Bug 243834 - diskdump to cciss fails due to off-by-one size calculation
diskdump to cciss fails due to off-by-one size calculation
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
4.5
All Linux
urgent Severity high
: ---
: ---
Assigned To: Bryn M. Reeves
Martin Jenner
: Regression
: 243755 (view as bug list)
Depends On: 245197
Blocks: 243902 245198
  Show dependency treegraph
 
Reported: 2007-06-12 06:03 EDT by Bryn M. Reeves
Modified: 2010-10-22 11:36 EDT (History)
5 users (show)

See Also:
Fixed In Version: RHBA-2007-0791
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-15 11:28:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch correcting size calculation in cciss_diskdump.c (719 bytes, patch)
2007-06-12 06:03 EDT, Bryn M. Reeves
no flags Details | Diff

  None (edit)
Description Bryn M. Reeves 2007-06-12 06:03:35 EDT
Description of problem:
The cciss diskdump code performs a sanity check before going ahead with a dump.

This reads the capacity of the device and compares it to the stored nr_blocks
value. If there is a mismatch the dump aborts.

The code that calculates the size from the return value was changed between
RHEL4U4 and RHEL4.5 and this introduced an off by one error:

                if (return_code == IO_OK) {
                        if (hba[ctlr]->cciss_read == CCISS_READ_10) {
                                total_size = be32_to_cpu(*(__u32 *)
size_buff->total_size)+1;
                                block_size = be32_to_cpu(*(__u32 *)
size_buff->block_size)+1;
                        } else {
                                total_size = be64_to_cpu(*(__u64 *)
size_buff_16->total_size);
                                block_size = be32_to_cpu(*(__u32 *)
size_buff_16->block_size);
                        }
                        total_size++;   /* command returns highest */
                                        /* block address */

Since the CCISS_READ_CAPACITY command returns the highest block address we need
to increment the returned value by one. In the 4U4 CCISS driver this only
happened a single time but the revised code in 4.5 duplicates this; either the
"+1"s or the total_size++ are unnecessary and cause an incorrect calculation of
the device size.

Version-Release number of selected component (if applicable):
kernel-2.6.9-55.EL

How reproducible:
100%

Steps to Reproduce:
1. Configure a CCISS device as a diskdump partition.
2. Attempt a dump via sysrq-c

  
Actual results:
 <3>cciss:  blocks read do not match stored value
 <3>cciss:  blocks read do not match stored value
 <3>disk_dump: No more dump device found
 <6>disk_dump: diskdump failed, fall back to trying netdump

Expected results:
Successfull diskdump to CCISS devices.

Additional info:
Comment 1 Bryn M. Reeves 2007-06-12 06:03:47 EDT
Created attachment 156782 [details]
patch correcting size calculation in cciss_diskdump.c
Comment 3 RHEL Product and Program Management 2007-06-12 06:06:25 EDT
This bugzilla has Keywords: Regression.  

Since no regressions are allowed between releases, 
it is also being proposed as a blocker for this release.  

Please resolve ASAP.
Comment 5 Bryn M. Reeves 2007-06-12 06:25:18 EDT
Patch posted to RHKL.
Comment 6 Bryn M. Reeves 2007-06-12 06:27:00 EDT
Comment #0 has a c'n'p error. The 2nd stray +1 is for the 2nd total_size
calculation, not the block_size calculation:

                if (return_code == IO_OK) {
                        if (hba[ctlr]->cciss_read == CCISS_READ_10) {
                                total_size = be32_to_cpu(*(__u32 *)
size_buff->total_size)+1;
                                block_size = be32_to_cpu(*(__u32 *)
size_buff->block_size);
                        } else {
                                total_size = be64_to_cpu(*(__u64 *)
size_buff_16->total_size)+1;
                                block_size = be32_to_cpu(*(__u32 *)
size_buff_16->block_size);
                        }
                        total_size++;   /* command returns highest */
                                        /* block address */
Comment 7 RHEL Product and Program Management 2007-06-12 06:31:42 EDT
This request was evaluated by Red Hat Kernel Team for inclusion in a Red
Hat Enterprise Linux maintenance release, and has moved to bugzilla 
status POST.
Comment 11 Jason Baron 2007-06-14 16:14:41 EDT
committed in stream U6 build 55.8. A test kernel with this patch is available
from http://people.redhat.com/~jbaron/rhel4/
Comment 14 Issue Tracker 2007-06-29 09:50:18 EDT
Customer is using the errata kernel I am closing the issue. Thanks Bryn!

Internal Status set to 'Resolved'
Status set to: Closed by Client
Resolution set to: 'Security Errata'

This event sent from IssueTracker by marco 
 issue 123120
Comment 15 Jason Baron 2007-06-29 11:36:35 EDT
*** Bug 243755 has been marked as a duplicate of this bug. ***
Comment 16 Issue Tracker 2007-07-02 23:43:44 EDT
Internal Status set to 'Resolved'
Status set to: Closed by Tech
Resolution set to: 'RHEL 4.6'

This event sent from IssueTracker by tumeya 
 issue 123221
Comment 17 Issue Tracker 2007-07-11 04:33:02 EDT
Closing. 

Internal Status set to 'Resolved'
Status set to: Closed by Tech
Resolution set to: 'RHEL 4.6'

This event sent from IssueTracker by tumeya 
 issue 123221
Comment 26 errata-xmlrpc 2007-11-15 11:28:33 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0791.html

Note You need to log in before you can comment on or make changes to this bug.