commit b29900e6 introuded a regression, which resulted Null pointer
dereference for achi host with dummy ports. For ahci ports, when the
port is dummy port, its private_data will be NULL, as ata_dummy_port_ops
doesn't support ->port_start.
Reported-and-tested-by: Alex Williamson <[email protected]>
Signed-off-by: Xiaotian Feng <[email protected]>
Cc: Alexander Gordeev <[email protected]>
Cc: Tejun Heo <[email protected]>
Cc: [email protected]
Cc: [email protected]
---
drivers/ata/ahci.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
index 5064f3e..f1de689 100644
--- a/drivers/ata/ahci.c
+++ b/drivers/ata/ahci.c
@@ -1147,10 +1147,16 @@ int ahci_host_activate(struct ata_host *host, int irq, unsigned int n_msis)
for (i = 0; i < host->n_ports; i++) {
struct ahci_port_priv *pp = host->ports[i]->private_data;
+ const char *desc;
+ if (ata_port_is_dummy(host->ports[i]))
+ desc = dev_driver_string(host->dev);
+ else
+ desc = pp->irq_desc;
+
rc = devm_request_threaded_irq(host->dev,
irq + i, ahci_hw_interrupt, ahci_thread_fn, IRQF_SHARED,
- pp->irq_desc, host->ports[i]);
+ desc, host->ports[i]);
if (rc)
goto out_free_irqs;
}
--
1.7.9.6 (Apple Git-31.1)
Hello.
On 16-07-2013 9:18, Xiaotian Feng wrote:
> commit b29900e6 introuded a regression, which resulted Null pointer
Please also specify that commit's summary in parens.
> dereference for achi host with dummy ports. For ahci ports, when the
> port is dummy port, its private_data will be NULL, as ata_dummy_port_ops
> doesn't support ->port_start.
> Reported-and-tested-by: Alex Williamson <[email protected]>
> Signed-off-by: Xiaotian Feng <[email protected]>
> Cc: Alexander Gordeev <[email protected]>
> Cc: Tejun Heo <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
MBR, Sergei
commit b29900e6 (AHCI: Make distinct names for ports in /proc/interrupts)
introuded a regression, which resulted Null pointer dereference for achi
host with dummy ports. For ahci ports, when the port is dummy port, its
private_data will be NULL, as ata_dummy_port_ops doesn't support ->port_start.
Reported-and-tested-by: Alex Williamson <[email protected]>
Signed-off-by: Xiaotian Feng <[email protected]>
Cc: Alexander Gordeev <[email protected]>
Cc: Tejun Heo <[email protected]>
Cc: [email protected]
Cc: [email protected]
---
drivers/ata/ahci.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
index 5064f3e..f1de689 100644
--- a/drivers/ata/ahci.c
+++ b/drivers/ata/ahci.c
@@ -1147,10 +1147,16 @@ int ahci_host_activate(struct ata_host *host, int irq, unsigned int n_msis)
for (i = 0; i < host->n_ports; i++) {
struct ahci_port_priv *pp = host->ports[i]->private_data;
+ const char *desc;
+ if (ata_port_is_dummy(host->ports[i]))
+ desc = dev_driver_string(host->dev);
+ else
+ desc = pp->irq_desc;
+
rc = devm_request_threaded_irq(host->dev,
irq + i, ahci_hw_interrupt, ahci_thread_fn, IRQF_SHARED,
- pp->irq_desc, host->ports[i]);
+ desc, host->ports[i]);
if (rc)
goto out_free_irqs;
}
--
1.7.9.6 (Apple Git-31.1)
Hello, Xiaotian.
Thanks for the fix. A couple comments below.
On Wed, Jul 17, 2013 at 02:10:39PM +0800, Xiaotian Feng wrote:
> for (i = 0; i < host->n_ports; i++) {
> struct ahci_port_priv *pp = host->ports[i]->private_data;
> + const char *desc;
>
> + if (ata_port_is_dummy(host->ports[i]))
> + desc = dev_driver_string(host->dev);
> + else
> + desc = pp->irq_desc;
I think it'd be better to branch on pp. ie. do "if (pp) desc =
pp->... " instead and then add a comment saying "pp is NULL for
dummies".
Thanks!
--
tejun
On Tue, Jul 23, 2013 at 5:28 AM, Tejun Heo <[email protected]> wrote:
> Hello, Xiaotian.
>
> Thanks for the fix. A couple comments below.
>
> On Wed, Jul 17, 2013 at 02:10:39PM +0800, Xiaotian Feng wrote:
>> for (i = 0; i < host->n_ports; i++) {
>> struct ahci_port_priv *pp = host->ports[i]->private_data;
>> + const char *desc;
>>
>> + if (ata_port_is_dummy(host->ports[i]))
>> + desc = dev_driver_string(host->dev);
>> + else
>> + desc = pp->irq_desc;
>
> I think it'd be better to branch on pp. ie. do "if (pp) desc =
> pp->... " instead and then add a comment saying "pp is NULL for
> dummies".
>
Okay, I'll update v2 patch, thanks :)
> Thanks!
>
> --
> tejun
commit b29900e6 (AHCI: Make distinct names for ports in /proc/interrupts)
introuded a regression, which resulted Null pointer dereference for achi
host with dummy ports. For ahci ports, when the port is dummy port, its
private_data will be NULL, as ata_dummy_port_ops doesn't support ->port_start.
changes in v2: use pp to check dummy ports, update comments
Reported-and-tested-by: Alex Williamson <[email protected]>
Signed-off-by: Xiaotian Feng <[email protected]>
Cc: Alexander Gordeev <[email protected]>
Cc: Tejun Heo <[email protected]>
Cc: [email protected]
Cc: [email protected]
---
drivers/ata/ahci.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
index 5064f3e..db4380d 100644
--- a/drivers/ata/ahci.c
+++ b/drivers/ata/ahci.c
@@ -1146,11 +1146,18 @@ int ahci_host_activate(struct ata_host *host, int irq, unsigned int n_msis)
return rc;
for (i = 0; i < host->n_ports; i++) {
+ const char* desc;
struct ahci_port_priv *pp = host->ports[i]->private_data;
+ /* pp is NULL for dummy ports */
+ if (pp)
+ desc = pp->irq_desc;
+ else
+ desc = dev_driver_string(host->dev);
+
rc = devm_request_threaded_irq(host->dev,
irq + i, ahci_hw_interrupt, ahci_thread_fn, IRQF_SHARED,
- pp->irq_desc, host->ports[i]);
+ desc, host->ports[i]);
if (rc)
goto out_free_irqs;
}
--
1.7.9.6 (Apple Git-31.1)
On Tue, Jul 23, 2013 at 11:54:10AM +0800, Xiaotian Feng wrote:
> commit b29900e6 (AHCI: Make distinct names for ports in /proc/interrupts)
> introuded a regression, which resulted Null pointer dereference for achi
> host with dummy ports. For ahci ports, when the port is dummy port, its
> private_data will be NULL, as ata_dummy_port_ops doesn't support ->port_start.
>
> changes in v2: use pp to check dummy ports, update comments
>
> Reported-and-tested-by: Alex Williamson <[email protected]>
> Signed-off-by: Xiaotian Feng <[email protected]>
> Cc: Alexander Gordeev <[email protected]>
> Cc: Tejun Heo <[email protected]>
> Cc: [email protected]
> Cc: [email protected]
Applied to libata/for-3.11-fixes.
Thanks.
--
tejun