Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755940AbbDIWcx (ORCPT ); Thu, 9 Apr 2015 18:32:53 -0400 Received: from ares41.inai.de ([46.4.122.207]:33484 "EHLO ares41.inai.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755478AbbDIWcv (ORCPT ); Thu, 9 Apr 2015 18:32:51 -0400 Date: Fri, 10 Apr 2015 00:32:50 +0200 (CEST) From: Jan Engelhardt To: Jens Axboe cc: Linus Torvalds , "Rafael J. Wysocki" , Linux Kernel Mailing List Subject: =?UTF-8?Q?Re=3A_NULL_deref_around_blkmq_in_v4=2E0-rc1=E2=80=93rc7?= In-Reply-To: <5526F25B.5010501@kernel.dk> Message-ID: References: <5526EE36.7050303@kernel.dk> <5526F25B.5010501@kernel.dk> User-Agent: Alpine 2.20 (LSU 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 989 Lines: 21 On Thursday 2015-04-09 23:42, Jens Axboe wrote: > >> So I don't actually expect my patch to really make any difference, >> although I do think that code should be looked at. > > Jan, is it always clearing in a page size? That seems odd, especially if we're > considering random gunk in memory. The particular memset in scsi_init_cmd_errh would only clear SCSI_SENSE_BUFFERSIZE. The problem really was that cmd->sense_buffer was nonsensical (I did a hexdump) and read 0x1000. In one instance, it even read 0x10000 because I used that value in an if clause preceding a printk statement I added. Together with __GFP_ZERO apparently fixing the issue for today, the noninitialized memory theory looks like the most applicable one to me currently. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/