[PATCH] libata: Return correct rc status in sata_pmp_eh_recover_pm() pwhen ATA_DFLAG_DETACH is set
During system resume from suspend, this can be observed on ASM1062 PMP controller: <6>[12007.593358] ata10.01: SATA link down (SStatus 0 SControl 330) <6>[12007.593469] ata10.02: hard resetting link <6>[12007.908353] ata10.02: SATA link down (SStatus 0 SControl 330) <6>[12007.911149] ata10.00: configured for UDMA/133 <0>[12007.972508] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: sata_pmp_eh_recover+0xa2b/0xa40 <0>[12007.972508] <4>[12007.972515] CPU: 2 PID: 230 Comm: scsi_eh_9 Tainted: P OE 4.15.0-46-generic #49-Ubuntu <4>[12007.972517] Hardware name: System manufacturer System Product Name/A320M-C, BIOS 1001 12/10/2017 <4>[12007.972518] Call Trace: <4>[12007.972525] dump_stack+0x63/0x8b <4>[12007.972530] panic+0xe4/0x244 <4>[12007.972533] ? sata_pmp_eh_recover+0xa2b/0xa40 <4>[12007.972536] __stack_chk_fail+0x19/0x20 <4>[12007.972538] sata_pmp_eh_recover+0xa2b/0xa40 <4>[12007.972543] ? ahci_do_softreset+0x260/0x260 [libahci] <4>[12007.972545] ? ahci_do_hardreset+0x140/0x140 [libahci] <4>[12007.972547] ? ata_phys_link_offline+0x60/0x60 <4>[12007.972549] ? ahci_stop_engine+0xc0/0xc0 [libahci] <4>[12007.972552] sata_pmp_error_handler+0x22/0x30 <4>[12007.972554] ahci_error_handler+0x45/0x80 [libahci] <4>[12007.972556] ata_scsi_port_error_handler+0x29b/0x770 <4>[12007.972558] ? ata_scsi_cmd_error_handler+0x101/0x140 <4>[12007.972559] ata_scsi_error+0x95/0xd0 <4>[12007.972562] ? scsi_try_target_reset+0x90/0x90 <4>[12007.972563] scsi_error_handler+0xd0/0x5b0 <4>[12007.972566] kthread+0x121/0x140 <4>[12007.972567] ? scsi_eh_get_sense+0x200/0x200 <4>[12007.972569] ? kthread_create_worker_on_cpu+0x70/0x70 <4>[12007.972572] ret_from_fork+0x22/0x40 <0>[12007.972591] Kernel Offset: 0xcc00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
Since sata_pmp_eh_recover_pmp() doens't set rc when ATA_DFLAG_DETACH is set, sata_pmp_eh_recover() continues to run. During retry it triggers the stack protector.
Set correct rc in sata_pmp_eh_recover_pmp() to let sata_pmp_eh_recover() jump to pmp_fail directly.
BugLink: https://bugs.launchpad.net/bugs/1821434 Cc: stable@vger.kernel.org Signed-off-by: Kai-Heng Feng kai.heng.feng@canonical.com --- drivers/ata/libata-pmp.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/drivers/ata/libata-pmp.c b/drivers/ata/libata-pmp.c index 2ae1799f4992..51eeaea65833 100644 --- a/drivers/ata/libata-pmp.c +++ b/drivers/ata/libata-pmp.c @@ -764,6 +764,7 @@ static int sata_pmp_eh_recover_pmp(struct ata_port *ap,
if (dev->flags & ATA_DFLAG_DETACH) { detach = 1; + rc = -ENODEV; goto fail; }
Hi Jens,
On Mar 27, 2019, at 17:02, Kai-Heng Feng kai.heng.feng@canonical.com wrote:
During system resume from suspend, this can be observed on ASM1062 PMP controller: <6>[12007.593358] ata10.01: SATA link down (SStatus 0 SControl 330) <6>[12007.593469] ata10.02: hard resetting link <6>[12007.908353] ata10.02: SATA link down (SStatus 0 SControl 330) <6>[12007.911149] ata10.00: configured for UDMA/133 <0>[12007.972508] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: sata_pmp_eh_recover+0xa2b/0xa40 <0>[12007.972508] <4>[12007.972515] CPU: 2 PID: 230 Comm: scsi_eh_9 Tainted: P OE 4.15.0-46-generic #49-Ubuntu <4>[12007.972517] Hardware name: System manufacturer System Product Name/A320M-C, BIOS 1001 12/10/2017 <4>[12007.972518] Call Trace: <4>[12007.972525] dump_stack+0x63/0x8b <4>[12007.972530] panic+0xe4/0x244 <4>[12007.972533] ? sata_pmp_eh_recover+0xa2b/0xa40 <4>[12007.972536] __stack_chk_fail+0x19/0x20 <4>[12007.972538] sata_pmp_eh_recover+0xa2b/0xa40 <4>[12007.972543] ? ahci_do_softreset+0x260/0x260 [libahci] <4>[12007.972545] ? ahci_do_hardreset+0x140/0x140 [libahci] <4>[12007.972547] ? ata_phys_link_offline+0x60/0x60 <4>[12007.972549] ? ahci_stop_engine+0xc0/0xc0 [libahci] <4>[12007.972552] sata_pmp_error_handler+0x22/0x30 <4>[12007.972554] ahci_error_handler+0x45/0x80 [libahci] <4>[12007.972556] ata_scsi_port_error_handler+0x29b/0x770 <4>[12007.972558] ? ata_scsi_cmd_error_handler+0x101/0x140 <4>[12007.972559] ata_scsi_error+0x95/0xd0 <4>[12007.972562] ? scsi_try_target_reset+0x90/0x90 <4>[12007.972563] scsi_error_handler+0xd0/0x5b0 <4>[12007.972566] kthread+0x121/0x140 <4>[12007.972567] ? scsi_eh_get_sense+0x200/0x200 <4>[12007.972569] ? kthread_create_worker_on_cpu+0x70/0x70 <4>[12007.972572] ret_from_fork+0x22/0x40 <0>[12007.972591] Kernel Offset: 0xcc00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
Since sata_pmp_eh_recover_pmp() doens't set rc when ATA_DFLAG_DETACH is set, sata_pmp_eh_recover() continues to run. During retry it triggers the stack protector.
