github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
1ff463a159
linux/drivers
History
Bjørn Mork 1ff463a159 megaraid_sas: Sanity check user supplied length before passing it to dma_alloc_coherent() 
commit 98cb7e4413 upstream.

The ioc->sgl[i].iov_len value is supplied by the ioctl caller, and can be
zero in some cases.  Assume that's valid and continue without error.

Fixes (multiple individual reports of the same problem for quite a while):

http://marc.info/?l=linux-ide&m=128941801715301
http://bugs.debian.org/604627
http://www.mail-archive.com/linux-poweredge@dell.com/msg02575.html

megasas: Failed to alloc kernel SGL buffer for IOCTL

and

[   69.162538] ------------[ cut here ]------------
[   69.162806] kernel BUG at /build/buildd/linux-2.6.32/lib/swiotlb.c:368!
[   69.163134] invalid opcode: 0000 [#1] SMP
[   69.163570] last sysfs file: /sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map
[   69.163975] CPU 0
[   69.164227] Modules linked in: fbcon tileblit font bitblit softcursor vga16fb vgastate ioatdma radeon ttm drm_kms_helper shpchp drm i2c_algo_bit lp parport floppy pata_jmicron megaraid_sas igb dca
[   69.167419] Pid: 1206, comm: smartctl Tainted: G        W  2.6.32-25-server #45-Ubuntu X8DTN
[   69.167843] RIP: 0010:[<ffffffff812c4dc5>]  [<ffffffff812c4dc5>] map_single+0x255/0x260
[   69.168370] RSP: 0018:ffff88081c0ebc58  EFLAGS: 00010246
[   69.168655] RAX: 000000000003bffc RBX: 00000000ffffffff RCX: 0000000000000002
[   69.169000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88001dffe000
[   69.169346] RBP: ffff88081c0ebcb8 R08: 0000000000000000 R09: ffff880000030840
[   69.169691] R10: 0000000000100000 R11: 0000000000000000 R12: 0000000000000000
[   69.170036] R13: 00000000ffffffff R14: 0000000000000001 R15: 0000000000200000
[   69.170382] FS:  00007fb8de189720(0000) GS:ffff88001de00000(0000) knlGS:0000000000000000
[   69.170794] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   69.171094] CR2: 00007fb8dd59237c CR3: 000000081a790000 CR4: 00000000000006f0
[   69.171439] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   69.171784] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[   69.172130] Process smartctl (pid: 1206, threadinfo ffff88081c0ea000, task ffff88081a760000)
[   69.194513] Stack:
[   69.205788]  0000000000000034 00000002817e3390 0000000000000000 ffff88081c0ebe00
[   69.217739] <0> 0000000000000000 000000000003bffc 0000000000000000 0000000000000000
[   69.241250] <0> 0000000000000000 00000000ffffffff ffff88081c5b4080 ffff88081c0ebe00
[   69.277310] Call Trace:
[   69.289278]  [<ffffffff812c52ac>] swiotlb_alloc_coherent+0xec/0x130
[   69.301118]  [<ffffffff81038b31>] x86_swiotlb_alloc_coherent+0x61/0x70
[   69.313045]  [<ffffffffa002d0ce>] megasas_mgmt_fw_ioctl+0x1ae/0x690 [megaraid_sas]
[   69.336399]  [<ffffffffa002d748>] megasas_mgmt_ioctl_fw+0x198/0x240 [megaraid_sas]
[   69.359346]  [<ffffffffa002f695>] megasas_mgmt_ioctl+0x35/0x50 [megaraid_sas]
[   69.370902]  [<ffffffff81153b12>] vfs_ioctl+0x22/0xa0
[   69.382322]  [<ffffffff8115da2a>] ? alloc_fd+0x10a/0x150
[   69.393622]  [<ffffffff81153cb1>] do_vfs_ioctl+0x81/0x410
[   69.404696]  [<ffffffff8155cc13>] ? do_page_fault+0x153/0x3b0
[   69.415761]  [<ffffffff811540c1>] sys_ioctl+0x81/0xa0
[   69.426640]  [<ffffffff810121b2>] system_call_fastpath+0x16/0x1b
[   69.437491] Code: fe ff ff 48 8b 3d 74 38 76 00 41 bf 00 00 20 00 e8 51 f5 d7 ff 83 e0 ff 48 05 ff 07 00 00 48 c1 e8 0b 48 89 45 c8 e9 13 fe ff ff <0f> 0b eb fe 0f 1f 80 00 00 00 00 55 48 89 e5 48 83 ec 20 4c 89
[   69.478216] RIP  [<ffffffff812c4dc5>] map_single+0x255/0x260
[   69.489668]  RSP <ffff88081c0ebc58>
[   69.500975] ---[ end trace 6a2181b634e2abc7 ]---

