From owner-svn-src-all@freebsd.org Tue Aug 27 20:23:57 2019 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 204EFDEB92; Tue, 27 Aug 2019 20:23:57 +0000 (UTC) (envelope-from scottl@samsco.org) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46J0hF02fnz4JDB; Tue, 27 Aug 2019 20:23:56 +0000 (UTC) (envelope-from scottl@samsco.org) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 28302220B8; Tue, 27 Aug 2019 16:23:56 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute6.internal (MEProxy); Tue, 27 Aug 2019 16:23:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsco.org; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm1; bh=x WwYn6YEZZ6gaNQ2dwJ23nHquINdR+zRTYu71NGz7Bw=; b=RSmd299KLBS4YaTSi 7AoPb9k1emk8F8FTXSgW/ZksjeXG1SpiggC/jtwPLdm9BecK0eLg+rh6XAGTtXd5 dXQvAzK8TOr709sguXr0z2FsJ51B7Yg76yMvUhL469MBGNNg6F2y/FQZl3qGdMvT AxCkR5hAj539/QbYUi1pcbgVuXozHYnf/TzpVIiWGKuRwGdWMxZiXR9jgN6J1RbA BDZCHviBeo82bgodmC+AQrlzq+vJN87qBDBG22Zvb9nDaUsJ97MV3Jh35DuD68rJ qNLGRbLmwntS4NZOyhbtHwRyAsqGP0WjNbLNuGQpKkaH7m09loRJskSuMNIKVNmD SRWQA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=xWwYn6YEZZ6gaNQ2dwJ23nHquINdR+zRTYu71NGz7 Bw=; b=GgYmu65bG2/RUT+STIfrm5uv/7oIf6sh87+ofvU42762qFdWe+tLf5R90 j4zSgV9bL6WNJj4evv1HlCZkrxB9eJlNN3u6ujIOsfCv7fu3Wg/BwwouMCoBazqV 7Z5f9eJO2CBwVG4WGTQ2rMbMxljNqPc4OMM/WzFaZ9c/jT6P3PNUs2uuIccAYoPl YCgtqwBUgIOwOiqPr1QtAg938ZQbLwQPcW5pjVKhgRkTlPW2zdoF1SxszEj8l1hF wSFrHfnFnZNJo+vI3yvJduBXfye6E20A8v04xp4n3HNlJxkvDofEUfMjJqgWj7Cy i0CESdW6iYk38crCE/qsorZushttw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrudehkedgleekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpegtggfuhfgjfffgkfhfvffosehtqh hmtdhhtdejnecuhfhrohhmpefutghothhtucfnohhnghcuoehstghothhtlhesshgrmhhs tghordhorhhgqeenucffohhmrghinhepfhhrvggvsghsugdrohhrghenucfkphepkedrge eirdekledrvddufeenucfrrghrrghmpehmrghilhhfrhhomhepshgtohhtthhlsehsrghm shgtohdrohhrghenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from [192.168.0.114] (unknown [8.46.89.213]) by mail.messagingengine.com (Postfix) with ESMTPA id 42706D60057; Tue, 27 Aug 2019 16:23:55 -0400 (EDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: Re: svn commit: r351550 - head/sys/cam/scsi From: Scott Long In-Reply-To: <201908271641.x7RGf6LC075849@repo.freebsd.org> Date: Tue, 27 Aug 2019 14:23:54 -0600 Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <99271565-F168-48C8-90E0-749417C7C974@samsco.org> References: <201908271641.x7RGf6LC075849@repo.freebsd.org> To: Alexander Motin X-Mailer: Apple Mail (2.3445.104.11) X-Rspamd-Queue-Id: 46J0hF02fnz4JDB X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-6.95 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.95)[-0.948,0] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Aug 2019 20:23:57 -0000 This is very concerning, and I wonder if it=E2=80=99s the cause of the = mystery use-after-free / double-complete that I=E2=80=99ve seen for = years and have never been able to catch. Can you say more about how you = found it? Scott > On Aug 27, 2019, at 10:41 AM, Alexander Motin wrote: >=20 > Author: mav > Date: Tue Aug 27 16:41:06 2019 > New Revision: 351550 > URL: https://svnweb.freebsd.org/changeset/base/351550 >=20 > Log: > Always check cam_periph_error() status for ERESTART. >=20 > Even if we do not expect retries, we better be sure, since otherwise = it > may result in use after free kernel panic. I've noticed that it = retries > SCSI_STATUS_BUSY even with SF_NO_RECOVERY | SF_NO_RETRY. >=20 > MFC after: 1 week > Sponsored by: iXsystems, Inc. >=20 > Modified: > head/sys/cam/scsi/scsi_xpt.c >=20 > Modified: head/sys/cam/scsi/scsi_xpt.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/sys/cam/scsi/scsi_xpt.c Tue Aug 27 15:42:08 2019 = (r351549) > +++ head/sys/cam/scsi/scsi_xpt.c Tue Aug 27 16:41:06 2019 = (r351550) > @@ -1684,8 +1684,9 @@ probe_device_check: > case PROBE_TUR_FOR_NEGOTIATION: > case PROBE_DV_EXIT: > if (cam_ccb_status(done_ccb) !=3D CAM_REQ_CMP) { > - cam_periph_error(done_ccb, 0, > - SF_NO_PRINT | SF_NO_RECOVERY | SF_NO_RETRY); > + if (cam_periph_error(done_ccb, 0, SF_NO_PRINT | > + SF_NO_RECOVERY | SF_NO_RETRY) =3D=3D = ERESTART) > + goto outr; > } > if ((done_ccb->ccb_h.status & CAM_DEV_QFRZN) !=3D 0) { > /* Don't wedge the queue */ > @@ -1735,8 +1736,9 @@ probe_device_check: > struct ccb_scsiio *csio; >=20 > if (cam_ccb_status(done_ccb) !=3D CAM_REQ_CMP) { > - cam_periph_error(done_ccb, 0, > - SF_NO_PRINT | SF_NO_RECOVERY | SF_NO_RETRY); > + if (cam_periph_error(done_ccb, 0, SF_NO_PRINT | > + SF_NO_RECOVERY | SF_NO_RETRY) =3D=3D = ERESTART) > + goto outr; > } > if ((done_ccb->ccb_h.status & CAM_DEV_QFRZN) !=3D 0) { > /* Don't wedge the queue */ >=20