From: Stuart Hayes Date: Thu, 26 May 2005 13:38:45 +0000 (+0200) Subject: [PATCH] ide-scsi: kmap scatter/gather before doing PIO X-Git-Tag: firefly_0821_release~42717^2~292 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=41bb4c43b34bcde7eb62cf19acdcf9f2eb13801d;p=firefly-linux-kernel-4.4.55.git [PATCH] ide-scsi: kmap scatter/gather before doing PIO From: Stuart Hayes The system can panic with a null pointer dereference using ide-scsi if PIO is being done on scatter gather pages that are in high memory, because page_address() returns 0. We are actually seeing this using a tape drive. This patch will kmap_atomic() the pages before performing PIO. Signed-off-by: Bartlomiej Zolnierkiewicz --- diff --git a/drivers/scsi/ide-scsi.c b/drivers/scsi/ide-scsi.c index d80c4c9d5a63..83f062ed9082 100644 --- a/drivers/scsi/ide-scsi.c +++ b/drivers/scsi/ide-scsi.c @@ -179,8 +179,18 @@ static void idescsi_input_buffers (ide_drive_t *drive, idescsi_pc_t *pc, unsigne return; } count = min(pc->sg->length - pc->b_count, bcount); - buf = page_address(pc->sg->page) + pc->sg->offset; - drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count); + if (PageHighMem(pc->sg->page)) { + unsigned long flags; + + local_irq_save(flags); + buf = kmap_atomic(pc->sg->page, KM_IRQ0) + pc->sg->offset; + drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count); + kunmap_atomic(buf - pc->sg->offset, KM_IRQ0); + local_irq_restore(flags); + } else { + buf = page_address(pc->sg->page) + pc->sg->offset; + drive->hwif->atapi_input_bytes(drive, buf + pc->b_count, count); + } bcount -= count; pc->b_count += count; if (pc->b_count == pc->sg->length) { pc->sg++; @@ -201,8 +211,18 @@ static void idescsi_output_buffers (ide_drive_t *drive, idescsi_pc_t *pc, unsign return; } count = min(pc->sg->length - pc->b_count, bcount); - buf = page_address(pc->sg->page) + pc->sg->offset; - drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count); + if (PageHighMem(pc->sg->page)) { + unsigned long flags; + + local_irq_save(flags); + buf = kmap_atomic(pc->sg->page, KM_IRQ0) + pc->sg->offset; + drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count); + kunmap_atomic(buf - pc->sg->offset, KM_IRQ0); + local_irq_restore(flags); + } else { + buf = page_address(pc->sg->page) + pc->sg->offset; + drive->hwif->atapi_output_bytes(drive, buf + pc->b_count, count); + } bcount -= count; pc->b_count += count; if (pc->b_count == pc->sg->length) { pc->sg++;