Repeatedly adding then removing the same NVMe-over-Fabrics controller
over and over again (shown below) can cause a kernel crash (also shown
below). This patch fixes that.
[nvmf]# ./setup_nvme_connections.sh
traddr=192.168.1.100,transport=rdma,trsvcid=4420,nqn=darkside
-nqn,hostnqn=evil-wins-nqn,nr_io_queues=16 > /dev/nvme-fabrics
traddr=192.168.1.100,transport=rdma,trsvcid=4420,nqn=lightside
-nqn,hostnqn=good-wins-nqn > /dev/nvme-fabrics
[nvmf]# ./remove_nvme_connections.sh 2
echo 1 > /sys/class/nvme/nvme0/delete_controller
echo 1 > /sys/class/nvme/nvme1/delete_controller
[nvmf]# ./setup_nvme_connections.sh
traddr=192.168.1.100,transport=rdma,trsvcid=4420,nqn=darkside
-nqn,hostnqn=evil-wins-nqn,nr_io_queues=16 > /dev/nvme-fabrics
Killed
[nvmf]# dmesg
[ 313.416908] nvme nvme0: creating 16 I/O queues.
[ 313.523908] nvme nvme0: new ctrl: NQN "darkside-nqn", addr
192.168.1.100:4420
[ 313.524857] BUG: unable to handle kernel NULL pointer dereference at
0000000000000010
[ 313.525262] IP: [<
ffffffff8136c60e>] strcmp+0xe/0x30
[ 313.525490] PGD 0
[ 313.525726] Oops: 0000 [#1] SMP
[ 313.525900] Modules linked in: nvme_rdma nvme_fabrics nvme_core
ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm mlx4_en
mlx4_ib ib_core mlx4_core
[ 313.527085] CPU: 15 PID: 5856 Comm: setup_nvme_conn Not tainted
4.7.0-rc2+ #2
[ 313.527259] Hardware name: Supermicro X9DRT-F/IBQF/IBFF/X9DRT
-F/IBQF/IBFF, BIOS 1.0a 10/09/2012
[ 313.527551] task:
ffff88027646cd40 ti:
ffff88025b980000 task.ti:
ffff88025b980000
[ 313.527879] RIP: 0010:[<
ffffffff8136c60e>] [<
ffffffff8136c60e>]
strcmp+0xe/0x30
[ 313.528232] RSP: 0018:
ffff88025b983db0 EFLAGS:
00010206
[ 313.528403] RAX:
0000000000000000 RBX:
ffff880471879880 RCX:
fffffffffffffff1
[ 313.528594] RDX:
0000000000000000 RSI:
ffff880474afa860 RDI:
0000000000000011
[ 313.528778] RBP:
ffff88025b983db0 R08:
ffff880474afa860 R09:
ffff880471879058
[ 313.528956] R10:
000000000000002c R11:
ffff88047f415000 R12:
ffff880471879800
[ 313.529129] R13:
ffff880471879000 R14:
ffff880474afa860 R15:
fffffffffffffff8
[ 313.529303] FS:
00007f778f510700(0000) GS:
ffff88047fbc0000(0000)
knlGS:
0000000000000000
[ 313.529629] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 313.529817] CR2:
0000000000000010 CR3:
0000000274174000 CR4:
00000000000406e0
[ 313.529989] Stack:
[ 313.530154]
ffff88025b983e48 ffffffffa0171c74 0000000000000001
0000000000000059
[ 313.530621]
ffff880476f32400 ffff88047e8add80 0000010074b33aa0
ffff880471879059
[ 313.531162]
ffff88047187904b ffff880471879058 0000000000000000
ffff88047736e000
[ 313.531629] Call Trace:
[ 313.531797] [<
ffffffffa0171c74>] nvmf_dev_write+0x674/0x840
[nvme_fabrics]
[ 313.531974] [<
ffffffff81180b53>] __vfs_write+0x23/0x120
[ 313.532146] [<
ffffffff8119daff>] ? __fd_install+0x1f/0xc0
[ 313.532316] [<
ffffffff8119d97a>] ? __alloc_fd+0x3a/0x170
[ 313.532487] [<
ffffffff811811f3>] vfs_write+0xb3/0x1b0
[ 313.532658] [<
ffffffff8117e321>] ? filp_close+0x51/0x70
[ 313.532845] [<
ffffffff811824e1>] SyS_write+0x41/0xa0
[ 313.533016] [<
ffffffff8183055b>]
entry_SYSCALL_64_fastpath+0x13/0x8f
[ 313.533188] Code: 80 3a 00 75 f7 48 83 c6 01 0f b6 4e ff 48 83 c2 01
84 c9 88 4a ff 75 ed 5d c3 0f 1f 00 55 48 89 e5 eb 04 84 c0 74 18 48 83
c7 01 <0f> b6 47 ff 48 83 c6 01 3a 46 ff 74 eb 19 c0 83 c8 01 5d c3 31
[ 313.536563] RIP [<
ffffffff8136c60e>] strcmp+0xe/0x30
[ 313.536815] RSP <
ffff88025b983db0>
[ 313.536981] CR2:
0000000000000010
[ 313.537151] ---[ end trace
3d952e590e7bc2d5 ]---
Reported-and-tested-by: Jay Freyensee <james.p.freyensee@intel.com>
Signed-off-by: Ming Lin <mlin@kernel.org>
Signed-off-by: Jay Freyensee <james.p.freyensee@intel.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
projects / platform / kernel / linux-rpi.git / commitdiff