The patch titled
ide: Fix crash on repeated reset
has been added to the -mm tree. Its filename is
ide-fix-crash-on-repeated-reset.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: ide: Fix crash on repeated reset
From: Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>
Michal Miroslaw reported a problem (bugzilla #7023) where a user initiated
reset while the IDE layer was already resetting the channel caused a crash,
and provided a rough fix.
This is a slightly cleaner version of the fix which tracks the reset state
and blocks further reset requests while a reset is in progress.
Note this is not a security issue - random end users can't access the
ioctl in question anyway.
Signed-off-by: Alan Cox <alan@xxxxxxxxxx>
Cc: Michal Miroslaw <mirq-linux@xxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
drivers/ide/ide-iops.c | 4 ++++
drivers/ide/ide.c | 5 +++++
include/linux/ide.h | 3 +++
3 files changed, 12 insertions(+)
diff -puN drivers/ide/ide-iops.c~ide-fix-crash-on-repeated-reset drivers/ide/ide-iops.c
--- a/drivers/ide/ide-iops.c~ide-fix-crash-on-repeated-reset
+++ a/drivers/ide/ide-iops.c
@@ -998,6 +998,7 @@ static ide_startstop_t atapi_reset_pollf
}
/* done polling */
hwgroup->polling = 0;
+ hwgroup->resetting = 0;
return ide_stopped;
}
@@ -1057,6 +1058,7 @@ static ide_startstop_t reset_pollfunc (i
}
}
hwgroup->polling = 0; /* done polling */
+ hwgroup->resetting = 0; /* done reset attempt */
return ide_stopped;
}
@@ -1143,6 +1145,7 @@ static ide_startstop_t do_reset1 (ide_dr
/* For an ATAPI device, first try an ATAPI SRST. */
if (drive->media != ide_disk && !do_not_try_atapi) {
+ hwgroup->resetting = 1;
pre_reset(drive);
SELECT_DRIVE(drive);
udelay (20);
@@ -1168,6 +1171,7 @@ static ide_startstop_t do_reset1 (ide_dr
return ide_stopped;
}
+ hwgroup->resetting = 1;
/*
* Note that we also set nIEN while resetting the device,
* to mask unwanted interrupts from the interface during the reset.
diff -puN drivers/ide/ide.c~ide-fix-crash-on-repeated-reset drivers/ide/ide.c
--- a/drivers/ide/ide.c~ide-fix-crash-on-repeated-reset
+++ a/drivers/ide/ide.c
@@ -1364,6 +1364,11 @@ int generic_ide_ioctl(ide_drive_t *drive
spin_lock_irqsave(&ide_lock, flags);
+ if (HWGROUP(drive)->resetting) {
+ spin_unlock_irqrestore(&ide_lock, flags);
+ return -EBUSY;
+ }
+
ide_abort(drive, "drive reset");
BUG_ON(HWGROUP(drive)->handler);
diff -puN include/linux/ide.h~ide-fix-crash-on-repeated-reset include/linux/ide.h
--- a/include/linux/ide.h~ide-fix-crash-on-repeated-reset
+++ a/include/linux/ide.h
@@ -825,6 +825,9 @@ typedef struct hwgroup_s {
unsigned int sleeping : 1;
/* BOOL: polling active & poll_timeout field valid */
unsigned int polling : 1;
+ /* BOOL: in a polling reset situation. Must not trigger another reset yet */
+ unsigned resetting : 1;
+
/* current drive */
ide_drive_t *drive;
/* ptr to current hwif in linked-list */
_
Patches currently in -mm which might be from alan@xxxxxxxxxxxxxxxxxxx are
git-libata-all.patch
libata-add-40pin-short-cable-support-honour-drive.patch
1-of-2-jmicron-driver.patch
1-of-2-jmicron-driver-fix.patch
2-of-2-jmicron-driver-plumbing-and-quirk.patch
non-libata-driver-for-jmicron-devices.patch
via-pata-controller-xfer-fixes.patch
via-pata-controller-xfer-fixes-fix.patch
megaraid-gcc-41-warning-fix.patch
voyager-tty-locking.patch
edac-new-opteron-athlon64-memory-controller-driver.patch
edac-new-opteron-athlon64-memory-controller-driver-tidy.patch
sanitize-3c589_cs.patch
make-prot_write-imply-prot_read.patch
remove-unused-tty_struct-variable.patch
there-is-no-devfs-there-has-never-been-a-devfs-we-have.patch
tty-locking-on-resize.patch
ahci-ati-sb600-sata-support-for-various-modes.patch
atiixp-ati-sb600-ide-support-for-various-modes.patch
dquot-add-proper-locking-when-using-current-signal-tty.patch
tty-trivial-kzalloc-opportunity.patch
tty-lock-ticogwinsz.patch
tty-stop-the-tty-vanishing-under-procfs-access.patch
exit-fix-crash-case.patch
tty-make-termios_sem-a-mutex.patch
tty-make-termios_sem-a-mutex-fix.patch
solaris-emulation-incorrect-tty-locking.patch
tty-fix-bits-and-note-more-bits-to-fix.patch
build-sound-sound_firmwarec-only-for-oss.patch
build-sound-sound_firmwarec-only-for-oss-doc.patch
generic_serial-remove-private-decoding-of-baud-rate-bits.patch
istallion-remove-private-baud-rate-decoding-which-is.patch
switch-mxser-and-moxa-from-hand-decoding-speeds.patch
specialix-remove-private-speed-decoding.patch
fix-locking-for-tty-drivers-when-doing-urgent-characters.patch
support-piping-into-commands-in-proc-sys-kernel-core_pattern.patch
support-piping-into-commands-in-proc-sys-kernel-core_pattern-fix-2.patch
ide-claim-extra-dma-ports-regardless-of-channel.patch
ide-always-release-dma-engine.patch
ide-error-handling-fixes.patch
ide-hpt3xxn-clocking-fixes.patch
ide-fix-hpt37x-timing-tables.patch
ide-optimize-hpt37x-timing-tables.patch
ide-fix-hpt3xx-hotswap-support.patch
ide-fix-the-case-of-multiple-hpt3xx-chips-present.patch
ide-hpt3xx-fix-pci-clock-detection.patch
ide-hpt3xx-fix-pci-clock-detection-fix-2.patch
piix-fix-82371mx-enablebits.patch
piix-remove-check-for-broken-mw-dma-mode-0.patch
piix-slc90e66-pio-mode-fallback-fix.patch
make-number-of-ide-interfaces-configurable.patch
ide_dma_speed-fixes.patch
hpt3xx-rework-rate-filtering.patch
hpt3xx-rework-rate-filtering-tidy.patch
hpt3xx-print-the-real-chip-name-at-startup.patch
hpt3xx-switch-to-using-pci_get_slot.patch
hpt3xx-cache-channels-mcr-address.patch
hpt3x7-merge-speedproc-handlers.patch
hpt370-clean-up-dma-timeout-handling.patch
enable-cdrom-dma-access-with-pdc20265_old.patch
ide-fix-revision-comparison-in-ide_in_drive_list.patch
ide-backport-piix-fixes-from-libata-into-the-legacy-driver.patch
hpt3xx-init-code-rewrite.patch
move-ide-to-unmaintained-drop-reference-to-old-git-tree.patch
drivers-ide-cleanups.patch
ide-remove-dma_base2-field-from-ide_hwif_t.patch
ide-reprogram-disk-pio-timings-on-resume.patch
config_pm=n-slim-drivers-ide-pci-sc1200c.patch
ide-fix-crash-on-repeated-reset.patch
sstfb-clean-ups.patch
pci_module_init-convertion-in-ata_genericc.patch
pci_module_init-convertion-in-ata_genericc-fix.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
