From 913759ac90a727b86da72efcfb70931f497d1cb7 Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Tue, 3 Oct 2006 01:14:33 -0700 Subject: [PATCH] ide: Fix crash on repeated reset Michal Miroslaw reported a problem (bugzilla #7023) where a user initiated reset while the IDE layer was already resetting the channel caused a crash, and provided a rough fix. This is a slightly cleaner version of the fix which tracks the reset state and blocks further reset requests while a reset is in progress. Note this is not a security issue - random end users can't access the ioctl in question anyway. Signed-off-by: Alan Cox Cc: Michal Miroslaw Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- drivers/ide/ide-iops.c | 4 ++++ drivers/ide/ide.c | 5 +++++ include/linux/ide.h | 3 +++ 3 files changed, 12 insertions(+) diff --git a/drivers/ide/ide-iops.c b/drivers/ide/ide-iops.c index 77703acaec1..badde633177 100644 --- a/drivers/ide/ide-iops.c +++ b/drivers/ide/ide-iops.c @@ -998,6 +998,7 @@ static ide_startstop_t atapi_reset_pollfunc (ide_drive_t *drive) } /* done polling */ hwgroup->polling = 0; + hwgroup->resetting = 0; return ide_stopped; } @@ -1057,6 +1058,7 @@ static ide_startstop_t reset_pollfunc (ide_drive_t *drive) } } hwgroup->polling = 0; /* done polling */ + hwgroup->resetting = 0; /* done reset attempt */ return ide_stopped; } @@ -1143,6 +1145,7 @@ static ide_startstop_t do_reset1 (ide_drive_t *drive, int do_not_try_atapi) /* For an ATAPI device, first try an ATAPI SRST. */ if (drive->media != ide_disk && !do_not_try_atapi) { + hwgroup->resetting = 1; pre_reset(drive); SELECT_DRIVE(drive); udelay (20); @@ -1168,6 +1171,7 @@ static ide_startstop_t do_reset1 (ide_drive_t *drive, int do_not_try_atapi) return ide_stopped; } + hwgroup->resetting = 1; /* * Note that we also set nIEN while resetting the device, * to mask unwanted interrupts from the interface during the reset. diff --git a/drivers/ide/ide.c b/drivers/ide/ide.c index 97b162ca988..287a6620115 100644 --- a/drivers/ide/ide.c +++ b/drivers/ide/ide.c @@ -1364,6 +1364,11 @@ int generic_ide_ioctl(ide_drive_t *drive, struct file *file, struct block_device spin_lock_irqsave(&ide_lock, flags); + if (HWGROUP(drive)->resetting) { + spin_unlock_irqrestore(&ide_lock, flags); + return -EBUSY; + } + ide_abort(drive, "drive reset"); BUG_ON(HWGROUP(drive)->handler); diff --git a/include/linux/ide.h b/include/linux/ide.h index a9a9e33e448..07d8d725541 100644 --- a/include/linux/ide.h +++ b/include/linux/ide.h @@ -825,6 +825,9 @@ typedef struct hwgroup_s { unsigned int sleeping : 1; /* BOOL: polling active & poll_timeout field valid */ unsigned int polling : 1; + /* BOOL: in a polling reset situation. Must not trigger another reset yet */ + unsigned int resetting : 1; + /* current drive */ ide_drive_t *drive; /* ptr to current hwif in linked-list */ -- cgit v1.2.3