From aa52aeea2725839bdd3dcce394486e9a043065e0 Mon Sep 17 00:00:00 2001 From: Asias He Date: Thu, 1 Aug 2013 11:07:18 +0930 Subject: virtio-scsi: Fix virtqueue affinity setup vscsi->num_queues counts the number of request virtqueue which does not include the control and event virtqueue. It is wrong to subtract VIRTIO_SCSI_VQ_BASE from vscsi->num_queues. This patch fixes the following panic. (qemu) device_del scsi0 BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 IP: [] __virtscsi_set_affinity+0x6f/0x120 PGD 0 Oops: 0000 [#1] SMP Modules linked in: CPU: 0 PID: 659 Comm: kworker/0:1 Not tainted 3.11.0-rc2+ #1172 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 Workqueue: kacpi_hotplug _handle_hotplug_event_func task: ffff88007bee1cc0 ti: ffff88007bfe4000 task.ti: ffff88007bfe4000 RIP: 0010:[] [] __virtscsi_set_affinity+0x6f/0x120 RSP: 0018:ffff88007bfe5a38 EFLAGS: 00010202 RAX: 0000000000000010 RBX: ffff880077fd0d28 RCX: 0000000000000050 RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000000 RBP: ffff88007bfe5a58 R08: ffff880077f6ff00 R09: 0000000000000001 R10: ffffffff8143e673 R11: 0000000000000001 R12: 0000000000000001 R13: ffff880077fd0800 R14: 0000000000000000 R15: ffff88007bf489b0 FS: 0000000000000000(0000) GS:ffff88007ea00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000020 CR3: 0000000079f8b000 CR4: 00000000000006f0 Stack: ffff880077fd0d28 0000000000000000 ffff880077fd0800 0000000000000008 ffff88007bfe5a78 ffffffff8179b37d ffff88007bccc800 ffff88007bccc800 ffff88007bfe5a98 ffffffff8179b3b6 ffff88007bccc800 ffff880077fd0d28 Call Trace: [] virtscsi_set_affinity+0x2d/0x40 [] virtscsi_remove_vqs+0x26/0x50 [] virtscsi_remove+0x82/0xa0 [] virtio_dev_remove+0x22/0x70 [] __device_release_driver+0x69/0xd0 [] device_release_driver+0x2d/0x40 [] bus_remove_device+0x116/0x150 [] device_del+0x126/0x1e0 [] device_unregister+0x16/0x30 [] unregister_virtio_device+0x19/0x30 [] virtio_pci_remove+0x36/0x80 [] pci_device_remove+0x37/0x70 [] __device_release_driver+0x69/0xd0 [] device_release_driver+0x2d/0x40 [] bus_remove_device+0x116/0x150 [] device_del+0x126/0x1e0 [] pci_stop_bus_device+0x9c/0xb0 [] pci_stop_and_remove_bus_device+0x16/0x30 [] acpiphp_disable_slot+0x8e/0x150 [] hotplug_event_func+0xba/0x1a0 [] ? acpi_os_release_object+0xe/0x12 [] _handle_hotplug_event_func+0x31/0x70 [] process_one_work+0x183/0x500 [] worker_thread+0x122/0x400 [] ? manage_workers+0x2d0/0x2d0 [] kthread+0xce/0xe0 [] ? kthread_freezable_should_stop+0x70/0x70 [] ret_from_fork+0x7c/0xb0 [] ? kthread_freezable_should_stop+0x70/0x70 Code: 01 00 00 00 74 59 45 31 e4 83 bb c8 01 00 00 02 74 46 66 2e 0f 1f 84 00 00 00 00 00 49 63 c4 48 c1 e0 04 48 8b bc 0 3 10 02 00 00 <48> 8b 47 20 48 8b 80 d0 01 00 00 48 8b 40 50 48 85 c0 74 07 be RIP [] __virtscsi_set_affinity+0x6f/0x120 RSP CR2: 0000000000000020 ---[ end trace 99679331a3775f48 ]--- CC: stable@vger.kernel.org Signed-off-by: Asias He Reviewed-by: Wanlong Gao Signed-off-by: Rusty Russell --- drivers/scsi/virtio_scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers') diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c index 2168258fb2c3..74b88efde6ad 100644 --- a/drivers/scsi/virtio_scsi.c +++ b/drivers/scsi/virtio_scsi.c @@ -751,7 +751,7 @@ static void __virtscsi_set_affinity(struct virtio_scsi *vscsi, bool affinity) vscsi->affinity_hint_set = true; } else { - for (i = 0; i < vscsi->num_queues - VIRTIO_SCSI_VQ_BASE; i++) + for (i = 0; i < vscsi->num_queues; i++) virtqueue_set_affinity(vscsi->req_vqs[i].vq, -1); vscsi->affinity_hint_set = false; -- cgit v1.2.3