Bug 243834 - diskdump to cciss fails due to off-by-one size calculation
Summary: diskdump to cciss fails due to off-by-one size calculation
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel
Version: 4.5
Hardware: All
OS: Linux
urgent
high
Target Milestone: ---
: ---
Assignee: Bryn M. Reeves
QA Contact: Martin Jenner
URL:
Whiteboard:
Keywords: Regression
: 243755 (view as bug list)
Depends On: 245197
Blocks: 243902 245198
TreeView+ depends on / blocked
 
Reported: 2007-06-12 10:03 UTC by Bryn M. Reeves
Modified: 2018-10-19 23:27 UTC (History)
5 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2007-11-15 16:28:33 UTC


Attachments (Terms of Use)
patch correcting size calculation in cciss_diskdump.c (719 bytes, patch)
2007-06-12 10:03 UTC, Bryn M. Reeves
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:0791 normal SHIPPED_LIVE Updated kernel packages available for Red Hat Enterprise Linux 4 Update 6 2007-11-14 18:25:55 UTC

Description Bryn M. Reeves 2007-06-12 10:03:35 UTC
Description of problem:
The cciss diskdump code performs a sanity check before going ahead with a dump.

This reads the capacity of the device and compares it to the stored nr_blocks
value. If there is a mismatch the dump aborts.

The code that calculates the size from the return value was changed between
RHEL4U4 and RHEL4.5 and this introduced an off by one error:

                if (return_code == IO_OK) {
                        if (hba[ctlr]->cciss_read == CCISS_READ_10) {
                                total_size = be32_to_cpu(*(__u32 *)
size_buff->total_size)+1;
                                block_size = be32_to_cpu(*(__u32 *)
size_buff->block_size)+1;
                        } else {
                                total_size = be64_to_cpu(*(__u64 *)
size_buff_16->total_size);
                                block_size = be32_to_cpu(*(__u32 *)
size_buff_16->block_size);
                        }
                        total_size++;   /* command returns highest */
                                        /* block address */

Since the CCISS_READ_CAPACITY command returns the highest block address we need
to increment the returned value by one. In the 4U4 CCISS driver this only
happened a single time but the revised code in 4.5 duplicates this; either the
"+1"s or the total_size++ are unnecessary and cause an incorrect calculation of
the device size.

Version-Release number of selected component (if applicable):
kernel-2.6.9-55.EL

How reproducible:
100%

Steps to Reproduce:
1. Configure a CCISS device as a diskdump partition.
2. Attempt a dump via sysrq-c

  
Actual results:
 <3>cciss:  blocks read do not match stored value
 <3>cciss:  blocks read do not match stored value
 <3>disk_dump: No more dump device found
 <6>disk_dump: diskdump failed, fall back to trying netdump

Expected results:
Successfull diskdump to CCISS devices.

Additional info:

Comment 1 Bryn M. Reeves 2007-06-12 10:03:47 UTC
Created attachment 156782 [details]
patch correcting size calculation in cciss_diskdump.c

Comment 3 RHEL Product and Program Management 2007-06-12 10:06:25 UTC
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being proposed as a blocker for this release.  

Please resolve ASAP.

Comment 5 Bryn M. Reeves 2007-06-12 10:25:18 UTC
Patch posted to RHKL.

Comment 6 Bryn M. Reeves 2007-06-12 10:27:00 UTC
Comment #0 has a c'n'p error. The 2nd stray +1 is for the 2nd total_size
calculation, not the block_size calculation:

                if (return_code == IO_OK) {
                        if (hba[ctlr]->cciss_read == CCISS_READ_10) {
                                total_size = be32_to_cpu(*(__u32 *)
size_buff->total_size)+1;
                                block_size = be32_to_cpu(*(__u32 *)
size_buff->block_size);
                        } else {
                                total_size = be64_to_cpu(*(__u64 *)
size_buff_16->total_size)+1;
                                block_size = be32_to_cpu(*(__u32 *)
size_buff_16->block_size);
                        }
                        total_size++;   /* command returns highest */
                                        /* block address */

Comment 7 RHEL Product and Program Management 2007-06-12 10:31:42 UTC
This request was evaluated by Red Hat Kernel Team for inclusion in a Red
Hat Enterprise Linux maintenance release, and has moved to bugzilla 
status POST.

Comment 11 Jason Baron 2007-06-14 20:14:41 UTC
committed in stream U6 build 55.8. A test kernel with this patch is available
from http://people.redhat.com/~jbaron/rhel4/


Comment 14 Issue Tracker 2007-06-29 13:50:18 UTC
Customer is using the errata kernel I am closing the issue. Thanks Bryn!

Internal Status set to 'Resolved'
Status set to: Closed by Client
Resolution set to: 'Security Errata'

This event sent from IssueTracker by marco 
 issue 123120

Comment 15 Jason Baron 2007-06-29 15:36:35 UTC
*** Bug 243755 has been marked as a duplicate of this bug. ***

Comment 16 Issue Tracker 2007-07-03 03:43:44 UTC
Internal Status set to 'Resolved'
Status set to: Closed by Tech
Resolution set to: 'RHEL 4.6'

This event sent from IssueTracker by tumeya 
 issue 123221

Comment 17 Issue Tracker 2007-07-11 08:33:02 UTC
Closing. 

Internal Status set to 'Resolved'
Status set to: Closed by Tech
Resolution set to: 'RHEL 4.6'

This event sent from IssueTracker by tumeya 
 issue 123221

Comment 26 errata-xmlrpc 2007-11-15 16:28:33 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0791.html



Note You need to log in before you can comment on or make changes to this bug.