Set correct rc in sata_pmp_eh_recover_pmp() to let sata_pmp_eh_recover() jump to pmp_fail directly.
BugLink: https://bugs.launchpad.net/bugs/1821434 Cc: stable@vger.kernel.org Signed-off-by: Kai-Heng Feng kai.heng.feng@canonical.com
Any suggestion for this patch?
Kai-Heng
drivers/ata/libata-pmp.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/drivers/ata/libata-pmp.c b/drivers/ata/libata-pmp.c index 2ae1799f4992..51eeaea65833 100644 --- a/drivers/ata/libata-pmp.c +++ b/drivers/ata/libata-pmp.c @@ -764,6 +764,7 @@ static int sata_pmp_eh_recover_pmp(struct ata_port *ap,
if (dev->flags & ATA_DFLAG_DETACH) { detach = 1;
rc = -ENODEV;-- 2.17.1
Hello!
s/pwhen/when/ in the subject? Also, I don't think "rc" is needed there...
MBR, Sergei
On 3/27/19 2:02 AM, Kai-Heng Feng wrote:
During system resume from suspend, this can be observed on ASM1062 PMP controller: <6>[12007.593358] ata10.01: SATA link down (SStatus 0 SControl 330) <6>[12007.593469] ata10.02: hard resetting link <6>[12007.908353] ata10.02: SATA link down (SStatus 0 SControl 330) <6>[12007.911149] ata10.00: configured for UDMA/133 <0>[12007.972508] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: sata_pmp_eh_recover+0xa2b/0xa40 <0>[12007.972508] <4>[12007.972515] CPU: 2 PID: 230 Comm: scsi_eh_9 Tainted: P OE 4.15.0-46-generic #49-Ubuntu <4>[12007.972517] Hardware name: System manufacturer System Product Name/A320M-C, BIOS 1001 12/10/2017 <4>[12007.972518] Call Trace: <4>[12007.972525] dump_stack+0x63/0x8b <4>[12007.972530] panic+0xe4/0x244 <4>[12007.972533] ? sata_pmp_eh_recover+0xa2b/0xa40 <4>[12007.972536] __stack_chk_fail+0x19/0x20 <4>[12007.972538] sata_pmp_eh_recover+0xa2b/0xa40 <4>[12007.972543] ? ahci_do_softreset+0x260/0x260 [libahci] <4>[12007.972545] ? ahci_do_hardreset+0x140/0x140 [libahci] <4>[12007.972547] ? ata_phys_link_offline+0x60/0x60 <4>[12007.972549] ? ahci_stop_engine+0xc0/0xc0 [libahci] <4>[12007.972552] sata_pmp_error_handler+0x22/0x30 <4>[12007.972554] ahci_error_handler+0x45/0x80 [libahci] <4>[12007.972556] ata_scsi_port_error_handler+0x29b/0x770 <4>[12007.972558] ? ata_scsi_cmd_error_handler+0x101/0x140 <4>[12007.972559] ata_scsi_error+0x95/0xd0 <4>[12007.972562] ? scsi_try_target_reset+0x90/0x90 <4>[12007.972563] scsi_error_handler+0xd0/0x5b0 <4>[12007.972566] kthread+0x121/0x140 <4>[12007.972567] ? scsi_eh_get_sense+0x200/0x200 <4>[12007.972569] ? kthread_create_worker_on_cpu+0x70/0x70 <4>[12007.972572] ret_from_fork+0x22/0x40 <0>[12007.972591] Kernel Offset: 0xcc00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
Since sata_pmp_eh_recover_pmp() doens't set rc when ATA_DFLAG_DETACH is set, sata_pmp_eh_recover() continues to run. During retry it triggers the stack protector.
Set correct rc in sata_pmp_eh_recover_pmp() to let sata_pmp_eh_recover() jump to pmp_fail directly.
Applied, with the commit message and title fixed up a bit.
linux-stable-mirror@lists.linaro.org
-
Jens Axboe -
Kai-Heng Feng -
Sergei Shtylyov