From: Jens Axboe <axboe@suse.de>
To: Stuart_Hayes@Dell.com
Cc: linux-scsi@vger.kernel.org, Joshua_Giles@Dell.com
Subject: Re: ide-scsi oops with ide tape drive
Date: Wed, 9 Mar 2005 09:34:28 +0100 [thread overview]
Message-ID: <20050309083428.GE28855@suse.de> (raw)
In-Reply-To: <7A8F92187EF7A249BF847F1BF4903C04010EE993@ausx2kmpc103.aus.amer.dell.com>
On Tue, Mar 08 2005, Stuart_Hayes@Dell.com wrote:
>
> Hello!
>
> We're seeing a null pointer dereference with certain IDE tape drives on
> 2.6.11 when we use it with ide-scsi (i686 architecture). The problem is
> that the scatter-gather pages aren't mapped to kernel virtual address
> space in idescsi_output_buffers()/idescsi_input_buffers(), so, if these
> pages are in high memory, page_address() returns a null pointer.
>
> This patch fixes the problem. I'll attach it as a file, too, just in
> case it gets mangled. Please let me know if there are any problems with
> or questions regarding this patch.
>
> Again, this patch is against 2.6.11.
>
> Thanks!
> Stuart Hayes
> stuart_hayes@dell.com
>
>
>
> --- ide-scsi.c.orig 2005-03-08 13:44:38.000000000 -0500
> +++ ide-scsi.c 2005-03-08 14:02:43.000000000 -0500
> @@ -151,8 +151,9 @@ static void idescsi_input_buffers (ide_d
> return;
> }
> count = min(pc->sg->length - pc->b_count, bcount);
> - buf = page_address(pc->sg->page) + pc->sg->offset;
> + buf = kmap_atomic(pc->sg->page, KM_USER0) +
> pc->sg->offset;
> drive->hwif->atapi_input_bytes(drive, buf + pc->b_count,
> count);
> + kunmap_atomic(buf - pc->sg->offset, KM_USER0);
> bcount -= count; pc->b_count += count;
> if (pc->b_count == pc->sg->length) {
> pc->sg++;
You need a local_irq_save(flags); ... local_irq_restore(flags); around
the kmap(atomic), transfer, and kunmap_atomic() for this to be safe.
Interrupts may not be disabled at this point, depends on drive settings.
> @@ -173,8 +174,9 @@ static void idescsi_output_buffers (ide_
> return;
> }
> count = min(pc->sg->length - pc->b_count, bcount);
> - buf = page_address(pc->sg->page) + pc->sg->offset;
> + buf = kmap_atomic(pc->sg->page, KM_USER0) +
> pc->sg->offset;
> drive->hwif->atapi_output_bytes(drive, buf +
> pc->b_count, count);
> + kunmap_atomic(buf - pc->sg->offset, KM_USER0);
> bcount -= count; pc->b_count += count;
> if (pc->b_count == pc->sg->length) {
> pc->sg++;
Ditto.
--
Jens Axboe
next prev parent reply other threads:[~2005-03-09 8:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-08 20:52 ide-scsi oops with ide tape drive Stuart_Hayes
2005-03-09 8:34 ` Jens Axboe [this message]
-- strict thread matches above, loose matches on Subject: below --
2005-03-09 16:14 Stuart_Hayes
2005-03-09 17:18 Stuart_Hayes
2005-03-09 18:36 Stuart_Hayes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050309083428.GE28855@suse.de \
--to=axboe@suse.de \
--cc=Joshua_Giles@Dell.com \
--cc=Stuart_Hayes@Dell.com \
--cc=linux-scsi@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox