From patchwork Wed Jan 3 09:11:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Meelis Roos X-Patchwork-Id: 10141881 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 25657601A1 for ; Wed, 3 Jan 2018 09:11:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0C37228F49 for ; Wed, 3 Jan 2018 09:11:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 00FD528F70; Wed, 3 Jan 2018 09:11:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E012B28F49 for ; Wed, 3 Jan 2018 09:11:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751573AbeACJLQ (ORCPT ); Wed, 3 Jan 2018 04:11:16 -0500 Received: from smtp2.it.da.ut.ee ([193.40.5.67]:49636 "EHLO smtp2.it.da.ut.ee" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751255AbeACJLN (ORCPT ); Wed, 3 Jan 2018 04:11:13 -0500 Received: from math.ut.ee (unknown [IPv6:2001:bb8:2002:2400:5054:ff:fe3b:8db9]) by smtp2.it.da.ut.ee (Postfix) with ESMTP id 1627B73EA55; Wed, 3 Jan 2018 11:11:12 +0200 (EET) Received: by math.ut.ee (Postfix, from userid 1014) id 018FB221D33; Wed, 3 Jan 2018 11:11:09 +0200 (EET) Received: from localhost (localhost [127.0.0.1]) by math.ut.ee (Postfix) with ESMTP id EE9BD2216AE; Wed, 3 Jan 2018 11:11:09 +0200 (EET) Date: Wed, 3 Jan 2018 11:11:09 +0200 (EET) From: Meelis Roos To: linux-scsi@vger.kernel.org, Adaptec OEM Raid Solutions Subject: [PATCH] aacraid driver oops with dead battery Message-ID: User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Sender: linux-scsi-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-scsi@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The battery in my HP NetRAID-4M died of old age, and the aacraid driver started oopsing with NULL pointer dereference on startup after that. Fix it by reordering the init sequence to fill in function pointers before ioremapping memory, or dev->a_ops.adapter_ioremap pointer will be NULL. Other subtypes of aacraid seem to have the order already correct. This was the call trace: ? aac_probe_one+0x7a5/0xb30 [aacraid] pci_device_probe+0xc0/0x1a0 driver_probe_device+0x1df/0x3b0 __driver_attach+0xa9/0xe0 ? driver_probe_device+0x3b0/0x3b0 bus_for_each_dev+0x4c/0x90 driver_attach+0x1d/0x40 ? driver_probe_device+0x3b0/0x3b0 bus_add_driver+0x1a7/0x2a0 driver_register+0x6e/0x130 __pci_register_driver+0x54/0x90 ? 0xf81f4000 aac_init+0x2b/0x1000 [aacraid] do_one_initcall+0x45/0x1e0 ? kfree_skbmem+0x74/0xa0 ? kfree+0x16d/0x240 ? kvfree+0x45/0x50 ? kvfree+0x45/0x50 ? __vunmap+0x99/0x120 ? do_init_module+0x1a/0x245 do_init_module+0x83/0x245 load_module+0x2764/0x34a0 ? kernel_read_file+0x150/0x320 SyS_finit_module+0x82/0xa0 do_fast_syscall_32+0xba/0x340 Signed-off-by: Meelis Roos Reviewed-by: Raghava Aditya Renukunta diff --git a/drivers/scsi/aacraid/sa.c b/drivers/scsi/aacraid/sa.c index 553922fed524..882f40353b96 100644 --- a/drivers/scsi/aacraid/sa.c +++ b/drivers/scsi/aacraid/sa.c @@ -329,6 +329,22 @@ int aac_sa_init(struct aac_dev *dev) instance = dev->id; name = dev->name; + /* + * Fill in the function dispatch table. + */ + + dev->a_ops.adapter_interrupt = aac_sa_interrupt_adapter; + dev->a_ops.adapter_disable_int = aac_sa_disable_interrupt; + dev->a_ops.adapter_enable_int = aac_sa_enable_interrupt; + dev->a_ops.adapter_notify = aac_sa_notify_adapter; + dev->a_ops.adapter_sync_cmd = sa_sync_cmd; + dev->a_ops.adapter_check_health = aac_sa_check_health; + dev->a_ops.adapter_restart = aac_sa_restart_adapter; + dev->a_ops.adapter_start = aac_sa_start_adapter; + dev->a_ops.adapter_intr = aac_sa_intr; + dev->a_ops.adapter_deliver = aac_rx_deliver_producer; + dev->a_ops.adapter_ioremap = aac_sa_ioremap; + if (aac_sa_ioremap(dev, dev->base_size)) { printk(KERN_WARNING "%s: unable to map adapter.\n", name); goto error_iounmap; @@ -362,22 +378,6 @@ int aac_sa_init(struct aac_dev *dev) msleep(1); } - /* - * Fill in the function dispatch table. - */ - - dev->a_ops.adapter_interrupt = aac_sa_interrupt_adapter; - dev->a_ops.adapter_disable_int = aac_sa_disable_interrupt; - dev->a_ops.adapter_enable_int = aac_sa_enable_interrupt; - dev->a_ops.adapter_notify = aac_sa_notify_adapter; - dev->a_ops.adapter_sync_cmd = sa_sync_cmd; - dev->a_ops.adapter_check_health = aac_sa_check_health; - dev->a_ops.adapter_restart = aac_sa_restart_adapter; - dev->a_ops.adapter_start = aac_sa_start_adapter; - dev->a_ops.adapter_intr = aac_sa_intr; - dev->a_ops.adapter_deliver = aac_rx_deliver_producer; - dev->a_ops.adapter_ioremap = aac_sa_ioremap; - /* * First clear out all interrupts. Then enable the one's that * we can handle.