From: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
To: Borislav Petkov <petkovbb@googlemail.com>
Cc: Rainer Weikusat <rweikusat@mssgmbh.com>,
linux-kernel@vger.kernel.org,
Linux IDE mailing list <linux-ide@vger.kernel.org>,
bruinjm@xs4all.nl
Subject: Re: [PATCH] ide-cd: prevent null pointer deref via cdrom_newpc_intr
Date: Sat, 20 Jun 2009 12:27:31 +0200 [thread overview]
Message-ID: <200906201227.36253.bzolnier@gmail.com> (raw)
In-Reply-To: <9ea470500906180906o2d558a90hbcba11874ff8917b@mail.gmail.com>
On Thursday 18 June 2009 18:06:34 Borislav Petkov wrote:
> Hi,
>
> On Thu, Jun 18, 2009 at 5:04 PM, Rainer Weikusat<rweikusat@mssgmbh.com> wrote:
> > From: Rainer Weikusat <rweikusat@mssgmbh.com>
> >
> > With 2.6.30, the error handling code in cdrom_newpc_intr was changed
> > to deal with partial request failures by normally completing the 'good'
> > parts of a request and only 'error' the last (and presumably,
> > incompletely transferred) bio associated with a particular
> > request. In order to do this, ide_complete_rq is called over
> > ide_cd_error_cmd() to partially complete the rq. The block layer
> > does partial completion only for requests with bio's and if the
> > rq doesn't have one (eg 'GPCMD_READ_DISC_INFO') the request is
> > completed as a whole and the drive->hwif->rq pointer set to NULL
> > afterwards. When calling ide_complete_rq again to report
> > the error, this null pointer is derefenced, resulting in a kernel
> > crash.
Rainer, thanks for fixing this bug (with a lot of extra points for
the detailed explanation).
> @Bart: please apply.
applied [I kept the above patch description]
prev parent reply other threads:[~2009-06-20 11:55 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-18 13:48 [PATCH] ide-cd: prevent null pointer deref via cdrom_newpc_intr Rainer Weikusat
2009-06-18 14:39 ` Borislav Petkov
2009-06-18 14:52 ` Rainer Weikusat
2009-06-18 15:43 ` Borislav Petkov
2009-06-18 16:18 ` Rainer Weikusat
2009-06-18 17:07 ` Borislav Petkov
2009-06-18 18:25 ` Rainer Weikusat
2009-06-18 18:25 ` Rainer Weikusat
2009-06-19 8:54 ` Borislav Petkov
2009-06-19 8:54 ` Borislav Petkov
2009-06-18 15:04 ` Rainer Weikusat
2009-06-18 16:06 ` Borislav Petkov
2009-06-20 10:27 ` Bartlomiej Zolnierkiewicz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200906201227.36253.bzolnier@gmail.com \
--to=bzolnier@gmail.com \
--cc=bruinjm@xs4all.nl \
--cc=linux-ide@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=petkovbb@googlemail.com \
--cc=rweikusat@mssgmbh.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.