[2883] in linux-scsi channel archive
Possible corruption of the sd_gendisk chain?
daemon@ATHENA.MIT.EDU (Henning P. Schmiedehausen)
Fri Nov 28 14:41:06 1997
To: linux-scsi@vger.rutgers.edu
Date: 28 Nov 1997 15:37:45 +0100
From: "Henning P. Schmiedehausen" <hps@tanstaafl.de>
Reply-To: hps@tanstaafl.de
Hi,
Raymund Will <ray@lst.de> pointed me to this one but I haven't seen
any report of it yet, so I'll write a short summary:
in drivers/scsi/sd.c, there is sd_finish() which, as one of the first
things, links the sd_gendisk structure into a linked list pointed to
by gendisk_head.
If you call this routine twice, then you'll get the following thing:
gendisk_head -> [ list ]
after first call:
gendisk_head -> sd_gendisk -> [list]
after second call:
gendisk_head -> sd_gendisk -> sd_gendisk -> sd_gendisk ...
If you add SCSI to the kernel, then device_setup() in drivers/block/genhd.c
calls the scsi_dev_init() function, which in turns calls the various
finish() routines:
for(sdtpnt = scsi_devicelist; sdtpnt; sdtpnt = sdtpnt->next) {
if(sdtpnt->finish && sdtpnt->nr_dev)
{(*sdtpnt->finish)();}
}
_BUT_ if you now have yet another scsi card as a module which is
loaded later, then at module insertion time there will be
scsi_register_host called in scsi_register_module which in turns will call
for(sdtpnt = scsi_devicelist; sdtpnt; sdtpnt = sdtpnt->next)
if(sdtpnt->finish && sdtpnt->nr_dev)
(*sdtpnt->finish)();
}
which calls itself the finish() routine in sd_gendisk again. Boom.
I'm not 100% sure about this as I did just a quick look over the scsi
stuff but Raymund told me, that you can see the corruption by doing
this sequence and then check /proc/mdstat (sp?) which in turn traces
the gendisk chain and hangs. So it seems to me that this bug is real
(and still in 2.0.32).
Kind regards
Henning Schmiedehausen
--
Dipl.-Inf. Henning P. Schmiedehausen -- priv: henning@forge.franken.de
TANSTAAFL! Consulting - Unix, Internet, Security ges: hps@tanstaafl.de
Westl. Stadtmauerstrasse 52 Tel.: 09131 / 81297-0 "There ain't no such
D-91054 Erlangen Fax.: 09131 / 81297-20 thing as a free lunch"
