[PATCH] ibmphp : read the length of ebda and map entire ebda region

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] ibmphp : read the length of ebda and map entire ebda region
@ 2010-01-09 11:42 Chandru
  2010-01-09 18:23 ` Greg KH
  2010-01-13  1:26 ` Andrew Morton
  0 siblings, 2 replies; 5+ messages in thread
From: Chandru @ 2010-01-09 11:42 UTC (permalink / raw)
  To: linux-kernel; +Cc: gregkh, Andrew Morton

ibmphp driver currently maps only 1KB of ebda memory area into kernel address 
space during driver initialization. This causes kernel oops when the driver is 
modprobe'd and it accesses memory area beyond 1KB within ebda segment. The first 
byte of ebda segment actually stores the length of the ebda region in 
Kilobytes. Hence make use of the length parameter and map the entire ebda 
region.


Signed-off-by: Chandru Siddalingappa <chandru@linux.vnet.ibm.com>
---

 drivers/pci/hotplug/ibmphp_ebda.c |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

--- linux-2.6.33-rc2/drivers/pci/hotplug/ibmphp_ebda.c.orig	2010-01-09 
15:23:54.000000000 +0530
+++ linux-2.6.33-rc2/drivers/pci/hotplug/ibmphp_ebda.c	2010-01-09 
17:01:06.000000000 +0530
@@ -245,7 +245,7 @@ static void __init print_ebda_hpc (void)
 
 int __init ibmphp_access_ebda (void)
 {
-	u8 format, num_ctlrs, rio_complete, hs_complete;
+	u8 format, num_ctlrs, rio_complete, hs_complete, ebda_sz;
 	u16 ebda_seg, num_entries, next_offset, offset, blk_id, sub_addr, re, rc_id, 
re_id, base;
 	int rc = 0;
 
@@ -260,7 +260,14 @@ int __init ibmphp_access_ebda (void)
 	iounmap (io_mem);
 	debug ("returned ebda segment: %x\n", ebda_seg);
 	
-	io_mem = ioremap(ebda_seg<<4, 1024);
+	io_mem = ioremap(ebda_seg<<4, 1);
+	ebda_sz = readb(io_mem);
+	iounmap(io_mem);
+	debug("ebda size: %d(KiB)\n", ebda_sz);
+	if (ebda_sz == 0)
+		return -ENOMEM;
+
+	io_mem = ioremap(ebda_seg<<4, (ebda_sz * 1024));
 	if (!io_mem )
 		return -ENOMEM;
 	next_offset = 0x180;



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] ibmphp : read the length of ebda and map entire ebda region
  2010-01-09 11:42 [PATCH] ibmphp : read the length of ebda and map entire ebda region Chandru
@ 2010-01-09 18:23 ` Greg KH
  2010-01-13 11:26   ` Chandru
  2010-01-13  1:26 ` Andrew Morton
  1 sibling, 1 reply; 5+ messages in thread
From: Greg KH @ 2010-01-09 18:23 UTC (permalink / raw)
  To: Chandru; +Cc: linux-kernel, Andrew Morton

On Sat, Jan 09, 2010 at 05:12:25PM +0530, Chandru wrote:
> ibmphp driver currently maps only 1KB of ebda memory area into kernel address 
> space during driver initialization. This causes kernel oops when the driver is 
> modprobe'd and it accesses memory area beyond 1KB within ebda segment. The first 
> byte of ebda segment actually stores the length of the ebda region in 
> Kilobytes. Hence make use of the length parameter and map the entire ebda 
> region.
> 
> 
> Signed-off-by: Chandru Siddalingappa <chandru@linux.vnet.ibm.com>
> ---
> 
>  drivers/pci/hotplug/ibmphp_ebda.c |   11 +++++++++--

Please use the scripts/get_maintainer.pl script to get the proper person
and mailing list to send this patch to (hint, it's not me.)

thanks,

greg k-h

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] ibmphp : read the length of ebda and map entire ebda region
  2010-01-09 11:42 [PATCH] ibmphp : read the length of ebda and map entire ebda region Chandru
  2010-01-09 18:23 ` Greg KH
@ 2010-01-13  1:26 ` Andrew Morton
  2010-01-13 10:52   ` Chandru
  1 sibling, 1 reply; 5+ messages in thread
From: Andrew Morton @ 2010-01-13  1:26 UTC (permalink / raw)
  To: Chandru; +Cc: linux-kernel, gregkh, linux-pci, Jesse Barnes, stable

On Sat, 9 Jan 2010 17:12:25 +0530
Chandru <chandru@in.ibm.com> wrote:

> ibmphp driver currently maps only 1KB of ebda memory area into kernel address 
> space during driver initialization. This causes kernel oops when the driver is 
> modprobe'd and it accesses memory area beyond 1KB within ebda segment. The first 
> byte of ebda segment actually stores the length of the ebda region in 
> Kilobytes. Hence make use of the length parameter and map the entire ebda 
> region.
> 
> 
> Signed-off-by: Chandru Siddalingappa <chandru@linux.vnet.ibm.com>
> ---
> 
>  drivers/pci/hotplug/ibmphp_ebda.c |   11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> --- linux-2.6.33-rc2/drivers/pci/hotplug/ibmphp_ebda.c.orig	2010-01-09 
> 15:23:54.000000000 +0530
> +++ linux-2.6.33-rc2/drivers/pci/hotplug/ibmphp_ebda.c	2010-01-09 
> 17:01:06.000000000 +0530
> @@ -245,7 +245,7 @@ static void __init print_ebda_hpc (void)
>  
>  int __init ibmphp_access_ebda (void)
>  {
> -	u8 format, num_ctlrs, rio_complete, hs_complete;
> +	u8 format, num_ctlrs, rio_complete, hs_complete, ebda_sz;
>  	u16 ebda_seg, num_entries, next_offset, offset, blk_id, sub_addr, re, rc_id, 
> re_id, base;

Your email client is performing wordwrapping on the patches.

