| Message ID | 1499760357-15120-1-git-send-email-lixiubo@cmss.chinamobile.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
To Damien, Please test this, I think this maybe helpful. Thanks, BRs On 2017年07月11日 16:05, lixiubo@cmss.chinamobile.com wrote: > From: Xiubo Li <lixiubo@cmss.chinamobile.com> > > For all the entries allocated from the ring cmd area, the memory > is something like the stack, which will reserve the old data, so > the entry->req.iov_bidi_cnt maybe none zero. > > To fix this, just memset all the entry memory before using it, and > also to be more readable we adjust the bidi code. > > Fixed: fe25cc34795(tcmu: Recalculate the tcmu_cmd size to save cmd area > memories) > Reported-by: Bryant G. Ly <bryantly@linux.vnet.ibm.com> > Signed-off-by: Xiubo Li <lixiubo@cmss.chinamobile.com> > --- > drivers/target/target_core_user.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c > index 2f1fa92..be62c86 100644 > --- a/drivers/target/target_core_user.c > +++ b/drivers/target/target_core_user.c > @@ -840,6 +840,7 @@ static inline size_t tcmu_cmd_get_cmd_size(struct tcmu_cmd *tcmu_cmd, > } > > entry = (void *) mb + CMDR_OFF + cmd_head; > + memset(entry, 0, command_size); > tcmu_hdr_set_op(&entry->hdr.len_op, TCMU_OP_CMD); > entry->hdr.cmd_id = tcmu_cmd->cmd_id; > entry->hdr.kflags = 0; > @@ -865,8 +866,8 @@ static inline size_t tcmu_cmd_get_cmd_size(struct tcmu_cmd *tcmu_cmd, > entry->req.iov_dif_cnt = 0; > > /* Handle BIDI commands */ > + iov_cnt = 0; > if (se_cmd->se_cmd_flags & SCF_BIDI) { > - iov_cnt = 0; > iov++; > ret = scatter_data_area(udev, tcmu_cmd, > se_cmd->t_bidi_data_sg, > @@ -879,8 +880,8 @@ static inline size_t tcmu_cmd_get_cmd_size(struct tcmu_cmd *tcmu_cmd, > pr_err("tcmu: alloc and scatter bidi data failed\n"); > return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; > } > - entry->req.iov_bidi_cnt = iov_cnt; > } > + entry->req.iov_bidi_cnt = iov_cnt; > > /* > * Recalaulate the command's base size and size according -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
