aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStuart Hayes <Stuart_Hayes@dell.com>2005-05-26 09:38:45 -0400
committerBartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl>2005-05-26 09:38:45 -0400
commit41bb4c43b34bcde7eb62cf19acdcf9f2eb13801d (patch)
treecfaeeca6836443ee680e38273cb4f7ae94c023b2
parent8604affde9d4f52f04342d6a37c77d95fa167e7a (diff)
[PATCH] ide-scsi: kmap scatter/gather before doing PIO
From: Stuart Hayes <Stuart_Hayes@dell.com> The system can panic with a null pointer dereference using ide-scsi if PIO is being done on scatter gather pages that are in high memory, because page_address() returns 0. We are actually seeing this using a tape drive. This patch will kmap_atomic() the pages before performing PIO. Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl>
-rw-r--r--drivers/scsi/ide-scsi.c28
1 files changed, 24 insertions, 4 deletions
diff --git a/drivers/scsi/ide-scsi.c b/drivers/scsi/ide-scsi.c
index d80c4c9d5a63..83f062ed9082 100644
--- a/drivers/scsi/ide-scsi.c
+++ b/drivers/scsi/ide-scsi.c
@@ -179,8 +179,18 @@ static void idescsi_input_buffers (ide_drive_t *drive, idescsi_pc_t *pc, unsigne
179 return; 179 return;
180 } 180 }
181 count = min(pc->sg->length - pc->b_count, bcount); 181 count = min(pc->sg->length - pc->b_count, bcount);
182 buf = page_address(pc->sg->page) + pc->sg->offset; 182 if (PageHighMem(pc->sg->page)) {
183 drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count); 183 unsigned long flags;
184
185 local_irq_save(flags);
186 buf = kmap_atomic(pc->sg->page, KM_IRQ0) + pc->sg->offset;
187 drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count);
188 kunmap_atomic(buf - pc->sg->offset, KM_IRQ0);
189 local_irq_restore(flags);
190 } else {
191 buf = page_address(pc->sg->page) + pc->sg->offset;
192 drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count);
193 }
184 bcount -= count; pc->b_count += count; 194 bcount -= count; pc->b_count += count;
185 if (pc->b_count == pc->sg->length) { 195 if (pc->b_count == pc->sg->length) {
186 pc->sg++; 196 pc->sg++;
@@ -201,8 +211,18 @@ static void idescsi_output_buffers (ide_drive_t *drive, idescsi_pc_t *pc, unsign
201 return; 211 return;
202 } 212 }
203 count = min(pc->sg->length - pc->b_count, bcount); 213 count = min(pc->sg->length - pc->b_count, bcount);
204 buf = page_address(pc->sg->page) + pc->sg->offset; 214 if (PageHighMem(pc->sg->page)) {
205 drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count); 215 unsigned long flags;
216
217 local_irq_save(flags);
218 buf = kmap_atomic(pc->sg->page, KM_IRQ0) + pc->sg->offset;
219 drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count);
220 kunmap_atomic(buf - pc->sg->offset, KM_IRQ0);
221 local_irq_restore(flags);
222 } else {
223 buf = page_address(pc->sg->page) + pc->sg->offset;
224 drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count);
225 }
206 bcount -= count; pc->b_count += count; 226 bcount -= count; pc->b_count += count;
207 if (pc->b_count == pc->sg->length) { 227 if (pc->b_count == pc->sg->length) {
208 pc->sg++; 228 pc->sg++;