summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStuart Hayes <Stuart_Hayes@dell.com>2005-05-26 15:38:45 +0200
committerBartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl>2005-05-26 15:38:45 +0200
commit41bb4c43b34bcde7eb62cf19acdcf9f2eb13801d (patch)
treecfaeeca6836443ee680e38273cb4f7ae94c023b2
parent8604affde9d4f52f04342d6a37c77d95fa167e7a (diff)
downloadlwn-41bb4c43b34bcde7eb62cf19acdcf9f2eb13801d.tar.gz
lwn-41bb4c43b34bcde7eb62cf19acdcf9f2eb13801d.zip
[PATCH] ide-scsi: kmap scatter/gather before doing PIO
From: Stuart Hayes <Stuart_Hayes@dell.com> The system can panic with a null pointer dereference using ide-scsi if PIO is being done on scatter gather pages that are in high memory, because page_address() returns 0. We are actually seeing this using a tape drive. This patch will kmap_atomic() the pages before performing PIO. Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@elka.pw.edu.pl>
-rw-r--r--drivers/scsi/ide-scsi.c28
1 files changed, 24 insertions, 4 deletions
diff --git a/drivers/scsi/ide-scsi.c b/drivers/scsi/ide-scsi.c
index d80c4c9d5a63..83f062ed9082 100644
--- a/drivers/scsi/ide-scsi.c
+++ b/drivers/scsi/ide-scsi.c
@@ -179,8 +179,18 @@ static void idescsi_input_buffers (ide_drive_t *drive, idescsi_pc_t *pc, unsigne
return;
}
count = min(pc->sg->length - pc->b_count, bcount);
- buf = page_address(pc->sg->page) + pc->sg->offset;
- drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count);
+ if (PageHighMem(pc->sg->page)) {
+ unsigned long flags;
+
+ local_irq_save(flags);
+ buf = kmap_atomic(pc->sg->page, KM_IRQ0) + pc->sg->offset;
+ drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count);
+ kunmap_atomic(buf - pc->sg->offset, KM_IRQ0);
+ local_irq_restore(flags);
+ } else {
+ buf = page_address(pc->sg->page) + pc->sg->offset;
+ drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count);
+ }
bcount -= count; pc->b_count += count;
if (pc->b_count == pc->sg->length) {
pc->sg++;
@@ -201,8 +211,18 @@ static void idescsi_output_buffers (ide_drive_t *drive, idescsi_pc_t *pc, unsign
return;
}
count = min(pc->sg->length - pc->b_count, bcount);
- buf = page_address(pc->sg->page) + pc->sg->offset;
- drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count);
+ if (PageHighMem(pc->sg->page)) {
+ unsigned long flags;
+
+ local_irq_save(flags);
+ buf = kmap_atomic(pc->sg->page, KM_IRQ0) + pc->sg->offset;
+ drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count);
+ kunmap_atomic(buf - pc->sg->offset, KM_IRQ0);
+ local_irq_restore(flags);
+ } else {
+ buf = page_address(pc->sg->page) + pc->sg->offset;
+ drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count);
+ }
bcount -= count; pc->b_count += count;
if (pc->b_count == pc->sg->length) {
pc->sg++;