>  	int rc = 0;
>  
> @@ -260,7 +260,14 @@ int __init ibmphp_access_ebda (void)
>  	iounmap (io_mem);
>  	debug ("returned ebda segment: %x\n", ebda_seg);
>  	
> -	io_mem = ioremap(ebda_seg<<4, 1024);
> +	io_mem = ioremap(ebda_seg<<4, 1);
> +	ebda_sz = readb(io_mem);
> +	iounmap(io_mem);

All the other ioremap() calls are checked for failure, so this one
should also be checked, no?

--- a/drivers/pci/hotplug/ibmphp_ebda.c~ibmphp-read-the-length-of-ebda-and-map-entire-ebda-region-fix
+++ a/drivers/pci/hotplug/ibmphp_ebda.c
@@ -261,6 +261,8 @@ int __init ibmphp_access_ebda (void)
 	debug ("returned ebda segment: %x\n", ebda_seg);
 	
 	io_mem = ioremap(ebda_seg<<4, 1);
+	if (!io_mem)
+		return -ENOMEM;
 	ebda_sz = readb(io_mem);
 	iounmap(io_mem);
 	debug("ebda size: %d(KiB)\n", ebda_sz);
_

> +	debug("ebda size: %d(KiB)\n", ebda_sz);
> +	if (ebda_sz == 0)
> +		return -ENOMEM;
> +
> +	io_mem = ioremap(ebda_seg<<4, (ebda_sz * 1024));

A kernel oops is somewhat serious.  Would I be correct in assuming that
this fix is needed in 2.6.32.x and perhaps earlier kernels?


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] ibmphp : read the length of ebda and map entire ebda region
  2010-01-13  1:26 ` Andrew Morton
@ 2010-01-13 10:52   ` Chandru
  0 siblings, 0 replies; 5+ messages in thread
From: Chandru @ 2010-01-13 10:52 UTC (permalink / raw)
  To: Andrew Morton; +Cc: linux-kernel, gregkh, linux-pci, Jesse Barnes, stable

On Wednesday 13 January 2010 06:56:40 Andrew Morton wrote:
> 
> Your email client is performing wordwrapping on the patches.

Sorry for this, I changed the word wrap settings of my client

> 
> All the other ioremap() calls are checked for failure, so this one
> should also be checked, no?

Yes, it needs to be checked. thanks for adding the additional check.

> 
> --- a/drivers/pci/hotplug/ibmphp_ebda.c~ibmphp-read-the-length-of-ebda-and-map-entire-ebda-region-fix
> +++ a/drivers/pci/hotplug/ibmphp_ebda.c
> @@ -261,6 +261,8 @@ int __init ibmphp_access_ebda (void)
>  	debug ("returned ebda segment: %x\n", ebda_seg);
>  	
>  	io_mem = ioremap(ebda_seg<<4, 1);
> +	if (!io_mem)
> +		return -ENOMEM;
>  	ebda_sz = readb(io_mem);
>  	iounmap(io_mem);
>  	debug("ebda size: %d(KiB)\n", ebda_sz);
> _
> 

> 
> A kernel oops is somewhat serious.  Would I be correct in assuming that
> this fix is needed in 2.6.32.x and perhaps earlier kernels?

Yes, I just checked with 2.6.30 kernel and the issue exists over there too. So it applies to all older kernels.

Thanks, 
Chandru



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] ibmphp : read the length of ebda and map entire ebda region
  2010-01-09 18:23 ` Greg KH
@ 2010-01-13 11:26   ` Chandru
  0 siblings, 0 replies; 5+ messages in thread
From: Chandru @ 2010-01-13 11:26 UTC (permalink / raw)
  To: Greg KH; +Cc: linux-kernel, Andrew Morton

On Saturday 09 January 2010 23:53:43 Greg KH wrote:
> >  drivers/pci/hotplug/ibmphp_ebda.c |   11 +++++++++--
> 
> Please use the scripts/get_maintainer.pl script to get the proper person
> and mailing list to send this patch to (hint, it's not me.)
> 
> thanks,
> 
> greg k-h

Thanks Greg, thanks for pointing. Your name showed up in the source file as 'send feedback to Greg KH' , so I cc'ed you on this. 

thanks,
Chandru


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2010-01-13 11:26 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-01-09 11:42 [PATCH] ibmphp : read the length of ebda and map entire ebda region Chandru
2010-01-09 18:23 ` Greg KH
2010-01-13 11:26   ` Chandru
2010-01-13  1:26 ` Andrew Morton
2010-01-13 10:52   ` Chandru

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox