Problem with SPCC 256GB NVMe 1.3 drive - refcount_t: underflow; use-after-free.
Bradley Chapman
chapman6235 at comcast.net
Fri Jan 22 19:54:26 EST 2021
Hello sir!
I didn't check my e-mail until this evening, so I saw all four of your
e-mails at once. I ran the commands you specified based on the following
information from dmesg and lspci:
dmesg:
[ 1.633908] nvme nvme1: pci function 0000:04:00.0
lspci:
04:00.0 Non-Volatile memory controller: Device 1d97:2263 (rev 03)
$ cat /sys/bus/pci/devices/0000\:04\:00.0/device
0x2263
$ cat /sys/bus/pci/devices/0000\:04\:00.0/vendor
0x1d97
On 1/21/21 10:16 PM, Chaitanya Kulkarni wrote:
> On 1/21/21 6:57 PM, Chaitanya Kulkarni wrote:
>> Bradley,
>>
>> On 1/21/21 6:54 PM, Bradley Chapman wrote:
>>> I compiled the kernel from the above git tree, rebooted and attempted to
>>> mount the filesystem on the NVMe drive. This is what the kernel put into
>>> the dmesg when I attempted to list the contents of the filesystem root,
>>> create an inode for a zero-byte file and then unmount the filesystem.
>>>
>>> Brad
>> Did you get a chance to see my response to your previous email ?
>>
> You can try following patch with some modification :-
>
>>From e162a2e91e4895ceac6f80042a87c4ba6a4fbbf5 Mon Sep 17 00:00:00 2001
> From: Chaitanya Kulkarni <chaitanya.kulkarni at wdc.com>
> Date: Thu, 21 Jan 2021 19:05:13 -0800
> Subject: [PATCH] nvme-pci: add device quirk wip
>
> This is work in progress patch which is based on nvme-5.12
> HEAD : b116d37fc0f5 nvmet: add lba to sect conversion helpers
>
> Replace <YOUR DEVICE'S VENDOR ID> and <YOUR DEVICE's DEVICE ID> with
> actual values sysfs entries in patch below before you apply the patch :-
>
> cat /sys/bus/pci/devices/<your device id>/device
> cat /sys/bus/pci/devices/<your device id>/vendor
>
> This patch is not tested at all.
>
> Signed-off-by: Chaitanya Kulkarni <chaitanya.kulkarni at wdc.com>
> ---
> drivers/nvme/host/pci.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
> index 25456d02eddb..c5b43bcf57b0 100644
> --- a/drivers/nvme/host/pci.c
> +++ b/drivers/nvme/host/pci.c
> @@ -3228,6 +3228,8 @@ static const struct pci_device_id nvme_id_table[] = {
> .driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
> { PCI_DEVICE(0x15b7, 0x2001), /* Sandisk Skyhawk */
> .driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
> + { PCI_DEVICE(<YOUR DEVICE's VENDOR ID>, <YOUR DEVICE's DEVICE ID>),
> + .driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
> { PCI_DEVICE(PCI_VENDOR_ID_APPLE, 0x2001),
> .driver_data = NVME_QUIRK_SINGLE_VECTOR },
> { PCI_DEVICE(PCI_VENDOR_ID_APPLE, 0x2003) },
>
With the following patch applied to the NVMe tree, my system hard-locked
and would not respond to Alt+SysRQ once I mounted the filesystem and
attempted a directory listing of the root of the filesystem.
diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c
index 25456d02eddb..7ba5e8e92e19 100644
--- a/drivers/nvme/host/pci.c
+++ b/drivers/nvme/host/pci.c
@@ -3228,6 +3228,8 @@ static const struct pci_device_id nvme_id_table[] = {
.driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
{ PCI_DEVICE(0x15b7, 0x2001), /* Sandisk Skyhawk */
.driver_data = NVME_QUIRK_DISABLE_WRITE_ZEROES, },
+ { PCI_DEVICE(0x1d97, 0x2263), /* SPCC */
+ .driver_data = NVME_QUIRK_SINGLE_VECTOR },
{ PCI_DEVICE(PCI_VENDOR_ID_APPLE, 0x2001),
.driver_data = NVME_QUIRK_SINGLE_VECTOR },
{ PCI_DEVICE(PCI_VENDOR_ID_APPLE, 0x2003) },
I don't have a serial console, nor a serial port or other suitable
cabling to make one, so I have no console logs of what caused the hard
lockup, and the lack of response to Alt+SysRQ+S meant that I have no
written logs to share with you all. I'm a bit leery of hard-locking the
system multiple times to try to snipe the dmesg, since I don't want to
trash the other filesystems on this host. What else can I try before I
do that?
Brad
More information about the Linux-nvme
mailing list