diff options
Diffstat (limited to 'recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.9/0059-scsi_scan-Fix-Poison-overwritten-warning-caused-by-u.patch')
-rw-r--r-- | recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.9/0059-scsi_scan-Fix-Poison-overwritten-warning-caused-by-u.patch | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.9/0059-scsi_scan-Fix-Poison-overwritten-warning-caused-by-u.patch b/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.9/0059-scsi_scan-Fix-Poison-overwritten-warning-caused-by-u.patch new file mode 100644 index 00000000..1f9fcd1d --- /dev/null +++ b/recipes-kernel/linux/linux-ti33x-psp-3.2/3.2.9/0059-scsi_scan-Fix-Poison-overwritten-warning-caused-by-u.patch | |||
@@ -0,0 +1,104 @@ | |||
1 | From 0234f0569820c617e90b0ced54a345705cee031b Mon Sep 17 00:00:00 2001 | ||
2 | From: Huajun Li <huajun.li.lee@gmail.com> | ||
3 | Date: Sun, 12 Feb 2012 19:59:14 +0800 | ||
4 | Subject: [PATCH 59/73] scsi_scan: Fix 'Poison overwritten' warning caused by | ||
5 | using freed 'shost' | ||
6 | |||
7 | commit 267a6ad4aefaafbde607804c60945bcf97f91c1b upstream. | ||
8 | |||
9 | In do_scan_async(), calling scsi_autopm_put_host(shost) may reference | ||
10 | freed shost, and cause Posison overwitten warning. | ||
11 | Yes, this case can happen, for example, an USB is disconnected just | ||
12 | when do_scan_async() thread starts to run, then scsi_host_put() called | ||
13 | in scsi_finish_async_scan() will lead to shost be freed(because the | ||
14 | refcount of shost->shost_gendev decreases to 1 after USB disconnects), | ||
15 | at this point, if references shost again, system will show following | ||
16 | warning msg. | ||
17 | |||
18 | To make scsi_autopm_put_host(shost) always reference a valid shost, | ||
19 | put it just before scsi_host_put() in function | ||
20 | scsi_finish_async_scan(). | ||
21 | |||
22 | [ 299.281565] ============================================================================= | ||
23 | [ 299.281634] BUG kmalloc-4096 (Tainted: G I ): Poison overwritten | ||
24 | [ 299.281682] ----------------------------------------------------------------------------- | ||
25 | [ 299.281684] | ||
26 | [ 299.281752] INFO: 0xffff880056c305d0-0xffff880056c305d0. First byte | ||
27 | 0x6a instead of 0x6b | ||
28 | [ 299.281816] INFO: Allocated in scsi_host_alloc+0x4a/0x490 age=1688 | ||
29 | cpu=1 pid=2004 | ||
30 | [ 299.281870] __slab_alloc+0x617/0x6c1 | ||
31 | [ 299.281901] __kmalloc+0x28c/0x2e0 | ||
32 | [ 299.281931] scsi_host_alloc+0x4a/0x490 | ||
33 | [ 299.281966] usb_stor_probe1+0x5b/0xc40 [usb_storage] | ||
34 | [ 299.282010] storage_probe+0xa4/0xe0 [usb_storage] | ||
35 | [ 299.282062] usb_probe_interface+0x172/0x330 [usbcore] | ||
36 | [ 299.282105] driver_probe_device+0x257/0x3b0 | ||
37 | [ 299.282138] __driver_attach+0x103/0x110 | ||
38 | [ 299.282171] bus_for_each_dev+0x8e/0xe0 | ||
39 | [ 299.282201] driver_attach+0x26/0x30 | ||
40 | [ 299.282230] bus_add_driver+0x1c4/0x430 | ||
41 | [ 299.282260] driver_register+0xb6/0x230 | ||
42 | [ 299.282298] usb_register_driver+0xe5/0x270 [usbcore] | ||
43 | [ 299.282337] 0xffffffffa04ab03d | ||
44 | [ 299.282364] do_one_initcall+0x47/0x230 | ||
45 | [ 299.282396] sys_init_module+0xa0f/0x1fe0 | ||
46 | [ 299.282429] INFO: Freed in scsi_host_dev_release+0x18a/0x1d0 age=85 | ||
47 | cpu=0 pid=2008 | ||
48 | [ 299.282482] __slab_free+0x3c/0x2a1 | ||
49 | [ 299.282510] kfree+0x296/0x310 | ||
50 | [ 299.282536] scsi_host_dev_release+0x18a/0x1d0 | ||
51 | [ 299.282574] device_release+0x74/0x100 | ||
52 | [ 299.282606] kobject_release+0xc7/0x2a0 | ||
53 | [ 299.282637] kobject_put+0x54/0xa0 | ||
54 | [ 299.282668] put_device+0x27/0x40 | ||
55 | [ 299.282694] scsi_host_put+0x1d/0x30 | ||
56 | [ 299.282723] do_scan_async+0x1fc/0x2b0 | ||
57 | [ 299.282753] kthread+0xdf/0xf0 | ||
58 | [ 299.282782] kernel_thread_helper+0x4/0x10 | ||
59 | [ 299.282817] INFO: Slab 0xffffea00015b0c00 objects=7 used=7 fp=0x | ||
60 | (null) flags=0x100000000004080 | ||
61 | [ 299.282882] INFO: Object 0xffff880056c30000 @offset=0 fp=0x (null) | ||
62 | [ 299.282884] | ||
63 | ... | ||
64 | |||
65 | Signed-off-by: Huajun Li <huajun.li.lee@gmail.com> | ||
66 | Acked-by: Alan Stern <stern@rowland.harvard.edu> | ||
67 | Signed-off-by: James Bottomley <JBottomley@Parallels.com> | ||
68 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | ||
69 | --- | ||
70 | drivers/scsi/scsi_scan.c | 4 ++-- | ||
71 | 1 files changed, 2 insertions(+), 2 deletions(-) | ||
72 | |||
73 | diff --git a/drivers/scsi/scsi_scan.c b/drivers/scsi/scsi_scan.c | ||
74 | index b3c6d95..6e7ea4a 100644 | ||
75 | --- a/drivers/scsi/scsi_scan.c | ||
76 | +++ b/drivers/scsi/scsi_scan.c | ||
77 | @@ -1815,6 +1815,7 @@ static void scsi_finish_async_scan(struct async_scan_data *data) | ||
78 | } | ||
79 | spin_unlock(&async_scan_lock); | ||
80 | |||
81 | + scsi_autopm_put_host(shost); | ||
82 | scsi_host_put(shost); | ||
83 | kfree(data); | ||
84 | } | ||
85 | @@ -1841,7 +1842,6 @@ static int do_scan_async(void *_data) | ||
86 | |||
87 | do_scsi_scan_host(shost); | ||
88 | scsi_finish_async_scan(data); | ||
89 | - scsi_autopm_put_host(shost); | ||
90 | return 0; | ||
91 | } | ||
92 | |||
93 | @@ -1869,7 +1869,7 @@ void scsi_scan_host(struct Scsi_Host *shost) | ||
94 | p = kthread_run(do_scan_async, data, "scsi_scan_%d", shost->host_no); | ||
95 | if (IS_ERR(p)) | ||
96 | do_scan_async(data); | ||
97 | - /* scsi_autopm_put_host(shost) is called in do_scan_async() */ | ||
98 | + /* scsi_autopm_put_host(shost) is called in scsi_finish_async_scan() */ | ||
99 | } | ||
100 | EXPORT_SYMBOL(scsi_scan_host); | ||
101 | |||
102 | -- | ||
103 | 1.7.7.4 | ||
104 | |||