Reported-by: Bokhan Artem <aptem@ngs.ru>
Reported by: Marc-Christian Petersen <m.c.p@gmx.de>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Cc: Michael Benz <Michael.Benz@lsi.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-05-23 11:20:26 -07:00
..
accessibility
acpi ACPI: EC: Add another dmi match entry for MSI hardware 2011-01-07 14:43:07 -08:00
amba
ata libata: set queue DMA alignment to sector size for ATAPI too 2011-05-09 15:55:41 -07:00
atm atm/solos-pci: Don't include frame pseudo-header on transmit hex-dump 2011-04-14 16:53:44 -07:00
auxdisplay
base firmware_class: fix memory leak - free allocated pages 2010-08-02 10:21:25 -07:00
block cciss: fix lost command issue 2011-04-14 16:53:18 -07:00
bluetooth Bluetooth: Add MacBookAir3,1(2) support 2011-05-09 15:55:26 -07:00
cdrom
char Fix gcc 4.5.1 miscompiling drivers/char/i8k.c (again) 2011-05-09 15:54:59 -07:00
clocksource clocksource: sh_tmu: compute mult and shift before registration 2010-09-26 17:21:37 -07:00
connector connector: Delete buggy notification code. 2010-02-09 04:50:59 -08:00
cpufreq revert "[CPUFREQ] remove rwsem lock from CPUFREQ_GOV_STOP call (second call site)" 2010-08-02 10:21:25 -07:00
cpuidle cpuidle: Fix incorrect optimization 2010-05-12 14:57:16 -07:00
crypto crypto: padlock - Fix AES-CBC handling on odd-block-sized input 2010-12-09 13:27:10 -08:00
dca
dio
dma mv_xor: fix race in tasklet function 2011-01-07 14:43:17 -08:00
edac amd64_edac: Fix interleaving check 2011-01-07 14:43:06 -08:00
eisa
firewire firewire: ohci: fix race in AR split packet handling 2010-12-09 13:26:50 -08:00
firmware dcdbas: force SMI to happen when expected 2011-03-27 11:30:51 -07:00
gpio gpiolib: Actually set output state in wm831x_gpio_direction_output() 2010-03-15 08:49:57 -07:00
gpu drm/radeon/kms: fix bad shift in atom iio table parser 2011-05-09 15:54:47 -07:00
hid HID: add MacBookAir 3,1 and 3,2 support 2011-05-09 15:55:37 -07:00
hwmon hwmon: (applesmc) Add MacBookAir3,1(3,2) support 2011-05-09 15:55:17 -07:00
i2c i2c: Unregister dummy devices last on adapter removal 2011-02-17 15:37:03 -08:00
ide ide-cd: Do not access completed requests in the irq handler 2010-08-13 13:19:36 -07:00
idle
ieee1394
ieee802154
infiniband IB/cm: Bump reference count on cm_id before invoking callback 2011-03-23 13:16:43 -07:00
input Input: elantech - discard the first 2 positions on some firmwares 2011-05-09 15:55:08 -07:00
isdn isdn: avoid calling tty_ldisc_flush() in atomic context 2011-03-23 13:16:55 -07:00
leds leds-gpio: fix default state handling on OF platforms 2010-04-01 15:58:53 -07:00
lguest
macintosh macintosh/therm_adt746x: Fix sysfs attributes lifetime 2010-03-15 08:49:46 -07:00
