Commit 41bb4c43 authored by Stuart Hayes's avatar Stuart Hayes Committed by Bartlomiej Zolnierkiewicz

[PATCH] ide-scsi: kmap scatter/gather before doing PIO

From: Stuart Hayes <Stuart_Hayes@dell.com>

The system can panic with a null pointer dereference using ide-scsi if
PIO is being done on scatter gather pages that are in high memory,
because page_address() returns 0.  We are actually seeing this using a
tape drive.  This patch will kmap_atomic() the pages before performing
PIO.
Signed-off-by: default avatarBartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl>
parent 8604affd
...@@ -179,8 +179,18 @@ static void idescsi_input_buffers (ide_drive_t *drive, idescsi_pc_t *pc, unsigne ...@@ -179,8 +179,18 @@ static void idescsi_input_buffers (ide_drive_t *drive, idescsi_pc_t *pc, unsigne
return; return;
} }
count = min(pc->sg->length - pc->b_count, bcount); count = min(pc->sg->length - pc->b_count, bcount);
if (PageHighMem(pc->sg->page)) {
unsigned long flags;
local_irq_save(flags);
buf = kmap_atomic(pc->sg->page, KM_IRQ0) + pc->sg->offset;
drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count);
kunmap_atomic(buf - pc->sg->offset, KM_IRQ0);
local_irq_restore(flags);
} else {
buf = page_address(pc->sg->page) + pc->sg->offset; buf = page_address(pc->sg->page) + pc->sg->offset;
drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count); drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count);
}
bcount -= count; pc->b_count += count; bcount -= count; pc->b_count += count;
if (pc->b_count == pc->sg->length) { if (pc->b_count == pc->sg->length) {
pc->sg++; pc->sg++;
...@@ -201,8 +211,18 @@ static void idescsi_output_buffers (ide_drive_t *drive, idescsi_pc_t *pc, unsign ...@@ -201,8 +211,18 @@ static void idescsi_output_buffers (ide_drive_t *drive, idescsi_pc_t *pc, unsign
return; return;
} }
count = min(pc->sg->length - pc->b_count, bcount); count = min(pc->sg->length - pc->b_count, bcount);
if (PageHighMem(pc->sg->page)) {
unsigned long flags;
local_irq_save(flags);
buf = kmap_atomic(pc->sg->page, KM_IRQ0) + pc->sg->offset;
drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count);
kunmap_atomic(buf - pc->sg->offset, KM_IRQ0);
local_irq_restore(flags);
} else {
buf = page_address(pc->sg->page) + pc->sg->offset; buf = page_address(pc->sg->page) + pc->sg->offset;
drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count); drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count);
}
bcount -= count; pc->b_count += count; bcount -= count; pc->b_count += count;
if (pc->b_count == pc->sg->length) { if (pc->b_count == pc->sg->length) {
pc->sg++; pc->sg++;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment