Don't leak kernel stack information through uninitialized structure members.
Signed-off-by: Michael Buesch <mb@bu3sch.de>
Acked-by: Borislav Petkov <petkovbb@gmail.com>.
Signed-off-by: David S. Miller <davem@davemloft.net>
I'm using ide on 2.6.30.1 with xfs filesystem. I noticed a kernel memory
leak after writing lots of data, the kmalloc-96 slab cache keeps
growing. It seems the struct ide_cmd kmalloced by idedisk_prepare_flush
is never kfreed.
Commit a09485df9c ("ide: move request
type specific code from ide_end_drive_cmd() to callers (v3)") and
f505d49ffd ("ide: fix barriers support")
cause this regression, cmd->rq must now be set for ide_complete_cmd to
honor the IDE_TFLAG_DYN flag.
Signed-off-by: Maxime Bizon <mbizon@freebox.fr>
Acked-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch fixes a memory overrun in function ide_get_identity_ioctl() which
chooses the size of a memory buffer depending on the ioctl command that led
to the function call, however, passes that buffer to a function which needs the
buffer size to be always chosen unconditionally.
Due to conditional compilation the memory overrun can only happen on big endian
machines. The error can be triggered using ioctl HDIO_OBSOLETE_IDENTITY. Usage
of ioctl HDIO_GET_IDENTITY is safe.
Signed-off-by: Christian Engelmayer <christian.engelmayer@frequentis.com>
Acked-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
commit 2f0d0fd2a6 ("ide-acpi: cleanup
do_drive_get_GTF()") didn't account for the lack of hwif->acpidata
check in generic_ide_suspend() [ indirect user of do_drive_get_GTF()
through ide_acpi_exec_tfs() ] resulting in broken resume when ACPI
support is enabled but ACPI data is unavailable.
Fix it by adding ide_port_acpi() helper for checking if port needs
ACPI handling and cleaning generic_ide_{suspend,resume}() to use it
instead of hiding hwif->acpidata and ide_noacpi checks in IDE ACPI
helpers (this should help in preventing similar bugs in the future).
While at it:
- kill superfluous debugging printks in ide_acpi_{get,push}_timing()
Reported-and-tested-by: Etienne Basset <etienne.basset@numericable.fr>
Also-reported-and-tested-by: Jeff Chua <jeff.chua.linux@gmail.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
There are some devices in the wild that clear the DRQ bit during the
last word of a packet command and therefore could use a "second chance"
for that last word of data to be xferred instead of simply failing the
request. Do that by attempting to suck in those last bytes in PIO mode.
In addition, the ATA_ERR bit has to be cleared for we cannot be sure the
data is valid otherwise.
See http://bugzilla.kernel.org/show_bug.cgi?id=13399 for details.
Signed-off-by: Borislav Petkov <petkovbb@gmail.com>
Acked-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
* Use blk_rq_bytes() instead of obsolete ide_rq_bytes() in ide_kill_rq()
and ide_floppy_do_request() for failed requests.
[ bugfix part ]
* Use blk_rq_bytes() instead of obsolete ide_rq_bytes() in ide_do_devset()
and ide_complete_drive_reset(). Then remove ide_rq_bytes().
[ cleanup part ]
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Such requests should be failed with -EIO (like all other requests
in this function) instead of being completed successfully.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In 86ccf37c6a the driver was modified
to deal with the removal of the pciirq argument to ide_pci_setup_ports().
But in the conversion only the first port's IRQ gets setup.
Inspired by a patch by Bartlomiej Zolnierkiewicz., and with help from
Alan Cox.
Signed-off-by: David S. Miller <davem@davemloft.net>
Make hwif->rq point to PM request during PM sequence and do not allow
any other types of requests to slip in (the old comment was never correct
as there should be no such requests generated during PM sequence).
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
There are some broken devices that report multiple DMA xfer modes
enabled at once (ATA spec doesn't allow it) but otherwise work fine
with DMA so just delete ide_id_dma_bug().
[ As discovered by detective work by Frans and Bart, due to how
handling of the ID block was handled before commit c419993
("ide-iops: only clear DMA words on setting DMA mode") this
check was always seeing zeros in the fields or other similar
garbage. Therefore this check wasn't actually checking anything.
Now that the tests actually check the real bits, all we see are
devices that trigger the check yet work perfectly fine, therefore
killing this useless check is the best thing to do. -DaveM ]
Reported-by: Frans Pop <elendil@planet.nl>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently the error gets repeated too frequently, for example each
time HAL polls the device when a disc is present. Avoid that by using
printk_once instead of printk.
Also join the error and corrective action messages into a single line.
Signed-off-by: Frans Pop <elendil@planet.nl>
Acked-by: Borislav Petkov <petkovbb@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Frans Pop reported that his CDROM drive reports a blocksize of 2352,
and this causes new warnings due to commit
e8e7b9eb11 ("ide-cd: fix oops when using
growisofs").
What we're trying to do is make sure that "blocklen >> SECTOR_BITS"
is something the block layer won't choke on.
And for Frans' case "2352 >> SECTOR_BITS" is equal to
"2048 >> SECTOR_BITS", and thats "4".
So warning in this case gives no real benefit.
Reported-by: Frans Pop <elendil@planet.nl>
Tested-by: Frans Pop <elendil@planet.nl>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add ide_host_enable_irqs() helper and use it in ide_host_register()
before registering ports. Then remove no longer needed IRQ unmasking
from in init_irq().
This should fix the problem with "screaming" shared IRQ on the first
port (after request_irq() call while we have the unexpected IRQ pending
on the second port) which was uncovered by my rework of the serialized
interfaces support.
Reported-by: Frans Pop <elendil@planet.nl>
Tested-by: Frans Pop <elendil@planet.nl>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This begins to fix regressions reported by Frans Pop on his Ultra-10.
There are still some funnies left that we are investigating.
Signed-off-by: David S. Miller <davem@davemloft.net>
With 2.6.30, the error handling code in cdrom_newpc_intr was changed
to deal with partial request failures by normally completing the 'good'
parts of a request and only 'error' the last (and presumably,
incompletely transferred) bio associated with a particular
request. In order to do this, ide_complete_rq is called over
ide_cd_error_cmd() to partially complete the rq. The block layer
does partial completion only for requests with bio's and if the
rq doesn't have one (eg 'GPCMD_READ_DISC_INFO') the request is
completed as a whole and the drive->hwif->rq pointer set to NULL
afterwards. When calling ide_complete_rq again to report
the error, this null pointer is derefenced, resulting in a kernel
crash.
This fixes http://bugzilla.kernel.org/show_bug.cgi?id=13399.
Signed-off-by: Rainer Weikusat <rweikusat@mssgmbh.com>
Signed-off-by: Borislav Petkov <petkovbb@gmail.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
In the near future, the driver core is going to not allow direct access
to the driver_data pointer in struct device. Instead, the functions
dev_get_drvdata() and dev_set_drvdata() should be used. These functions
have been around since the beginning, so are backwards compatible with
all older kernel versions.
Cc: linux-ide@vger.kernel.org
Acked-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Unsupported requests should be never handed down to device drivers
and the best thing we can do upon discovering such request inside
driver's ->do_request method is to just BUG().
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Change ide_drive_t 'drive_data' field from 'unsigned int' type to 'void *'
type, allowing a wider range of values/types to be stored in this field.
Added 'ide_get_drivedata' and 'ide_set_drivedata' helpers to get and set
the 'drive_data' field.
Fixed all host drivers to maintain coherency with the change in the
'drive_data' field type.
Signed-off-by: Joao Ramos <joao.ramos@inov.pt>
[bart: fix qd65xx build, cast to 'unsigned long', minor Coding Style fixups]
Acked-by: Sergei Shtylyov <sshtylyov@ru.montavista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Implement test_irq() method based on the driver's former dma_test_irq() methods.
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Implement test_irq() method based on the driver's former dma_test_irq() method.
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
