From patchwork Wed Nov 1 16:04:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Bart Van Assche X-Patchwork-Id: 10036705 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0932D603B5 for ; Wed, 1 Nov 2017 16:04:40 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0A5762866C for ; Wed, 1 Nov 2017 16:04:40 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id F362328821; Wed, 1 Nov 2017 16:04:39 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 44AE928815 for ; Wed, 1 Nov 2017 16:04:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752246AbdKAQEi (ORCPT ); Wed, 1 Nov 2017 12:04:38 -0400 Received: from esa3.hgst.iphmx.com ([216.71.153.141]:10203 "EHLO esa3.hgst.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751653AbdKAQEh (ORCPT ); Wed, 1 Nov 2017 12:04:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=wdc.com; i=@wdc.com; q=dns/txt; s=dkim.wdc.com; t=1509552277; x=1541088277; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=RGZAjwJgvixg7IOP/b2NSmqWX2jQqyEsWCL/xErZ7FY=; b=WSoF8RtYDo9zT6ZuciGESDcmunQneuAP7uqndoPiot0O3UPfJE8Tfbwe P0Cd8cg/4ZUa+Ck3ELgB7hlft/nio+Jz673ka/W10Tmawr8HOKAS+29R0 gNtzT2fqIM02yXtsqKtkqn927eDXc69+q1f8V6afDYx323clZMvYR24gZ rwu642WkdXKskxTsLOXJ9132gklPFgFLYPx021GgAzMis01EYNwpf9Z7i EZwvbf3SS5z6VMJZRfaHS+QHOqfQQDihc0w/AHwx2ZRKJ2fCPDt5AKjeP inhj5Huv7EE/FphlUqPa/e2Wi8wz8a71g1Gs1YxgfuluZ+AdZ5rM+/sp+ Q==; X-IronPort-AV: E=Sophos;i="5.44,329,1505750400"; d="scan'208";a="60942616" Received: from mail-sn1nam01lp0114.outbound.protection.outlook.com (HELO NAM01-SN1-obe.outbound.protection.outlook.com) ([207.46.163.114]) by ob1.hgst.iphmx.com with ESMTP; 02 Nov 2017 00:04:37 +0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sharedspace.onmicrosoft.com; s=selector1-wdc-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=RGZAjwJgvixg7IOP/b2NSmqWX2jQqyEsWCL/xErZ7FY=; b=mrZI6Oyaz0V0E4NhU+KPsLe94LjbW0h7NnLyi1QSyVx8Ff+1dJRryu/tLrrLYLB1PVZj9nxm0jUYS7NOLuKT9tcZ8mfLQ1CjmCfVMVgeJqmXhuhdkvQsBJWsZ46TnzMdq4sTc/YYmsy6jXToHuITBFfRAf6NQufD6ZPqdDh0ons= Received: from CY1PR0401MB1536.namprd04.prod.outlook.com (10.163.19.154) by CY1PR0401MB1536.namprd04.prod.outlook.com (10.163.19.154) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Wed, 1 Nov 2017 16:04:34 +0000 Received: from CY1PR0401MB1536.namprd04.prod.outlook.com ([10.163.19.154]) by CY1PR0401MB1536.namprd04.prod.outlook.com ([10.163.19.154]) with mapi id 15.20.0197.013; Wed, 1 Nov 2017 16:04:34 +0000 From: Bart Van Assche To: "hch@lst.de" , "linux-block@vger.kernel.org" , "hongxu.jia@windriver.com" , "axboe@fb.com" Subject: Re: [PATCH] ide:ide-cd: fix kernel panic resulting from missing scsi_req_init Thread-Topic: [PATCH] ide:ide-cd: fix kernel panic resulting from missing scsi_req_init Thread-Index: AQHTUhsqHK7NFEbweke2D6c5NWQadaL+FDaAgACtdwCAAPBTgA== Date: Wed, 1 Nov 2017 16:04:34 +0000 Message-ID: <1509552273.2530.25.camel@wdc.com> References: <1509435580-8308-1-git-send-email-hongxu.jia@windriver.com> <1509463413.3036.2.camel@wdc.com> <97d0d042-d780-498e-6d62-875e5cd41c28@windriver.com> In-Reply-To: <97d0d042-d780-498e-6d62-875e5cd41c28@windriver.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Bart.VanAssche@wdc.com; x-originating-ip: [63.163.107.100] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY1PR0401MB1536; 20:PpH6R/BHN8EsxlGuBlENM6AwivNHYMK37IU77dMX4CfFaEYqLYeqyQpu/Uu5mxWzUXYP4WTZuXDC4CSPKD8GszVtEW63zY8fHUM47b7DCZ6j3OnX4gDeeLIVuJK5ebIYGtxADfNqNwqKNfaQoScuzVri0cnnYAHNvhm/GTqrL2g= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: a67787be-6327-4a40-3a30-08d521423ed5 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(48565401081)(2017052603199); SRVR:CY1PR0401MB1536; x-ms-traffictypediagnostic: CY1PR0401MB1536: wdcipoutbound: EOP-TRUE x-exchange-antispam-report-test: UriScan:(9452136761055)(278021516957215)(17755550239193); x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(100000703101)(100105400095)(3231020)(3002001)(6055026)(6041248)(20161123560025)(20161123562025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY1PR0401MB1536; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY1PR0401MB1536; x-forefront-prvs: 0478C23FE0 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(376002)(346002)(39860400002)(189002)(24454002)(377424004)(199003)(101416001)(53936002)(36756003)(305945005)(2501003)(68736007)(478600001)(72206003)(966005)(189998001)(6512007)(6246003)(99286003)(6306002)(86362001)(4001150100001)(110136005)(2900100001)(97736004)(8676002)(2201001)(102836003)(7736002)(3846002)(6116002)(316002)(2906002)(8936002)(106356001)(3280700002)(3660700001)(14454004)(66066001)(81156014)(81166006)(229853002)(103116003)(105586002)(5660300001)(25786009)(76176999)(54356999)(6486002)(6506006)(77096006)(50986999)(6436002)(2950100002)(33646002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR0401MB1536; H:CY1PR0401MB1536.namprd04.