Bug 243834

Summary: diskdump to cciss fails due to off-by-one size calculation
Product: Red Hat Enterprise Linux 4 Reporter: Bryn M. Reeves <bmr>
Component: kernelAssignee: Bryn M. Reeves <bmr>
Status: CLOSED ERRATA QA Contact: Martin Jenner <mjenner>
Severity: high Docs Contact:
Priority: urgent    
Version: 4.5CC: chris.lober, djuran, jbaron, jplans, pstyles
Target Milestone: ---Keywords: Regression
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2007-0791 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-15 16:28:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 245197    
Bug Blocks: 243902, 245198    
Attachments:
Description Flags
patch correcting size calculation in cciss_diskdump.c none

Description Bryn M. Reeves 2007-06-12 10:03:35 UTC 
Description of problem:
The cciss diskdump code performs a sanity check before going ahead with a dump.

This reads the capacity of the device and compares it to the stored nr_blocks
value. If there is a mismatch the dump aborts.

The code that calculates the size from the return value was changed between
RHEL4U4 and RHEL4.5 and this introduced an off by one error:

                if (return_code == IO_OK) {
                        if (hba[ctlr]->cciss_read == CCISS_READ_10) {
                                total_size = be32_to_cpu(*(__u32 *)
size_buff->total_size)+1;
                                block_size = be32_to_cpu(*(__u32 *)
size_buff->block_size)+1;
                        } else {
                                total_size = be64_to_cpu(*(__u64 *)
size_buff_16->total_size);
                                block_size = be32_to_cpu(*(__u32 *)
size_buff_16->block_size);
                        }
                        total_size++;   /* command returns highest */
                                        /* block address */

Since the CCISS_READ_CAPACITY command returns the highest block address we need
to increment the returned value by one. In the 4U4 CCISS driver this only
happened a single time but the revised code in 4.5 duplicates this; either the
"+1"s or the total_size++ are unnecessary and cause an incorrect calculation of
the device size.

Version-Release number of selected component (if applicable):
kernel-2.6.9-55.EL

How reproducible:
100%

Steps to Reproduce:
1. Configure a CCISS device as a diskdump partition.
2. Attempt a dump via sysrq-c

  
Actual results:
 <3>cciss:  blocks read do not match stored value
 <3>cciss:  blocks read do not match stored value
 <3>disk_dump: No more dump device found
 <6>disk_dump: diskdump failed, fall back to trying netdump

Expected results:
Successfull diskdump to CCISS devices.

Additional info:
Comment 1 Bryn M. Reeves 2007-06-12 10:03:47 UTC 
Created attachment 156782 [details]
patch correcting size calculation in cciss_diskdump.c
Comment 3 RHEL Program Management 2007-06-12 10:06:25 UTC 
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being proposed as a blocker for this release.  

Please resolve ASAP.
Comment 5 Bryn M. Reeves 2007-06-12 10:25:18 UTC 
Patch posted to RHKL.
Comment 6 Bryn M. Reeves 2007-06-12 10:27:00 UTC 
Comment #0 has a c'n'p error. The 2nd stray +1 is for the 2nd total_size
calculation, not the block_size calculation:

                if (return_code == IO_OK) {
                        if (hba[ctlr]->cciss_read == CCISS_READ_10) {
                                total_size = be32_to_cpu(*(__u32 *)
size_buff->total_size)+1;
                                block_size = be32_to_cpu(*(__u32 *)
size_buff->block_size);
                        } else {
                                total_size = be64_to_cpu(*(__u64 *)
size_buff_16->total_size)+1;
                                block_size = be32_to_cpu(*(__u32 *)
size_buff_16->block_size);
                        }
                        total_size++;   /* command returns highest */
                                        /* block address */
Comment 7 RHEL Program Management 2007-06-12 10:31:42 UTC 
This request was evaluated by Red Hat Kernel Team for inclusion in a Red
Hat Enterprise Linux maintenance release, and has moved to bugzilla 
status POST.
Comment 11 Jason Baron 2007-06-14 20:14:41 UTC 
committed in stream U6 build 55.8. A test kernel with this patch is available
from http://people.redhat.com/~jbaron/rhel4/
Comment 14 Issue Tracker 2007-06-29 13:50:18 UTC 
Customer is using the errata kernel I am closing the issue. Thanks Bryn!

Internal Status set to 'Resolved'
Status set to: Closed by Client
Resolution set to: 'Security Errata'

This event sent from IssueTracker by marco 
 issue 123120
Comment 15 Jason Baron 2007-06-29 15:36:35 UTC 
*** Bug 243755 has been marked as a duplicate of this bug. ***
Comment 16 Issue Tracker 2007-07-03 03:43:44 UTC 
Internal Status set to 'Resolved'
Status set to: Closed by Tech
Resolution set to: 'RHEL 4.6'

This event sent from IssueTracker by tumeya 
 issue 123221
Comment 17 Issue Tracker 2007-07-11 08:33:02 UTC 
Closing. 

Internal Status set to 'Resolved'
Status set to: Closed by Tech
Resolution set to: 'RHEL 4.6'

This event sent from IssueTracker by tumeya 
 issue 123221
Comment 26 errata-xmlrpc 2007-11-15 16:28:33 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0791.html