From: Jens Axboe Date: Tue, 29 Jan 2008 18:46:02 +0000 (+0100) Subject: cciss: fix bug in overriding ->data_len before completion X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=e7d9dc9cfd9bcc9ca688fe7f94c0da7d0700bfe6;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git cciss: fix bug in overriding ->data_len before completion For BLOCK_PC requests, we need that length for completing the request. Andrew Vasquez reported the following oops Hitting a consistent BUG() with recent Linus' linux-2.6.git: [ 12.941428] ------------[ cut here ]------------ [ 12.944874] kernel BUG at drivers/block/cciss.c:1260! [ 12.944874] invalid opcode: 0000 [1] SMP [ 12.944874] CPU 0 [ 12.944874] Modules linked in: [ 12.944874] Pid: 0, comm: swapper Not tainted 2.6.24 #43 [ 12.944874] RIP: 0010:[] [] cciss_softirq_done+0xbc/0x1bf [ 12.944874] RSP: 0018:ffffffff8063aed0 EFLAGS: 00010202 [ 12.944874] RAX: 0000000000000001 RBX: ffff8100cf800010 RCX: ffff81042f1253b0 [ 12.944874] RDX: ffff81042de398f0 RSI: ffff81042de398f0 RDI: 0000000000000001 [ 12.944874] RBP: ffff81042daa0000 R08: ffff81042f1253b0 R09: 0000000000000001 [ 12.944874] R10: 00000000000000fe R11: 0000000000000000 R12: 0000000000000002 [ 12.944874] R13: 0000000000000001 R14: ffff8100cf800000 R15: ffff81042de398f0 [ 12.944874] FS: 0000000000000000(0000) GS:ffffffff805bb000(0000) knlGS:0000000000000000 [ 12.944874] CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b [ 12.944874] CR2: 00002afed7eea340 CR3: 000000042dbba000 CR4: 00000000000006e0 [ 12.944874] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 12.944874] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 12.944874] Process swapper (pid: 0, threadinfo ffffffff805f4000, task ffffffff805624a0) [ 12.944874] Stack: 0000000000000000 ffffffff8063af10 0000000000000001 ffffffff80632d60 [ 12.944874] 0000000000000000 000000000000000a ffffffff805bb900 ffffffff8032038f [ 12.944874] ffffffff8063af10 ffffffff8063af10 ffffffff805bb940 ffffffff802346b4 [ 12.944874] Call Trace: [ 12.944874] [] blk_done_softirq+0x69/0x78 [ 12.944874] [] __do_softirq+0x6f/0xd8 [ 12.944874] [] call_softirq+0x1c/0x30 [ 12.944874] [] do_softirq+0x30/0x80 [ 12.944874] [] do_IRQ+0x72/0xd9 [ 12.944874] [] mwait_idle+0x0/0x46 [ 12.944874] [] default_idle+0x0/0x3d [ 12.944874] [] ret_from_intr+0x0/0xa [ 12.944874] [] mwait_idle+0x42/0x46 [ 12.944874] [] cpu_idle+0x6a/0xae [ 12.944874] [ 12.944874] [ 12.944874] Code: 0f 0b eb fe 48 8d 85 d8 c0 00 00 48 89 04 24 48 89 c7 e8 e5 [ 12.944874] RIP [] cciss_softirq_done+0xbc/0x1bf [ 12.944874] RSP [ 12.944903] ---[ end trace e9c631603f90d22f ]--- which is caused by blk_end_request() returning 'not done' for a request, since it gets asked to complete zero bytes. Signed-off-by: Jens Axboe --- diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c index ef50068def88..855ce8e5efba 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c @@ -2524,7 +2524,6 @@ after_error_processing: resend_cciss_cmd(h, cmd); return; } - cmd->rq->data_len = 0; cmd->rq->completion_data = cmd; blk_complete_request(cmd->rq); }