.c2620atom 2007-02-13 06:43:28.000000000 -0800 @@ -954,7 +954,7 @@ int alloc_len, n, ret; alloc_len = (cmd[3] << 8) + cmd[4]; - arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_KERNEL); + arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_ATOMIC); if (devip->wlun) pq_pdt = 0x1e; /* present, wlun */ else if (scsi_debug_no_lun_0 && (0 == devip->lun)) @@ -1217,7 +1217,7 @@ alen = ((cmd[6] << 24) + (cmd[7] << 16) + (cmd[8] << 8) + cmd[9]); - arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_KERNEL); + arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_ATOMIC); /* * EVPD page 0x88 states we have two ports, one * real and a fake port with no device connected. @@ -2044,7 +2044,7 @@ } } if (NULL == open_devip) { /* try and make a new one */ - open_devip = kzalloc(sizeof(*open_devip),GFP_KERNEL); + open_devip = kzalloc(sizeof(*open_devip),GFP_ATOMIC); if (NULL == open_devip) { printk(KERN_ERR "%s: out of memory at line %d\n", __FUNCTION__, __LINE__);
> James Bottomley wrote: >> On Mon, 2007-02-12 at 20:06 -0800, Andrew Morton wrote: >>> This is fixed in mainline and I expect that the fix is also lined up >>> for >>> 2.6.20.1. (?) >> >> It's definitely in mainline. I've cc'd Doug Gilbert, the scsi_debug >> maintainer to assess what should be done for 2.6.20.1 > > James, > I thought this had been addressed but I can't find a > trail on my laptop. A minimal patch is attached. Your patch fixes the problem. Thanks. Regards. Javi.
Reply-To: dougg@torque.net Andrew, The patch that I sent, shown at the end of this post, is incomplete as it doesn't check the return value from kzalloc(..., GFP_ATOMIC). As I suspected this bug has been exposed before: Jens reported this problem in early January. A more complete patch, with some other changes, was posted 6 weeks ago: http://marc.theaimsgroup.com/?l=linux-scsi&m=116797354920256&w=2 I'm not sure if this patch is "in the works" or not. Doug Gilbert Douglas Gilbert wrote: > James Bottomley wrote: >> On Mon, 2007-02-12 at 20:06 -0800, Andrew Morton wrote: >>> This is fixed in mainline and I expect that the fix is also lined up >>> for >>> 2.6.20.1. (?) >> It's definitely in mainline. I've cc'd Doug Gilbert, the scsi_debug >> maintainer to assess what should be done for 2.6.20.1 > > James, > I thought this had been addressed but I can't find a > trail on my laptop. A minimal patch is attached. > > > ChangeLog: > - Use GFP_ATOMIC for allocations that can be called > from the queuecommand() entry point > > Signed-off-by: Douglas Gilbert <dougg@torque.net> > > Doug Gilbert > > > > > > ------------------------------------------------------------------------ > > --- linux/drivers/scsi/scsi_debug.c 2006-11-30 07:00:01.000000000 -0800 > +++ linux/drivers/scsi/scsi_debug.c2620atom 2007-02-13 06:43:28.000000000 -0800 > @@ -954,7 +954,7 @@ > int alloc_len, n, ret; > > alloc_len = (cmd[3] << 8) + cmd[4]; > - arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_KERNEL); > + arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_ATOMIC); > if (devip->wlun) > pq_pdt = 0x1e; /* present, wlun */ > else if (scsi_debug_no_lun_0 && (0 == devip->lun)) > @@ -1217,7 +1217,7 @@ > alen = ((cmd[6] << 24) + (cmd[7] << 16) + (cmd[8] << 8) > + cmd[9]); > > - arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_KERNEL); > + arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_ATOMIC); > /* > * EVPD page 0x88 states we have two ports, one > * real and a fake port with no device connected. > @@ -2044,7 +2044,7 @@ > } > } > if (NULL == open_devip) { /* try and make a new one */ > - open_devip = kzalloc(sizeof(*open_devip),GFP_KERNEL); > + open_devip = kzalloc(sizeof(*open_devip),GFP_ATOMIC); > if (NULL == open_devip) { > printk(KERN_ERR "%s: out of memory at line %d\n", > __FUNCTION__, __LINE__);
Reply-To: akpm@linux-foundation.org On Fri, 16 Feb 2007 22:59:31 -0500 Douglas Gilbert <dougg@torque.net> wrote: > The patch that I sent, shown at the end of this post, > is incomplete as it doesn't check the return value > from kzalloc(..., GFP_ATOMIC). The diff which is in mainline now looks to be OK? --- linux-2.6.20/drivers/scsi/scsi_debug.c 2006-11-29 19:14:18.000000000 -0800 +++ devel/drivers/scsi/scsi_debug.c 2007-02-16 21:21:08.000000000 -0800 @@ -28,7 +28,6 @@ #include <linux/module.h> #include <linux/kernel.h> -#include <linux/sched.h> #include <linux/errno.h> #include <linux/timer.h> #include <linux/types.h> @@ -51,10 +50,10 @@ #include "scsi_logging.h" #include "scsi_debug.h" -#define SCSI_DEBUG_VERSION "1.80" -static const char * scsi_debug_version_date = "20061018"; +#define SCSI_DEBUG_VERSION "1.81" +static const char * scsi_debug_version_date = "20070104"; -/* Additional Sense Code (ASC) used */ +/* Additional Sense Code (ASC) */ #define NO_ADDITIONAL_SENSE 0x0 #define LOGICAL_UNIT_NOT_READY 0x4 #define UNRECOVERED_READ_ERR 0x11 @@ -65,9 +64,13 @@ static const char * scsi_debug_version_d #define INVALID_FIELD_IN_PARAM_LIST 0x26 #define POWERON_RESET 0x29 #define SAVING_PARAMS_UNSUP 0x39 +#define TRANSPORT_PROBLEM 0x4b #define THRESHOLD_EXCEEDED 0x5d #define LOW_POWER_COND_ON 0x5e +/* Additional Sense Code Qualifier (ASCQ) */ +#define ACK_NAK_TO 0x3 + #define SDEBUG_TAGGED_QUEUING 0 /* 0 | MSG_SIMPLE_TAG | MSG_ORDERED_TAG */ /* Default values for driver parameters */ @@ -95,15 +98,20 @@ static const char * scsi_debug_version_d #define SCSI_DEBUG_OPT_MEDIUM_ERR 2 #define SCSI_DEBUG_OPT_TIMEOUT 4 #define SCSI_DEBUG_OPT_RECOVERED_ERR 8 +#define SCSI_DEBUG_OPT_TRANSPORT_ERR 16 /* When "every_nth" > 0 then modulo "every_nth" commands: * - a no response is simulated if SCSI_DEBUG_OPT_TIMEOUT is set * - a RECOVERED_ERROR is simulated on successful read and write * commands if SCSI_DEBUG_OPT_RECOVERED_ERR is set. + * - a TRANSPORT_ERROR is simulated on successful read and write + * commands if SCSI_DEBUG_OPT_TRANSPORT_ERR is set. * * When "every_nth" < 0 then after "- every_nth" commands: * - a no response is simulated if SCSI_DEBUG_OPT_TIMEOUT is set * - a RECOVERED_ERROR is simulated on successful read and write * commands if SCSI_DEBUG_OPT_RECOVERED_ERR is set. + * - a TRANSPORT_ERROR is simulated on successful read and write + * commands if SCSI_DEBUG_OPT_TRANSPORT_ERR is set. * This will continue until some other action occurs (e.g. the user * writing a new value (other than -1 or 1) to every_nth via sysfs). */ @@ -315,6 +323,7 @@ int scsi_debug_queuecommand(struct scsi_ int target = SCpnt->device->id; struct sdebug_dev_info * devip = NULL; int inj_recovered = 0; + int inj_transport = 0; int delay_override = 0; if (done == NULL) @@ -352,6 +361,8 @@ int scsi_debug_queuecommand(struct scsi_ return 0; /* ignore