[PATCH] ide: Fix crash on repeated reset

Michal Miroslaw reported a problem (bugzilla #7023) where a user initiated reset while the IDE layer was already resetting the channel caused a crash, and provided a rough fix. This is a slightly cleaner version of the fix which tracks the reset state and blocks further reset requests while a reset is in progress. Note this is not a security issue - random end users can't access the ioctl in question anyway. Signed-off-by: Alan Cox <alan@redhat.com> Cc: Michal Miroslaw <mirq-linux@rere.qmqm.pl> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Alan Cox <alan@lxorguk.ukuu.org.uk> 2006-10-03 04:14:33 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-10-03 11:04:08 -0400
commit: 913759ac90a727b86da72efcfb70931f497d1cb7 (patch)
tree: f95e10f757e93eca8eacbf03985c09994ec4ef46
parent: b86cc29dc42203588264d917e88134bdd500b0d7 (diff)
3 files changed, 12 insertions, 0 deletions
diff --git a/drivers/ide/ide-iops.c b/drivers/ide/ide-iops.c
index 77703acaec17..badde6331775 100644
--- a/drivers/ide/ide-iops.c
+++ b/drivers/ide/ide-iops.c
@@ -998,6 +998,7 @@ static ide_startstop_t atapi_reset_pollfunc (ide_drive_t *drive)
        }
        /* done polling */
        hwgroup->polling = 0;
+        hwgroup->resetting = 0;
        return ide_stopped;
 }
@@ -1057,6 +1058,7 @@ static ide_startstop_t reset_pollfunc (ide_drive_t *drive)
                }
        }
        hwgroup->polling = 0;   /* done polling */
+        hwgroup->resetting = 0; /* done reset attempt */
        return ide_stopped;
 }
@@ -1143,6 +1145,7 @@ static ide_startstop_t do_reset1 (ide_drive_t *drive, int do_not_try_atapi)
        /* For an ATAPI device, first try an ATAPI SRST. */
        if (drive->media != ide_disk && !do_not_try_atapi) {
+                hwgroup->resetting = 1;
                pre_reset(drive);
                SELECT_DRIVE(drive);
                udelay (20);
@@ -1168,6 +1171,7 @@ static ide_startstop_t do_reset1 (ide_drive_t *drive, int do_not_try_atapi)
                return ide_stopped;
        }
+        hwgroup->resetting = 1;
        /*
         * Note that we also set nIEN while resetting the device,
         * to mask unwanted interrupts from the interface during the reset.
diff --git a/drivers/ide/ide.c b/drivers/ide/ide.c
index 97b162ca9885..287a66201150 100644
--- a/drivers/ide/ide.c
+++ b/drivers/ide/ide.c
@@ -1364,6 +1364,11 @@ int generic_ide_ioctl(ide_drive_t *drive, struct file *file, struct block_device
                        spin_lock_irqsave(&ide_lock, flags);
+                        if (HWGROUP(drive)->resetting) {
+                                spin_unlock_irqrestore(&ide_lock, flags);
+                                return -EBUSY;
+                        }
                        ide_abort(drive, "drive reset");
                        BUG_ON(HWGROUP(drive)->handler);
diff --git a/include/linux/ide.h b/include/linux/ide.h
index a9a9e33e448f..07d8d725541f 100644
--- a/include/linux/ide.h
+++ b/include/linux/ide.h
@@ -825,6 +825,9 @@ typedef struct hwgroup_s {
        unsigned int sleeping   : 1;
                /* BOOL: polling active & poll_timeout field valid */
        unsigned int polling    : 1;
+                /* BOOL: in a polling reset situation. Must not trigger another reset yet */
+        unsigned int resetting  : 1;
                /* current drive */
        ide_drive_t *drive;
                /* ptr to current hwif in linked-list */
author	Alan Cox <alan@lxorguk.ukuu.org.uk>	2006-10-03 04:14:33 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-10-03 11:04:08 -0400
commit	913759ac90a727b86da72efcfb70931f497d1cb7 (patch)
tree	f95e10f757e93eca8eacbf03985c09994ec4ef46
parent	b86cc29dc42203588264d917e88134bdd500b0d7 (diff)