Description of problem: When installing the dpt_i2o driver in U5, the following oops is seen: EIP is at vsnprintf [kernel] 0x2df (2.4.21-32.0.1.ELsmp/i686) eax: 0000003e ebx: 0000000a ecx: 0000003e edx: fffffffe esi: c0480f6b edi: 00000000 ebp: c048135f esp: f773fe0c ds: 0068 es: 0068 ss: 0068 Process modprobe (pid: 220, stackpage=f773f000) Stack: c0480f67 c048135f 00000003 00000000 0000000a ffffffff 00000000 00000002 ffffffff ffffffff f7f98540 00000046 c3988e47 f89572dd c01297ae c0480f60 00000400 f881b30e f773fe74 f7f98540 f7758400 c3988e47 f880f320 f881b301 Call Trace: [<f89572dd>] .rodata.str1.1 [dpt_i2o] 0x0 (0xf773fe40) [<c01297ae>] printk [kernel] 0x7e (0xf773fe44) [<f881b30e>] .rodata.str1.1 [scsi_mod] 0x2b6 (0xf773fe50) [<f880f320>] scsi_setup_host [scsi_mod] 0x40 (0xf773fe64) [<f881b301>] .rodata.str1.1 [scsi_mod] 0x2a9 (0xf773fe68) [<f8958540>] driver_template_dump [dpt_i2o] 0x0 (0xf773fe90) [<f89572e4>] .rodata.str1.1 [dpt_i2o] 0x7 (0xf773fe98) [<f8810c99>] scsi_register_Rsmp_4853a9b7 [scsi_mod] 0x299 (0xf773fe9c) [<f8958540>] driver_template_dump [dpt_i2o] 0x0 (0xf773febc) [<f89540df>] adpt_scsi_register [dpt_i2o] 0x1f (0xf773fec8) [<f8958540>] driver_template_dump [dpt_i2o] 0x0 (0xf773fecc) [<f89511ec>] adpt_detect [dpt_i2o] 0x15c (0xf773fed8) [<f8958540>] driver_template_dump [dpt_i2o] 0x0 (0xf773fee0) [<f8958540>] driver_template_dump [dpt_i2o] 0x0 (0xf773feec) [<f880f5a1>] scsi_register_host [scsi_mod] 0x61 (0xf773fef0) [<f8958540>] driver_template_dump [dpt_i2o] 0x0 (0xf773fef4) [<f8955e41>] init_this_scsi_driver [dpt_i2o] 0x21 (0xf773ff00) [<f8958540>] driver_template_dump [dpt_i2o] 0x0 (0xf773ff04) [<f8958540>] driver_template_dump [dpt_i2o] 0x0 (0xf773ff08) [<c012aeb6>] sys_init_module [kernel] 0x5b6 (0xf773ff0c) [<f89577c4>] .kmodtab [dpt_i2o] 0x0 (0xf773ff20) [<f8951060>] adpt_read_blink_led [dpt_i2o] 0x0 (0xf773ff2c) [<f8957638>] __ksymtab [dpt_i2o] 0x0 (0xf773ff30) [<f8951060>] adpt_read_blink_led [dpt_i2o] 0x0 (0xf773ff58) Version-Release number of selected component (if applicable): U5 (2.4.21-32+) How reproducible: always Steps to Reproduce: 1.insmod dpt_i2o 2. 3. Actual results: kernel oops Expected results: successful instalation. Additional info: This problem stems from the fact that scsi_register calls scsi_setup_host, which in turn calls a scsi hosts info method to retrieve a meaningful string to print out during driver initalization as it finds HBAs. The problem is that the info method uses the passed in host data, which is only partially initalized at this point. This causes it to return uninitalized data to scsi_setup_host which it then dereferences. The data does not get fully initalized until after scsi_register completes, in adpt_scsi_register. This patch removes the adpt_info method from the driver template (as its just a vestige after driver initalization anyway), and assigns a static driver name to the template instead, preventing the oops. This patch has been tested by the reporting customer with successful results.
Created attachment 116428 [details] patch to correct dereferencing of uninitalized NULL data.
Created attachment 116517 [details] New version of patch, taking some suggestions from internal review into account.
A fix for this problem has just been committed to the RHEL3 U6 patch pool this evening (in kernel version 2.4.21-32.12.EL).
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-663.html