Bug 603118

Summary: bfa: oops when accessing statistics in sysfs
Product: Red Hat Enterprise Linux 5 Reporter: Bryn M. Reeves <bmr>
Component: kernelAssignee: Rob Evers <revers>
Status: CLOSED DUPLICATE QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: high Docs Contact:
Priority: high    
Version: 5.4CC: andriusb, huangj
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-06-14 03:59:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
patch from comment #0 re-diffed for rhel5 none

Description Bryn M. Reeves 2010-06-11 15:15:45 UTC 
Description of problem:
The RHEL5 bfa driver (v2.1.2.0) does not initialise the port data structure for fc_host statistics collection leading to an oops when something attempts to access the files under /sys/class/fc_host/host1/statistics/:

BUG: unable to handle kernel NULL pointer dereference at virtual address 00000000
printing eip:
f8a36535
*pde = 35f6f001
Oops: 0000 [#1]
SMP
last sysfs file: /class/fc_host/host1/statistics/dumped_frames
Modules linked in: autofs4 hidp nfs fscache nfs_acl rfcomm l2cap bluetooth lockd sunrpc ipv6 xfrm_nalgo crypto_api dm_mirror dm_multipath scsi_dh video backlight sbs power_meter hwmon i2c_ec dell_wmi wmi button battery asus_acpi ac parport_pc lp parport ide_cd i2c_i801 e1000e i2c_core i5000_edac cdrom edac_mc sg serio_raw pcspkr floppy dm_raid45 dm_message dm_region_hash dm_log dm_mod dm_mem_cache bfa scsi_transport_fc ata_piix libata megaraid_sas sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd
CPU:    5
EIP:    0060:[<f8a36535>]    Tainted: G      VLI
EFLAGS: 00010092   (2.6.18-194.el5PAE #1)
EIP is at bfa_ioc_is_operational+0x0/0xd [bfa]
eax: 00000000   ebx: f7a5c7c8   ecx: f8a32c53   edx: f7a5c7c8
esi: f8a32c53   edi: f7a5c868   ebp: f7a508a4   esp: f51e3ee8
ds: 007b   es: 007b   ss: 0068
Process cat (pid: 3850, ti=f51e3000 task=f6d61000 task.ti=f51e3000)
Stack: f8a427d6 00000002 00000000 00000286 f7a51130 f7a5c868 f7a50000 f8a360ea
      f51e3f18 f7a5c7c8 ffffffff c0695e80 000080d0 00000000 00000001 f51e3f24
      f51e3f24 cba14800 00000040 cb9f0000 f6cf7000 f89172db f6cf7000 cb9a9dac
Call Trace:
[<f8a427d6>] bfa_port_get_stats+0x15/0x1a8 [bfa]
[<f8a360ea>] bfad_im_get_stats+0x5d/0x8f [bfa]
[<f89172db>] fc_stat_show+0x70/0x9b [scsi_transport_fc]
[<c055e7a8>] class_device_attr_show+0x16/0x19
[<c04accc9>] sysfs_read_file+0x79/0x117
[<c0449c52>] audit_syscall_entry+0x15a/0x18c
[<c04acc50>] sysfs_read_file+0x0/0x117
[<c0474e94>] vfs_read+0x9f/0x141
[<c04752e2>] sys_read+0x3c/0x63
[<c0404f17>] syscall_call+0x7/0xb
=======================
Code: c1 e9 08 09 d8 09 c8 8b 4c 24 04 c1 ea 18 09 d0 8b 14 24 83 ff 0c 89 04 91 89 3c 24 75 bd 58 5a 5b 5e 5f 5d c3 a3 80 5b af f8 c3 <81> 38 84 7f a3 f8 0f 94 c0 0f b6 c0 c3 55 89 d5 57 31 ff 56 89
EIP: [<f8a36535>] bfa_ioc_is_operational+0x0/0xd [bfa] SS:ESP 0068:f51e3ee8

Version-Release number of selected component (if applicable):
2.6.18-194.el5

How reproducible:
100% on systems equipped with bfa adapters.

Steps to Reproduce:
1. Ensure bfa.ko is loaded
2. Identify an FC host that is using the bfa driver
3. For the host <N> identified in 2 run:
# cat /sys/class/fc_host/host<N>/statistics/dumped_frames
  
Actual results:
Oops.

Expected results:
Statistics output with no oops.

Additional info:
Fixed upstream in commit 7873ca4e4401f0ecd8868bf1543113467e6bae61:
commit 7873ca4e4401f0ecd8868bf1543113467e6bae61
Author: Krishna Gudipati <kgudipat>
Date:   Fri May 21 14:39:45 2010 -0700

    [SCSI] bfa: fix system crash when reading sysfs fc_host statistics
    
    The port data structure related to fc_host statistics collection is
    not initialized. This causes system crash when reading the fc_host
    statistics. The fix is to initialize port structure during driver
    attach.
    
    Signed-off-by: Krishna Gudipati <kgudipat>
    Signed-off-by: James Bottomley <James.Bottomley>
Comment 1 Bryn M. Reeves 2010-06-11 15:18:21 UTC 
Created attachment 423306 [details]
patch from comment #0 re-diffed for rhel5
Comment 3 Andrius Benokraitis 2010-06-14 03:59:27 UTC 

*** This bug has been marked as a duplicate of bug 570880 ***