mca
md md: correctly handle probe of an 'mdp' device. 2011-03-02 09:47:05 -05:00
media V4L/DVB: Add Elgato EyeTV Diversity to dibcom driver 2011-05-09 15:55:30 -07:00
memstick memstick: fix hangs on unexpected device removal in mspro_blk 2010-08-26 16:41:32 -07:00
message mptfusion: Fix Incorrect return value in mptscsih_dev_reset 2011-03-02 09:46:33 -05:00
mfd mfd: ab3100: world-writable debugfs *_priv files 2011-04-14 16:53:37 -07:00
misc drivers/misc/ep93xx_pwm.c: world-writable sysfs files 2011-04-14 16:53:38 -07:00
mmc mmc: build fix: mmc_pm_notify is only available with CONFIG_PM=y 2011-05-09 15:55:32 -07:00
mtd mtd: add "platform:" prefix for platform modalias 2011-03-23 13:16:37 -07:00
net zorro8390: Fix regression caused during net_device_ops conversion 2011-05-23 11:20:17 -07:00
nubus
of
oprofile oprofile: fix crash when accessing freed task structs 2010-09-20 13:17:50 -07:00
parisc PARISC: led.c - fix potential stack overflow in led_proc_write() 2010-08-10 10:20:37 -07:00
parport
pci intel-iommu: Force-disable IOMMU for iGFX on broken Cantiga revisions. 2011-05-09 15:55:37 -07:00
pcmcia pcmcia: avoid buffer overflow in pcmcia_setup_isa_irq 2010-08-26 16:41:53 -07:00
platform dell-laptop: Add another Dell laptop family to the DMI whitelist 2011-05-09 15:55:34 -07:00
pnp
power ds2760_battery: Fix calculation of time_to_empty_now 2011-02-17 15:37:02 -08:00
pps
ps3
rapidio
regulator regulator: Fix display of null constraints for regulators 2010-02-23 07:37:49 -08:00
rtc drivers/rtc/rtc-ds1511.c: world-writable sysfs nvram file 2011-04-14 16:53:37 -07:00
s390 dasd: correct device table 2011-05-09 15:54:50 -07:00
sbus
scsi megaraid_sas: Sanity check user supplied length before passing it to dma_alloc_coherent() 2011-05-23 11:20:26 -07:00
serial serial/imx: read cts state only after acking cts change irq 2011-05-09 15:54:48 -07:00
sfi
sh
sn
spi
ssb ssb: b43-pci-bridge: Add new vendor for BCM4318 2010-12-09 13:26:41 -08:00
staging Staging: rtl8192su: add device ids 2011-05-09 15:55:09 -07:00
tc
telephony
thermal
uio
usb usb: musb: core: set has_tt flag 2011-05-09 15:55:41 -07:00
uwb
video backlight: MacBookAir3,1(3,2) mbp-nvidia-bl support 2011-05-09 15:55:36 -07:00
virtio virtio: set pci bus master enable bit 2011-03-07 15:17:55 -08:00
vlynq
w1 w1: w1 temp: fix negative termperature calculation 2010-05-12 14:57:00 -07:00
watchdog WATCHDOG: iTCO_wdt: TCO Watchdog patch for additional Intel Cougar Point DeviceIDs 2010-04-26 07:41:18 -07:00
xen xen: ensure that all event channels start off bound to VCPU 0 2010-12-09 13:26:42 -08:00
zorro
Kconfig
Makefile virtio: initialize earlier 2010-05-12 14:57:15 -07:00