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-ID: <2263E0C6396DDF48968FFE467C5517BE@namprd04.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: wdc.com X-MS-Exchange-CrossTenant-Network-Message-Id: a67787be-6327-4a40-3a30-08d521423ed5 X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2017 16:04:34.7106 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: b61c8803-16f3-4c35-9b17-6f65f441df86 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0401MB1536 Sender: linux-block-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-block@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Wed, 2017-11-01 at 09:44 +0800, Hongxu Jia wrote: > On 2017年10月31日 23:23, Bart Van Assche wrote: > > On Tue, 2017-10-31 at 15:39 +0800, Hongxu Jia wrote: > > > Since we split the scsi_request out of struct request, while the > > > standard prep_rq_fn builds 10 byte cmds, it missed to invoke > > > scsi_req_init() to initialize certain fields of a scsi_request > > > structure (.__cmd[], .cmd, .cmd_len and .sense_len but no other > > > members of struct scsi_request). > > > > > > An example panic on virtual machines (qemu/virtualbox) to boot > > > from IDE cdrom: > > > ... > > > [ 8.754381] Call Trace: > > > [ 8.755419] blk_peek_request+0x182/0x2e0 > > > [ 8.755863] blk_fetch_request+0x1c/0x40 > > > [ 8.756148] ? ktime_get+0x40/0xa0 > > > [ 8.756385] do_ide_request+0x37d/0x660 > > > [ 8.756704] ? cfq_group_service_tree_add+0x98/0xc0 > > > [ 8.757011] ? cfq_service_tree_add+0x1e5/0x2c0 > > > [ 8.757313] ? ktime_get+0x40/0xa0 > > > [ 8.757544] __blk_run_queue+0x3d/0x60 > > > [ 8.757837] queue_unplugged+0x2f/0xc0 > > > [ 8.758088] blk_flush_plug_list+0x1f4/0x240 > > > [ 8.758362] blk_finish_plug+0x2c/0x40 > > > ... > > > [ 8.770906] RIP: ide_cdrom_prep_fn+0x63/0x180 RSP: ffff92aec018bae8 > > > [ 8.772329] ---[ end trace 6408481e551a85c9 ]--- > > > ... > > > > With which kernel version did you encounter this kernel panic? IDE CD-ROM > > access works fine here from inside qemu with kernel v4.14.0-rc6. > > I also compiled with kernel 4.14.0-rc6, and it failed. > > Ubuntu 17.10, Fedora 27 do not have the same issue, > because they disable ide and use ata piix to instead. > > Ubuntu 17.10, kernel 4.13.0-16 > vim /boot/config-4.13.0-16-generic > ... > # CONFIG_IDE is not set > CONFIG_ATA_PIIX=y > [ ... ] > What about your kernel config and boot log? If I disable CONFIG_ATA and enable CONFIG_IDE I can reproduce this crash. As you probably know request allocation follows one of these code paths with the legacy block layer: blk_get_request(q, op, gfp) -> blk_old_get_request(q, op, gfp) -> get_request(q, op, bio, gfp) -> __get_request(rl, op, bio, gfp) -> blk_rq_init(q, rq) generic_make_request(bio) -> blk_queue_bio(q, bio) -> get_request(q, op, bio, gfp) -> __get_request(rl, op, bio, gfp) -> blk_rq_init(q, rq) ide_initialize_rq() gets called from inside blk_get_request() but does not get called in the second case. One possible solution for this kernel panic is to call .initialize_rq_fn() also for filesystem requests. However, a patch that realized this got rejected (see also https://www.mail-archive.com/linux-block@vger.kernel.org/msg12160.html). How about replacing your patch with something like the patch below? The advantages of the patch below are: - memset(req->cmd, 0, BLK_MAX_CDB) is called once instead of twice. - The sense buffer pointer gets initialized. The ide_initialize_rq() implementation is as follows: static void ide_initialize_rq(struct request *rq) { struct ide_request *req = blk_mq_rq_to_pdu(rq); scsi_req_init(&req->sreq); req->sreq.sense = req->sense; } Thanks, Bart. diff --git a/drivers/ide/ide-cd.c b/drivers/ide/ide-cd.c index 81e18f9628d0..09b5bdb1af64 100644 --- a/drivers/ide/ide-cd.c +++ b/drivers/ide/ide-cd.c @@ -1328,7 +1328,7 @@ static int ide_cdrom_prep_fs(struct request_queue *q, struct request *rq) unsigned long blocks = blk_rq_sectors(rq) / (hard_sect >> 9); struct scsi_request *req = scsi_req(rq); - memset(req->cmd, 0, BLK_MAX_CDB); + q->initialize_rq_fn(rq); if (rq_data_dir(rq) == READ) req->cmd[0] = GPCMD_READ_10;