command causing timeout */ else if (SCSI_DEBUG_OPT_RECOVERED_ERR & scsi_debug_opts) inj_recovered = 1; /* to reads and writes below */ + else if (SCSI_DEBUG_OPT_TRANSPORT_ERR & scsi_debug_opts) + inj_transport = 1; /* to reads and writes below */ } if (devip->wlun) { @@ -468,7 +479,11 @@ int scsi_debug_queuecommand(struct scsi_ mk_sense_buffer(devip, RECOVERED_ERROR, THRESHOLD_EXCEEDED, 0); errsts = check_condition_result; - } + } else if (inj_transport && (0 == errsts)) { + mk_sense_buffer(devip, ABORTED_COMMAND, + TRANSPORT_PROBLEM, ACK_NAK_TO); + errsts = check_condition_result; + } break; case REPORT_LUNS: /* mandatory, ignore unit attention */ delay_override = 1; @@ -531,6 +546,9 @@ int scsi_debug_queuecommand(struct scsi_ delay_override = 1; errsts = check_readiness(SCpnt, 0, devip); break; + case WRITE_BUFFER: + errsts = check_readiness(SCpnt, 1, devip); + break; default: if (SCSI_DEBUG_OPT_NOISE & scsi_debug_opts) printk(KERN_INFO "scsi_debug: Opcode: 0x%x not " @@ -954,7 +972,9 @@ static int resp_inquiry(struct scsi_cmnd int alloc_len, n, ret; alloc_len = (cmd[3] << 8) + cmd[4]; - arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_KERNEL); + arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_ATOMIC); + if (! arr) + return DID_REQUEUE << 16; if (devip->wlun) pq_pdt = 0x1e; /* present, wlun */ else if (scsi_debug_no_lun_0 && (0 == devip->lun)) @@ -1217,7 +1237,9 @@ static int resp_report_tgtpgs(struct scs alen = ((cmd[6] << 24) + (cmd[7] << 16) + (cmd[8] << 8) + cmd[9]); - arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_KERNEL); + arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_ATOMIC); + if (! arr) + return DID_REQUEUE << 16; /* * EVPD page 0x88 states we have two ports, one * real and a fake port with no device connected. @@ -1996,6 +2018,8 @@ static int scsi_debug_slave_configure(st if (sdp->host->max_cmd_len != SCSI_DEBUG_MAX_CMD_LEN) sdp->host->max_cmd_len = SCSI_DEBUG_MAX_CMD_LEN; devip = devInfoReg(sdp); + if (NULL == devip) + return 1; /* no resources, will be marked offline */ sdp->hostdata = devip; if (sdp->host->cmd_per_lun) scsi_adjust_queue_depth(sdp, SDEBUG_TAGGED_QUEUING, @@ -2044,7 +2068,7 @@ static struct sdebug_dev_info * devInfoR } } if (NULL == open_devip) { /* try and make a new one */ - open_devip = kzalloc(sizeof(*open_devip),GFP_KERNEL); + open_devip = kzalloc(sizeof(*open_devip),GFP_ATOMIC); if (NULL == open_devip) { printk(KERN_ERR "%s: out of memory at line %d\n", __FUNCTION__, __LINE__); @@ -2388,7 +2412,7 @@ MODULE_PARM_DESC(max_luns, "number of LU MODULE_PARM_DESC(no_lun_0, "no LU number 0 (def=0 -> have lun 0)"); MODULE_PARM_DESC(num_parts, "number of partitions(def=0)"); MODULE_PARM_DESC(num_tgts, "number of targets per host to simulate(def=1)"); -MODULE_PARM_DESC(opts, "1->noise, 2->medium_error, 4->... (def=0)"); +MODULE_PARM_DESC(opts, "1->noise, 2->medium_err, 4->timeout, 8->recovered_err... (def=0)"); MODULE_PARM_DESC(ptype, "SCSI peripheral type(def=0[disk])"); MODULE_PARM_DESC(scsi_level, "SCSI level to simulate(def=5[SPC-3])"); MODULE_PARM_DESC(virtual_gb, "virtual gigabyte size (def=0 -> use dev_size_mb)"); @@ -2943,7 +2967,6 @@ static int sdebug_add_adapter(void) struct list_head *lh, *lh_sf; sdbg_host = kzalloc(sizeof(*sdbg_host),GFP_KERNEL); - if (NULL == sdbg_host) { printk(KERN_ERR "%s: out of memory at line %d\n", __FUNCTION__, __LINE__);
Reply-To: dougg@torque.net Andrew Morton wrote: > On Fri, 16 Feb 2007 22:59:31 -0500 Douglas Gilbert <dougg@torque.net> wrote: > >> The patch that I sent, shown at the end of this post, >> is incomplete as it doesn't check the return value >> from kzalloc(..., GFP_ATOMIC). > > The diff which is in mainline now looks to be OK? Yes. Doug Gilbert > --- linux-2.6.20/drivers/scsi/scsi_debug.c 2006-11-29 19:14:18.000000000 -0800 > +++ devel/drivers/scsi/scsi_debug.c 2007-02-16 21:21:08.000000000 -0800 > @@ -28,7 +28,6 @@ > #include <linux/module.h> > > #include <linux/kernel.h> > -#include <linux/sched.h> > #include <linux/errno.h> > #include <linux/timer.h> > #include <linux/types.h> > @@ -51,10 +50,10 @@ > #include "scsi_logging.h" > #include "scsi_debug.h" > > -#define SCSI_DEBUG_VERSION "1.80" > -static const char * scsi_debug_version_date = "20061018"; > +#define SCSI_DEBUG_VERSION "1.81" > +static const char * scsi_debug_version_date = "20070104"; > > -/* Additional Sense Code (ASC) used */ > +/* Additional Sense Code (ASC) */ > #define NO_ADDITIONAL_SENSE 0x0 > #define LOGICAL_UNIT_NOT_READY 0x4 > #define UNRECOVERED_READ_ERR 0x11 > @@ -65,9 +64,13 @@ static const char * scsi_debug_version_d > #define INVALID_FIELD_IN_PARAM_LIST 0x26 > #define POWERON_RESET 0x29 > #define SAVING_PARAMS_UNSUP 0x39 > +#define TRANSPORT_PROBLEM 0x4b > #define THRESHOLD_EXCEEDED 0x5d > #define LOW_POWER_COND_ON 0x5e > > +/* Additional Sense Code Qualifier (ASCQ) */ > +#define ACK_NAK_TO 0x3 > + > #define SDEBUG_TAGGED_QUEUING 0 /* 0 | MSG_SIMPLE_TAG | MSG_ORDERED_TAG */ > > /* Default values for driver parameters */ > @@ -95,15 +98,20 @@ static const char * scsi_debug_version_d > #define SCSI_DEBUG_OPT_MEDIUM_ERR 2 > #define SCSI_DEBUG_OPT_TIMEOUT 4 > #define SCSI_DEBUG_OPT_RECOVERED_ERR 8 > +#define SCSI_DEBUG_OPT_TRANSPORT_ERR 16 > /* When "every_nth" > 0 then modulo "every_nth" commands: > * - a no response is simulated if SCSI_DEBUG_OPT_TIMEOUT is set > * - a RECOVERED_ERROR is simulated on successful read and write > * commands if SCSI_DEBUG_OPT_RECOVERED_ERR is set. > + * - a TRANSPORT_ERROR is simulated on successful read and write > + * commands if SCSI_DEBUG_OPT_TRANSPORT_ERR is set. > * > * When "every_nth" < 0 then after "- every_nth" commands: > * - a no response is simulated if SCSI_DEBUG_OPT_TIMEOUT is set > * - a RECOVERED_ERROR is simulated on successful read and write > * commands if SCSI_DEBUG_OPT_RECOVERED_ERR is set. > + * - a TRANSPORT_ERROR is simulated on successful read and write > + * commands if SCSI_DEBUG_OPT_TRANSPORT_ERR is set. > * This will continue until some other action occurs (e.g. the user > * writing a new value (other than -1 or 1) to every_nth via sysfs). > */ > @@ -315,6 +323,7 @@ int scsi_debug_queuecommand(struct scsi_ > int target = SCpnt->device->id; > struct sdebug_dev_info * devip = NULL; > int inj_recovered = 0; > + int inj_transport = 0; > int delay_override = 0; > > if (done == NULL) > @@ -352,6 +361,8 @@ int scsi_debug_queuecommand(struct scsi_ > return 0; /* ignore command causing timeout */ > else if (SCSI_DEBUG_OPT_RECOVERED_ERR & scsi_debug_opts) > inj_recovered = 1; /* to reads and writes below */ > + else if (SCSI_DEBUG_OPT_TRANSPORT_ERR & scsi_debug_opts) > + inj_transport = 1; /* to reads and writes below */ > } > > if (devip->wlun) { > @@ -468,7 +479,11 @@ int scsi_debug_queuecommand(struct scsi_ > mk_sense_buffer(devip, RECOVERED_ERROR, > THRESHOLD_EXCEEDED, 0); > errsts = check_condition_result; > - } > + } else if (inj_transport && (0 == errsts)) { > + mk_sense_buffer(devip, ABORTED_COMMAND, > + TRANSPORT_PROBLEM, ACK_NAK_TO); > + errsts = check_condition_result; > + } > break; > case REPORT_LUNS: /* mandatory, ignore unit attention */ > delay_override = 1; > @@ -531,6 +546,9 @@ int scsi_debug_queuecommand(struct scsi_ > delay_override = 1; > errsts = check_readiness(SCpnt, 0, devip); > break; > + case WRITE_BUFFER: > + errsts = check_readiness(SCpnt, 1, devip); > + break; > default: > if (SCSI_DEBUG_OPT_NOISE & scsi_debug_opts) > printk(KERN_INFO "scsi_debug: Opcode: 0x%x not " > @@ -954,7 +972,9 @@ static int resp_inquiry(struct scsi_cmnd > int alloc_len, n, ret; > > alloc_len = (cmd[3] << 8) + cmd[4]; > - arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_KERNEL); > + arr = kzalloc(SDEBUG_MAX_INQ_ARR_SZ, GFP_ATOMIC); > + if (! arr) > + return DID_REQUEUE << 16; > if (devip->wlun) > pq_pdt = 0x1e; /* present, wlun */ > else if (scsi_debug_no_lun_0 && (0 == devip->lun)) > @@ -1217,7 +1237,9 @@ static int resp_report_tgtpgs(struct scs > alen = ((cmd[6] << 24) + (cmd[7] << 16) + (cmd[8] << 8) > + cmd[9]); > > - arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_KERNEL); > + arr = kzalloc(SDEBUG_MAX_TGTPGS_ARR_SZ, GFP_ATOMIC); > + if (! arr) > + return DID_REQUEUE << 16; > /* > * EVPD page 0x88 states we have two ports, one > * real and a fake port with no device connected. > @@ -1996,6 +2018,8 @@ static int scsi_debug_slave_configure(st > if (sdp->host->max_cmd_len != SCSI_DEBUG_MAX_CMD_LEN) > sdp->host->max_cmd_len = SCSI_DEBUG_MAX_CMD_LEN; > devip = devInfoReg(sdp); > + if (NULL == devip) > + return 1; /* no resources, will be marked offline */ > sdp->hostdata = devip; > if (sdp->host->cmd_per_lun) > scsi_adjust_queue_depth(sdp, SDEBUG_TAGGED_QUEUING, > @@ -2044,7 +2068,7 @@ static struct sdebug_dev_info * devInfoR > } > } > if (NULL == open_devip) { /* try and make a new one */ > - open_devip = kzalloc(sizeof(*open_devip),GFP_KERNEL); > + open_devip = kzalloc(sizeof(*open_devip),GFP_ATOMIC); > if (NULL == open_devip) { > printk(KERN_ERR "%s: out of memory at line %d\n", > __FUNCTION__, __LINE__); > @@ -2388,7 +2412,7 @@ MODULE_PARM_DESC(max_luns, "number of LU > MODULE_PARM_DESC(no_lun_0, "no LU number 0 (def=0 -> have lun 0)"); > MODULE_PARM_DESC(num_parts, "number of partitions(def=0)"); > MODULE_PARM_DESC(num_tgts, "number of targets per host to simulate(def=1)"); > -MODULE_PARM_DESC(opts, "1->noise, 2->medium_error, 4->... (def=0)"); > +MODULE_PARM_DESC(opts, "1->noise, 2->medium_err, 4->timeout, 8->recovered_err... (def=0)"); > MODULE_PARM_DESC(ptype, "SCSI peripheral type(def=0[disk])"); > MODULE_PARM_DESC(scsi_level, "SCSI level to simulate(def=5[SPC-3])"); > MODULE_PARM_DESC(virtual_gb, "virtual gigabyte size (def=0 -> use dev_size_mb)"); > @@ -2943,7 +2967,6 @@ static int sdebug_add_adapter(void) > struct list_head *lh, *lh_sf; > > sdbg_host = kzalloc(sizeof(*sdbg_host),GFP_KERNEL); > - > if (NULL == sdbg_host) { > printk(KERN_ERR "%s: out of memory at line %d\n", > __FUNCTION__, __LINE__); >
I guess the bug can be closed now. Thanks.