2005-11-23 15:56:25

by Chris Ross

[permalink] [raw]
Subject: [PATCH] 2.4.32 Don't panic on IDE DMA errors

Kernel 2.4.32 and earlier can panic when trying to read a corrupted
sector from an IDE disk.

The function ide_dma_timeout_retry can end a request early by calling
idedisk_error, but then goes on to use the request anyway causing a
kernel panic due to a null pointer exception. This patch fixes that.

Regards,
Chris R.


diff -urN -X dontdiff linux-2.4.32/drivers/ide/ide-io.c
patched-linux-2.4.32/drivers/ide/ide-io.c
--- linux-2.4.32/drivers/ide/ide-io.c 2003-11-28 18:26:20.000000000 +0000
+++ patched-linux-2.4.32/drivers/ide/ide-io.c 2005-11-23
12:33:37.000000000 +0000
@@ -899,11 +899,13 @@
rq = HWGROUP(drive)->rq;
HWGROUP(drive)->rq = NULL;

- rq->errors = 0;
- rq->sector = rq->bh->b_rsector;
- rq->current_nr_sectors = rq->bh->b_size >> 9;
- rq->hard_cur_sectors = rq->current_nr_sectors;
- rq->buffer = rq->bh->b_data;
+ if (rq) {
+ rq->errors = 0;
+ rq->sector = rq->bh->b_rsector;
+ rq->current_nr_sectors = rq->bh->b_size >> 9;
+ rq->hard_cur_sectors = rq->current_nr_sectors;
+ rq->buffer = rq->bh->b_data;
+ }

return ret;
}


2005-11-28 17:51:04

by Marcelo Tosatti

[permalink] [raw]
Subject: Re: [PATCH] 2.4.32 Don't panic on IDE DMA errors


Applied, thanks Chris.

On Wed, Nov 23, 2005 at 03:56:00PM +0000, Chris Ross wrote:
> Kernel 2.4.32 and earlier can panic when trying to read a corrupted
> sector from an IDE disk.
>
> The function ide_dma_timeout_retry can end a request early by calling
> idedisk_error, but then goes on to use the request anyway causing a
> kernel panic due to a null pointer exception. This patch fixes that.
>
> Regards,
> Chris R.
>
>
> diff -urN -X dontdiff linux-2.4.32/drivers/ide/ide-io.c
> patched-linux-2.4.32/drivers/ide/ide-io.c
> --- linux-2.4.32/drivers/ide/ide-io.c 2003-11-28 18:26:20.000000000 +0000
> +++ patched-linux-2.4.32/drivers/ide/ide-io.c 2005-11-23
> 12:33:37.000000000 +0000
> @@ -899,11 +899,13 @@
> rq = HWGROUP(drive)->rq;
> HWGROUP(drive)->rq = NULL;
>
> - rq->errors = 0;
> - rq->sector = rq->bh->b_rsector;
> - rq->current_nr_sectors = rq->bh->b_size >> 9;
> - rq->hard_cur_sectors = rq->current_nr_sectors;
> - rq->buffer = rq->bh->b_data;
> + if (rq) {
> + rq->errors = 0;
> + rq->sector = rq->bh->b_rsector;
> + rq->current_nr_sectors = rq->bh->b_size >> 9;
> + rq->hard_cur_sectors = rq->current_nr_sectors;
> + rq->buffer = rq->bh->b_data;
> + }
>
> return ret;
> }