WGl1Ym8sDQoNCldlbGwgZG9uZSAhIFRoaXMgZml4ZWQgbXkgcHJvYmxlbS4gVGhlIFpCQyB0ZXN0 IHN1aXRlIG5vdyBwYXNzZXMgYWxsIHRlc3RzIG9uDQpteSB0YXJnZXQgd2l0aG91dCBjcmFzaGlu ZyB0aGUga2VybmVsLg0KDQpQbGVhc2Ugc2VlIHNvbWUgY29tbWVudHMvbml0cGlja3MgYmVsb3cu DQoNCk90aGVyd2lzZSwgcGxlYXNlIGZlZWwgZnJlZSB0byBhZGQgbXkgInRlc3RlZC1ieSINCg0K DQpPbiBUdWUsIDIwMTctMDctMTEgYXQgMTc6MDYgKzA4MDAsIFhpdWJvIExpIHdyb3RlOg0KPiBP biAyMDE35bm0MDfmnIgxMeaXpSAxNjowNSwgbGl4aXVib0BjbXNzLmNoaW5hbW9iaWxlLmNvbSB3 cm90ZToNCj4gPiBGcm9tOiBYaXVibyBMaSA8bGl4aXVib0BjbXNzLmNoaW5hbW9iaWxlLmNvbT4N Cj4gPiANCj4gPiBGb3IgYWxsIHRoZSBlbnRyaWVzIGFsbG9jYXRlZCBmcm9tIHRoZSByaW5nIGNt ZCBhcmVhLCB0aGUgbWVtb3J5DQo+ID4gaXMgc29tZXRoaW5nIGxpa2UgdGhlIHN0YWNrLCB3aGlj aCB3aWxsIHJlc2VydmUgdGhlIG9sZCBkYXRhLCBzbw0KPiA+IHRoZSBlbnRyeS0+cmVxLmlvdl9i aWRpX2NudCBtYXliZSBub25lIHplcm8uDQo+ID4gDQo+ID4gVG8gZml4IHRoaXMsIGp1c3QgbWVt c2V0IGFsbCB0aGUgZW50cnkgbWVtb3J5IGJlZm9yZSB1c2luZyBpdCwgYW5kDQo+ID4gYWxzbyB0 byBiZSBtb3JlIHJlYWRhYmxlIHdlIGFkanVzdCB0aGUgYmlkaSBjb2RlLg0KPiA+IA0KPiA+IEZp eGVkOiBmZTI1Y2MzNDc5NSh0Y211OiBSZWNhbGN1bGF0ZSB0aGUgdGNtdV9jbWQgc2l6ZSB0byBz YXZlIGNtZCBhcmVhDQo+ID4gCQltZW1vcmllcykNCj4gPiBSZXBvcnRlZC1ieTogQnJ5YW50IEcu IEx5IDxicnlhbnRseUBsaW51eC52bmV0LmlibS5jb20+DQo+ID4gU2lnbmVkLW9mZi1ieTogWGl1 Ym8gTGkgPGxpeGl1Ym9AY21zcy5jaGluYW1vYmlsZS5jb20+DQo+ID4gLS0tDQo+ID4gwqAgZHJp dmVycy90YXJnZXQvdGFyZ2V0X2NvcmVfdXNlci5jIHwgNSArKystLQ0KPiA+IMKgIDEgZmlsZSBj aGFuZ2VkLCAzIGluc2VydGlvbnMoKyksIDIgZGVsZXRpb25zKC0pDQo+ID4gDQo+ID4gZGlmZiAt LWdpdCBhL2RyaXZlcnMvdGFyZ2V0L3RhcmdldF9jb3JlX3VzZXIuYw0KPiA+IGIvZHJpdmVycy90 YXJnZXQvdGFyZ2V0X2NvcmVfdXNlci5jDQo+ID4gaW5kZXggMmYxZmE5Mi4uYmU2MmM4NiAxMDA2 NDQNCj4gPiAtLS0gYS9kcml2ZXJzL3RhcmdldC90YXJnZXRfY29yZV91c2VyLmMNCj4gPiArKysg Yi9kcml2ZXJzL3RhcmdldC90YXJnZXRfY29yZV91c2VyLmMNCj4gPiBAQCAtODQwLDYgKzg0MCw3 IEBAIHN0YXRpYyBpbmxpbmUgc2l6ZV90IHRjbXVfY21kX2dldF9jbWRfc2l6ZShzdHJ1Y3QNCj4g PiB0Y211X2NtZCAqdGNtdV9jbWQsDQo+ID4gwqDCoAl9DQo+ID4gwqDCoA0KPiA+IMKgwqAJZW50 cnkgPSAodm9pZCAqKSBtYiArIENNRFJfT0ZGICsgY21kX2hlYWQ7DQo+ID4gKwltZW1zZXQoZW50 cnksIDAsIGNvbW1hbmRfc2l6ZSk7DQo+ID4gwqDCoAl0Y211X2hkcl9zZXRfb3AoJmVudHJ5LT5o ZHIubGVuX29wLCBUQ01VX09QX0NNRCk7DQo+ID4gwqDCoAllbnRyeS0+aGRyLmNtZF9pZCA9IHRj bXVfY21kLT5jbWRfaWQ7DQo+ID4gwqDCoAllbnRyeS0+aGRyLmtmbGFncyA9IDA7DQoNClRoZSBh ZGRlZCBtZW1zZXQgYWxsb3dzIHJlbW92aW5nIHRoZSAwIGFzc2lnbm1lbnQgaGVyZSwgYW5kIHRo ZSBvbmUgdGhhdA0KZm9sbG93cyB0aGlzIG9uZSB0b28uDQoNCj4gPiBAQCAtODY1LDggKzg2Niw4 IEBAIHN0YXRpYyBpbmxpbmUgc2l6ZV90IHRjbXVfY21kX2dldF9jbWRfc2l6ZShzdHJ1Y3QNCj4g PiB0Y211X2NtZCAqdGNtdV9jbWQsDQo+ID4gwqDCoAllbnRyeS0+cmVxLmlvdl9kaWZfY250ID0g MDsNCj4gPiDCoMKgDQo+ID4gwqDCoAkvKiBIYW5kbGUgQklESSBjb21tYW5kcyAqLw0KPiA+ICsJ aW92X2NudCA9IDA7DQo+ID4gwqDCoAlpZiAoc2VfY21kLT5zZV9jbWRfZmxhZ3MgJiBTQ0ZfQklE SSkgew0KPiA+IC0JCWlvdl9jbnQgPSAwOw0KPiA+IMKgwqAJCWlvdisrOw0KPiA+IMKgwqAJCXJl dCA9IHNjYXR0ZXJfZGF0YV9hcmVhKHVkZXYsIHRjbXVfY21kLA0KPiA+IMKgwqAJCQkJCXNlX2Nt ZC0+dF9iaWRpX2RhdGFfc2csDQo+ID4gQEAgLTg3OSw4ICs4ODAsOCBAQCBzdGF0aWMgaW5saW5l IHNpemVfdCB0Y211X2NtZF9nZXRfY21kX3NpemUoc3RydWN0DQo+ID4gdGNtdV9jbWQgKnRjbXVf Y21kLA0KPiA+IMKgwqAJCQlwcl9lcnIoInRjbXU6IGFsbG9jIGFuZCBzY2F0dGVyIGJpZGkgZGF0 YQ0KPiA+IGZhaWxlZFxuIik7DQo+ID4gwqDCoAkJCXJldHVybiBUQ01fTE9HSUNBTF9VTklUX0NP TU1VTklDQVRJT05fRkFJTFVSRTsNCj4gPiDCoMKgCQl9DQo+ID4gLQkJZW50cnktPnJlcS5pb3Zf YmlkaV9jbnQgPSBpb3ZfY250Ow0KPiA+IMKgwqAJfQ0KPiA+ICsJZW50cnktPnJlcS5pb3ZfYmlk aV9jbnQgPSBpb3ZfY250Ow0KPiA+IMKgwqANCj4gPiDCoMKgCS8qDQo+ID4gwqDCoAnCoCogUmVj YWxhdWxhdGUgdGhlIGNvbW1hbmQncyBiYXNlIHNpemUgYW5kIHNpemUgYWNjb3JkaW5nDQoNCkZv ciByZWZlcmVuY2UsIGhlcmUgaXMgdGhlIGFjdHVhbCBwYXRjaCBJIHVzZWQgZm9yIHRlc3Rpbmc6 DQoNCmRpZmYgLS1naXQgYS9kcml2ZXJzL3RhcmdldC90YXJnZXRfY29yZV91c2VyLmMNCmIvZHJp dmVycy90YXJnZXQvdGFyZ2V0X2NvcmVfdXNlci5jDQppbmRleCAyZjFmYTkyLi4zYjI1ZWYzIDEw MDY0NA0KLS0tIGEvZHJpdmVycy90YXJnZXQvdGFyZ2V0X2NvcmVfdXNlci5jDQorKysgYi9kcml2 ZXJzL3RhcmdldC90YXJnZXRfY29yZV91c2VyLmMNCkBAIC01NjMsNyArNTYzLDcgQEAgc3RhdGlj IGludCBzY2F0dGVyX2RhdGFfYXJlYShzdHJ1Y3QgdGNtdV9kZXYgKnVkZXYsDQrCoAkJCXRvX29m ZnNldCA9IGdldF9ibG9ja19vZmZzZXRfdXNlcih1ZGV2LCBkYmksDQrCoAkJCQkJYmxvY2tfcmVt YWluaW5nKTsNCsKgCQkJb2Zmc2V0ID0gREFUQV9CTE9DS19TSVpFIC0gYmxvY2tfcmVtYWluaW5n Ow0KLQkJCXRvID0gKHZvaWQgKikodW5zaWduZWQgbG9uZyl0byArIG9mZnNldDsNCisJCQl0byAr PSBvZmZzZXQ7DQrCoA0KwqAJCQlpZiAoKmlvdl9jbnQgIT0gMCAmJg0KwqAJCQnCoMKgwqDCoHRv X29mZnNldCA9PSBpb3ZfdGFpbCh1ZGV2LCAqaW92KSkgew0KQEAgLTYzNiw3ICs2MzYsNyBAQCBz dGF0aWMgdm9pZCBnYXRoZXJfZGF0YV9hcmVhKHN0cnVjdCB0Y211X2RldiAqdWRldiwgc3RydWN0 DQp0Y211X2NtZCAqY21kLA0KwqAJCQljb3B5X2J5dGVzID0gbWluX3Qoc2l6ZV90LCBzZ19yZW1h aW5pbmcsDQrCoAkJCQkJYmxvY2tfcmVtYWluaW5nKTsNCsKgCQkJb2Zmc2V0ID0gREFUQV9CTE9D S19TSVpFIC0gYmxvY2tfcmVtYWluaW5nOw0KLQkJCWZyb20gPSAodm9pZCAqKSh1bnNpZ25lZCBs b25nKWZyb20gKyBvZmZzZXQ7DQorCQkJZnJvbSArPSBvZmZzZXQ7DQrCoAkJCXRjbXVfZmx1c2hf ZGNhY2hlX3JhbmdlKGZyb20sIGNvcHlfYnl0ZXMpOw0KwqAJCQltZW1jcHkodG8gKyBzZy0+bGVu Z3RoIC0gc2dfcmVtYWluaW5nLCBmcm9tLA0KwqAJCQkJCWNvcHlfYnl0ZXMpOw0KQEAgLTg0MCwx MCArODQwLDkgQEAgdGNtdV9xdWV1ZV9jbWRfcmluZyhzdHJ1Y3QgdGNtdV9jbWQgKnRjbXVfY21k KQ0KwqAJfQ0KwqANCsKgCWVudHJ5ID0gKHZvaWQgKikgbWIgKyBDTURSX09GRiArIGNtZF9oZWFk Ow0KKwltZW1zZXQoZW50cnksIDAsIGNvbW1hbmRfc2l6ZSk7DQrCoAl0Y211X2hkcl9zZXRfb3Ao JmVudHJ5LT5oZHIubGVuX29wLCBUQ01VX09QX0NNRCk7DQrCoAllbnRyeS0+aGRyLmNtZF9pZCA9 IHRjbXVfY21kLT5jbWRfaWQ7DQotCWVudHJ5LT5oZHIua2ZsYWdzID0gMDsNCi0JZW50cnktPmhk ci51ZmxhZ3MgPSAwOw0KwqANCsKgCS8qIEhhbmRsZSBhbGxvY2F0aW5nIHNwYWNlIGZyb20gdGhl IGRhdGEgYXJlYSAqLw0KwqAJdGNtdV9jbWRfcmVzZXRfZGJpX2N1cih0Y211X2NtZCk7DQpAQCAt ODYyLDExICs4NjEsMTAgQEAgdGNtdV9xdWV1ZV9jbWRfcmluZyhzdHJ1Y3QgdGNtdV9jbWQgKnRj bXVfY21kKQ0KwqAJCXJldHVybiBUQ01fTE9HSUNBTF9VTklUX0NPTU1VTklDQVRJT05fRkFJTFVS RTsNCsKgCX0NCsKgCWVudHJ5LT5yZXEuaW92X2NudCA9IGlvdl9jbnQ7DQotCWVudHJ5LT5yZXEu aW92X2RpZl9jbnQgPSAwOw0KwqANCsKgCS8qIEhhbmRsZSBCSURJIGNvbW1hbmRzICovDQorCWlv dl9jbnQgPSAwOw0KwqAJaWYgKHNlX2NtZC0+c2VfY21kX2ZsYWdzICYgU0NGX0JJREkpIHsNCi0J CWlvdl9jbnQgPSAwOw0KwqAJCWlvdisrOw0KwqAJCXJldCA9IHNjYXR0ZXJfZGF0YV9hcmVhKHVk ZXYsIHRjbXVfY21kLA0KwqAJCQkJCXNlX2NtZC0+dF9iaWRpX2RhdGFfc2csDQpAQCAtODc5LDgg Kzg3Nyw4IEBAIHRjbXVfcXVldWVfY21kX3Jpbmcoc3RydWN0IHRjbXVfY21kICp0Y211X2NtZCkN CsKgCQkJcHJfZXJyKCJ0Y211OiBhbGxvYyBhbmQgc2NhdHRlciBiaWRpIGRhdGEgZmFpbGVkXG4i KTsNCsKgCQkJcmV0dXJuIFRDTV9MT0dJQ0FMX1VOSVRfQ09NTVVOSUNBVElPTl9GQUlMVVJFOw0K wqAJCX0NCi0JCWVudHJ5LT5yZXEuaW92X2JpZGlfY250ID0gaW92X2NudDsNCsKgCX0NCisJZW50 cnktPnJlcS5pb3ZfYmlkaV9jbnQgPSBpb3ZfY250Ow0KwqANCsKgCS8qDQrCoAnCoCogUmVjYWxh dWxhdGUgdGhlIGNvbW1hbmQncyBiYXNlIHNpemUgYW5kIHNpemUgYWNjb3JkaW5nDQotLcKgDQoN CkJlc3QgcmVnYXJkcy4NCg0KLS0gDQpEYW1pZW4gTGUgTW9hbA0KV2VzdGVybiBEaWdpdGFs -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Hi Damien, Good news. Thanks very much for you help to test about this. On 2017年07月11日 17:24, Damien Le Moal wrote: > Xiubo, > > Well done ! This fixed my problem. The ZBC test suite now passes all tests on > my target without crashing the kernel. > > Please see some comments/nitpicks below. > > Otherwise, please feel free to add my "tested-by" > > > On Tue, 2017-07-11 at 17:06 +0800, Xiubo Li wrote: >> On 2017年07月11日 16:05, lixiubo@cmss.chinamobile.com wrote: >>> From: Xiubo Li <lixiubo@cmss.chinamobile.com> >>> >>> For all the entries allocated from the ring cmd area, the memory >>> is something like the stack, which will reserve the old data, so >>> the entry->req.iov_bidi_cnt maybe none zero. >>> >>> To fix this, just memset all the entry memory before using it, and >>> also to be more readable we adjust the bidi code. >>> >>> Fixed: fe25cc34795(tcmu: Recalculate the tcmu_cmd size to save cmd area >>> memories) >>> Reported-by: Bryant G. Ly <bryantly@linux.vnet.ibm.com> >>> Signed-off-by: Xiubo Li <lixiubo@cmss.chinamobile.com> >>> --- >>> drivers/target/target_core_user.c | 5 +++-- >>> 1 file changed, 3 insertions(+), 2 deletions(-) >>> >>> diff --git a/drivers/target/target_core_user.c >>> b/drivers/target/target_core_user.c >>> index 2f1fa92..be62c86 100644 >>> --- a/drivers/target/target_core_user.c >>> +++ b/drivers/target/target_core_user.c >>> @@ -840,6 +840,7 @@ static inline size_t tcmu_cmd_get_cmd_size(struct >>> tcmu_cmd *tcmu_cmd, >>> } >>> >>> entry = (void *) mb + CMDR_OFF + cmd_head; >>> + memset(entry, 0, command_size); >>> tcmu_hdr_set_op(&entry->hdr.len_op, TCMU_OP_CMD); >>> entry->hdr.cmd_id = tcmu_cmd->cmd_id; >>> entry->hdr.kflags = 0; > The added memset allows removing the 0 assignment here, and the one that > follows this one too. > Yes, it is. Maybe reserving them could make the code more readable ? Thanks, BRs Xiubo >>> @@ -865,8 +866,8 @@ static inline size_t tcmu_cmd_get_cmd_size(struct >>> tcmu_cmd *tcmu_cmd, >>> entry->req.iov_dif_cnt = 0; >>> >>> /* Handle BIDI commands */ >>> + iov_cnt = 0; >>> if (se_cmd->se_cmd_flags & SCF_BIDI) { >>> - iov_cnt = 0; >>> iov++; >>> ret = scatter_data_area(udev, tcmu_cmd, >>> se_cmd->t_bidi_data_sg, >>> @@ -879,8 +880,8 @@ static inline size_t tcmu_cmd_get_cmd_size(struct >>> tcmu_cmd *tcmu_cmd, >>> pr_err("tcmu: alloc and scatter bidi data >>> failed\n"); >>> return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; >>> } >>> - entry->req.iov_bidi_cnt = iov_cnt; >>> } >>> + entry->req.iov_bidi_cnt = iov_cnt; >>> >>> /* >>> * Recalaulate the command's base size and size according > For reference, here is the actual patch I used for testing: > > diff --git a/drivers/target/target_core_user.c > b/drivers/target/target_core_user.c > index 2f1fa92..3b25ef3 100644 > --- a/drivers/target/target_core_user.c > +++ b/drivers/target/target_core_user.c > @@ -563,7 +563,7 @@ static int scatter_data_area(struct tcmu_dev *udev, > to_offset = get_block_offset_user(udev, dbi, > block_remaining); > offset = DATA_BLOCK_SIZE - block_remaining; > - to = (void *)(unsigned long)to + offset; > + to += offset; > > if (*iov_cnt != 0 && > to_offset == iov_tail(udev, *iov)) { > @@ -636,7 +636,7 @@ static void gather_data_area(struct tcmu_dev *udev, struct > tcmu_cmd *cmd, > copy_bytes = min_t(size_t, sg_remaining, > block_remaining); > offset = DATA_BLOCK_SIZE - block_remaining; > - from = (void *)(unsigned long)from + offset; > + from += offset; > tcmu_flush_dcache_range(from, copy_bytes); > memcpy(to + sg->length - sg_remaining, from, > copy_bytes); > @@ -840,10 +840,9 @@ tcmu_queue_cmd_ring(struct tcmu_cmd *tcmu_cmd) > } > > entry = (void *) mb + CMDR_OFF + cmd_head; > + memset(entry, 0, command_size); > tcmu_hdr_set_op(&entry->hdr.len_op, TCMU_OP_CMD); > entry->hdr.cmd_id = tcmu_cmd->cmd_id; > - entry->hdr.kflags = 0; > - entry->hdr.uflags = 0; > > /* Handle allocating space from the data area */ > tcmu_cmd_reset_dbi_cur(tcmu_cmd); > @@ -862,11 +861,10 @@ tcmu_queue_cmd_ring(struct tcmu_cmd *tcmu_cmd) > return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; > } > entry->req.iov_cnt = iov_cnt; > - entry->req.iov_dif_cnt = 0; > > /* Handle BIDI commands */ > + iov_cnt = 0; > if (se_cmd->se_cmd_flags & SCF_BIDI) { > - iov_cnt = 0; > iov++; > ret = scatter_data_area(udev, tcmu_cmd, > se_cmd->t_bidi_data_sg, > @@ -879,8 +877,8 @@ tcmu_queue_cmd_ring(struct tcmu_cmd *tcmu_cmd) > pr_err("tcmu: alloc and scatter bidi data failed\n"); > return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; > } > - entry->req.iov_bidi_cnt = iov_cnt; > } > + entry->req.iov_bidi_cnt = iov_cnt; > > /* > * Recalaulate the command's base size and size according > -- > > Best regards. > -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, 2017-07-11 at 09:24 +0000, Damien Le Moal wrote: > Xiubo, > > Well done ! This fixed my problem. The ZBC test suite now passes all tests on > my target without crashing the kernel. > > Please see some comments/nitpicks below. > > Otherwise, please feel free to add my "tested-by" > Great, thanks for the quick turn-around. Xiubo, please pick-up Damien's extra bits and repost for v2. Also, please update the patch topic + commit log to mention it addresses a general protection fault OOPs, so others can find it easily when looking through git log. Damien's OOPs would probably be the best one to include in the commit log, since Bryant's was on POWER. ;) Btw, since it's a regression fix related to commit fe25cc34795, I assume it should be CC'ed to stable for v4.12.y, right..? -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 2017年07月11日 17:34, Nicholas A. Bellinger wrote: > On Tue, 2017-07-11 at 09:24 +0000, Damien Le Moal wrote: >> Xiubo, >> >> Well done ! This fixed my problem. The ZBC test suite now passes all tests on >> my target without crashing the kernel. >> >> Please see some comments/nitpicks below. >> >> Otherwise, please feel free to add my "tested-by" >> > Great, thanks for the quick turn-around. > > Xiubo, please pick-up Damien's extra bits and repost for v2. Also, > please update the patch topic + commit log to mention it addresses a > general protection fault OOPs, so others can find it easily when looking > through git log. > > Damien's OOPs would probably be the best one to include in the commit > log, since Bryant's was on POWER. ;) Sure, I will repost for v2 later. > Btw, since it's a regression fix related to commit fe25cc34795, I assume > it should be CC'ed to stable for v4.12.y, right..? > Yes, it is. Thanks BRs Xiubo -- To unsubscribe from this list: send the line "unsubscribe target-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c index 2f1fa92..be62c86 100644 --- a/drivers/target/target_core_user.c +++ b/drivers/target/target_core_user.c @@ -840,6 +840,7 @@ static inline size_t tcmu_cmd_get_cmd_size(struct tcmu_cmd *tcmu_cmd, } entry = (void *) mb + CMDR_OFF + cmd_head; + memset(entry, 0, command_size); tcmu_hdr_set_op(&entry->hdr.len_op, TCMU_OP_CMD); entry->hdr.cmd_id = tcmu_cmd->cmd_id; entry->hdr.kflags = 0; @@ -865,8 +866,8 @@ static inline size_t tcmu_cmd_get_cmd_size(struct tcmu_cmd *tcmu_cmd, entry->req.iov_dif_cnt = 0; /* Handle BIDI commands */ + iov_cnt = 0; if (se_cmd->se_cmd_flags & SCF_BIDI) { - iov_cnt = 0; iov++; ret = scatter_data_area(udev, tcmu_cmd, se_cmd->t_bidi_data_sg, @@ -879,8 +880,8 @@ static inline size_t tcmu_cmd_get_cmd_size(struct tcmu_cmd *tcmu_cmd, pr_err("tcmu: alloc and scatter bidi data failed\n"); return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; } - entry->req.iov_bidi_cnt = iov_cnt; } + entry->req.iov_bidi_cnt = iov_cnt; /* * Recalaulate the command's base size and size according